client_static_keypair changed to client_static_keypair_pwd_enc

[lovethiscode]

in the latest WhatsApp version, Keystore.xml file has changed and "client_static_keypair" changed to "client_static_keypair_pwd_enc" , it's a encrypted value for the old "client_static_keypair" used in login.
the question is how to decrypt "client_static_keypair_pwd_enc" to get "client_static_keypair" so I can login with it ?

solution:
There is an Android program that can help you. It can parse the encrypted keypair and export WhatsApp's environment. It also provides a Java version of WhatsApp implementation, which is still being improved.

https://github.com/lovethiscode/Gorgeous-Whatsapp

[ben221199]

Or use this one: https://github.com/ben221199/WAPI/blob/java/src/main/java/nl/ben221199/wapi/tools/EncryptedClientStaticKeypair.java 😃

[ben221199]

If your question is answered, please mark it as solved.

[1ocalhost]

Or use this Python script instead, which was inspired by the java version by @ben221199: https://github.com/ben221199/WAPI/blob/b04c34727075e696c0a8b94283a6c0168dc73ab7/src/main/java/nl/ben221199/wapi/tools/EncryptedClientStaticKeypair.java

'''
requirements:
    pycryptodome
'''

import json
import base64
from hashlib import pbkdf2_hmac
from Crypto.Cipher import AES

TOKEN_RAW = [
    0x41, 0x04, 0x1d, 0x40, 0x11, 0x18, 0x56, 0x91, 0x02, 0x90,
    0x88, 0x9f, 0x9e, 0x54, 0x28, 0x33, 0x7b, 0x3b, 0x45, 0x53
]
TOKEN = bytes(map(lambda x: x ^ 0x12, TOKEN_RAW))


def base64_decode(text):
    return base64.b64decode(text + '==')


def decrypt(password, iv, salt, ciphertext):
    password_ = TOKEN + password
    password_ = ''.join(map(chr, password_)).encode()  # b'\x83' => b'\xc2\x83'
    key = pbkdf2_hmac('sha1', password_, salt, 16, 16)
    return AES.new(key, AES.MODE_OFB, iv).decrypt(ciphertext)


def decrypt_keypair(keypair_pwd_enc):
    json_text = keypair_pwd_enc.replace('"', '"').replace('\/', '/')
    json_data = json.loads(json_text)
    version, ciphertext, iv, salt, password = json_data

    assert version == 2
    ciphertext = base64_decode(ciphertext)
    iv = base64_decode(iv)
    salt = base64_decode(salt)
    password = password.encode()

    result = decrypt(password, iv, salt, ciphertext)
    return base64.b64encode(result).decode()


def test():
    client_static_keypair_pwd_enc = '[2,"Leol3AoKXTUQxihhB0hUNgWueQo0E59PuYTxs9WJPktis56ZcRb2ZPXI9rOzKmXCaNO+wNIcGWsitAo\/Ijum0w","2P2WJHXo7uFHGh3k7uUaDQ","HFYgAg","m3Uq1DOgWw6FhKSMgUgJnQ"]'
    result = decrypt_keypair(client_static_keypair_pwd_enc)
    print('client_static_keypair:\n' + result)


if __name__ == '__main__':
    test()

[m4stersh4d0w]

@1ocalhost where do you get "TOKEN_RAW" from?