View Whatsapp .db File

Windows Whatsapp backup file messages.db. Microsoft makes Windows 11 official, and it's coming this fall - Learn more here! Microsoft has released the first Windows 11 preview build to Insiders in the Dev Channel! We are delighted to announce that our forums are now an ad-free experience for all registered and logged-in users - Sign up here today! The.crypt12 extension is appended to a.DB file to create a.DB.CRYPT12 file, which is an encrypted database that WhatsApp uses to back up a user's messages. Throughout WhatsApp's existence, the app has used different algorithms to encrypt users' messages.

This tutorial shows you how to read WhatsApp messages on PC without the Crypt Key. You can read WhatsApp messages on PC for WhatsApp Database from Crypt6 to Crypt 12.

STEP 1
Put your WhatsApp Database file you want to read right on your default SD Card; that is, where WhatsApp stores your Database file primarily.
STEP 2

CLICK HERE to download WhatsApp Tri-Crypt . It’s free of charge. When you are done installing the app, run it and you should find an interface similar to the one below.

Touch/Click on the ‘Decrypt WhatsApp Database’. The app will automatically detect your database file on your SD Card and then decrypt it. The .crypt6 , .crypt7 or .crypt12 files will be decrypted to the form .db
NOTE: If you are using Android versions 4.4 and above, you don’t need to root your device, if not, then your device needs to be rooted.

Read also: Read Android WhatsApp Database File On PC Without Root Crypt6-Crypt12

Copy the msgstore.db to your computer.

Now to read the decrypted file, we will use the application called WhatsApp Viewer.
CLICK HERE to download it. Extract WhatsApp Viewer, and run it.

View Whatsapp .db File

Go to file and click on “Open” and browse for the decrypted file with the name msgstore.db , load it , and click on “Ok”
Now you should find all your contacts and the messages including images.

CLICK HERE to download WhatsApp Viewer

Related posts:

WhatsApp backup conversation files are now saved with the .crypt12 extension. From crypt9, they seem to be using a modified version of Spongy Castle – a cryptography API library for Android.

All the findings below are based on reverse engineering work done on WhatCrypt and Omni-Crypt. I would like to highlight that IGLogger proved to be a very useful tool when it came to smali code debugging.

Extract Key File

To decrypt the crypt12 files, you will first need the key file. The key file stores the encryption key, K. WhatsApp stores the key file in a secure location: /data/data/com.whatsapp/files/key.

If your phone is rooted, extracting this file is easy. I will not go through the steps again, as it’s already mentioned in the crypt8 decryption article. If your phone is not rooted, refer to instructions from WhatCrypt and Omni-Crypt for details on extracting the key file. The idea is to install an older version of WhatsApp, where Android ADB backup was still working and extract the key file from the backup.

Extract crypt12 Backup File

Pull the encrypted WhatsApp messages file from your phone using ADB.

Decryption Keys

This section is just for your information and you can skip this section.

The encryption method being used is AES with a key (K) length of 256 bits and an initialisation vector (IV) size of 128 bits. The 256-bit AES key is saved from offset 0x7E till 0x9D in the file. Offsets start from 0x00. You can extract the AES key with hexdump and assign the value to variable $k.

The $k variable will hold a 64-digit hexadecimal value in ASCII that is actually 256 bits in length.

The IV or the initialisation vector is saved from offset 0x33 till 0x42 in the crypt12 file. The IV value will be different for every crypt12 file.

The K and IV extraction method is similar to what we have done for crypt8 files before.

Read Whatsapp Db File Online

Strip Header / Footer in crypt12 File

Again, this section is just for your information and you can skip this section.

Before we start the decryption process, we will need to strip the 67 byte header and 20 byte footer from the crypt12 file.

View

The above dd command will strip the the first 67 bytes from the crypt12 file and save it to a file with extension crypt12.enc. The truncate command will strip the last 20 bytes from the crypt12 file.

Decrypt crypt12 File

As the WhatsApp AES cryptography API library seems to be a modified version, we will no longer be able to use openssl to decrypt the crypt12 file. I have yet to determine what has been modified.

To decrypt crypt12 files, I have written a simple Java program that will use the modified cryptography API library instead. For the cryptography API library, I have extracted the modified Spongy Castle cryptography class files from the Omni-Crypt APK file using dex2jar. You can find the Java program and crypto library over here at GitLab.

The Java program will create 3 output files:

  • msgstore.db.crypt12.enc – encrypted file with header and footer stripped.
  • msgstore.db.zlib – decrypted file in zlib format.
  • msgstore.db – decrypted sqlite3 database file.

Below is how you can compile and run the Java program.

Final Words

To use the Java decryption tool, you will need to use OpenJDK. Oracle require JCE Provider libraries to be signed. OpenJDK does not have this requirement. If you try running the Java program on Oracle JDK, you will most likely get the following exception.

There are some workarounds to bypass the error, but it has not worked for me so far.

View Whatsapp .db Files

Decryption failed when using the modified cryptography API library from WhatsApp and WhatCrypt. Only Omni-Crypt library is working. I have yet to determine the reason for this. If you have any further information on this, leave a comment.

Mohamed Ibrahim

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }