Notifications
Clear all

WhatsApp Theory

19 Posts
11 Users
0 Likes
2,393 Views
(@the_grinch)
Posts: 136
Estimable Member
Topic starter
 

As most of you probably know, it's getting harder and harder to get WhatsApps messages off of phones. While photographing or screenshotting messages is an option, if there are a lot it tends to be a huge pain. I've come up with a theory and I wondered if it would work.

Create backup of messages on the phone to an SD Card
Place SIM card from device into another device (that has service with provider) and can be rooted
Place backup onto device
Open WhatsApp and enter code that we would receive on the rooted device due to matching number
Perform physical extraction on rooted device

Would that work? Obviously, gotta have a phone for each provider, but ultimately there are only three or four that I get in my area.

 
Posted : 02/06/2018 12:11 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

Good theory, but in practice mostly all the devices with Android 7.x or newer can't be easily rooted, so the fastest way to save the WhatsApp (or other similar) content is creating a video while scrolling, then hash it for authenticity and document it as well, so it would be accepted as a forensic analysis result )

Taking screenshots would do it as well, just it takes more time and it is harder to work with them later on.

 
Posted : 02/06/2018 6:23 am
(@edigama25)
Posts: 15
Active Member
 

what you said is doable i do it all the time. copy encrypted database to a pre rooted phone.
then reactivate whatsapp on said phone. and then extract with whatever tool you like.

 
Posted : 15/07/2018 11:18 am
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

How do you save the encrypted database from a non-rooted device ?! How do you save already deleted data from a non-rooted device ?!

When creating a WhatsApp backup and restoring to another device to do what you say, you will be missing a lot of timing and logs related data, which are stored on the original device only. This means data integrity issue, forensically your way is void.

 
Posted : 15/07/2018 12:51 pm
(@droopy)
Posts: 136
Estimable Member
 

All phones could be rooted. If you need help advice me.

For whatsapp, just use the Google Drive backup from inside the whatsapp application itself and you could retrieve it from other phone easy.

Also i could do this REMOTE without user intervention using an exploit i have. Even i dont need the original phone )

You even DO NOT need to root device, extract the whatsapp datababeses and key from USB Debugging. So why here people ask this….

 
Posted : 15/07/2018 1:42 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

How do you save the encrypted database from a non-rooted device ?! How do you save already deleted data from a non-rooted device ?!

When creating a WhatsApp backup and restoring to another device to do what you say, you will be missing a lot of timing and logs related data, which are stored on the original device only. This means data integrity issue, forensically your way is void.

Isn't anyway that the same "missing" data if you adopt the screenshooting or scrolling video recording approach? ?

For whatsapp, just use the Google Drive backup from inside the whatsapp application itself and you could retrieve it from other phone easy.

Also i could do this REMOTE without user intervention using an exploit i have. Even i dont need the original phone )

It seems to me a lot more like "intelligence" than "forensics".

You even DO NOT need to root device, extract the whatsapp datababeses and key from USB Debugging. So why here people ask this….

Maybe previous posters (and surely myself) don't know how to do that, and it would be nice if you would point to some resources/howto/articles, besides telling us what you can do.

jaclaz

 
Posted : 15/07/2018 1:43 pm
(@edigama25)
Posts: 15
Active Member
 

if the device is locked with a passcode/encrypted boot and you do not have the password? you can do nothing.
but if you have mtp acces to the device you can copy all the whatsapp folder to a PC then from a PC to a rooted device. install whatsapp on that device and activate it as you would do a normal whatsapp(you will need the sim card or access to a phone with that specific phone number for this ). and after activation extract as you normally would.

 
Posted : 15/07/2018 2:22 pm
(@armresl)
Posts: 1011
Noble Member
 

Sounds like heartache 101

if the device is locked with a passcode/encrypted boot and you do not have the password? you can do nothing.
but if you have mtp acces to the device you can copy all the whatsapp folder to a PC then from a PC to a rooted device. install whatsapp on that device and activate it as you would do a normal whatsapp(you will need the sim card or access to a phone with that specific phone number for this ). and after activation extract as you normally would.

 
Posted : 16/07/2018 4:50 am
(@edigama25)
Posts: 15
Active Member
 

maybe but that is the only option i can think of that will give me at the end a whatsaap messages. any other ideas besides taking ton of screenshots?

 
Posted : 16/07/2018 7:08 am
(@droopy)
Posts: 136
Estimable Member
 

Please , describe EXACT status of the phone.
According to POST1, if you could take screenshots, seems you have access to device.

In order to give you best option, we need to know exactly how the device is.

 
Posted : 16/07/2018 2:01 pm
Page 1 / 2
Share: