Twitter | Pretraživanje | |
Dino A. Dai Zovi
The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:
Decrypt WhatsApp encrypted media files. Contribute to ddz/whatsapp-media-decrypt development by creating an account on GitHub.
GitHub GitHub @github
Reply Retweet Označi sa "sviđa mi se" More
Dino A. Dai Zovi 29. sij
Odgovor korisniku/ci @dinodaizovi
Updated the README for my WhatsApp media decryption tool with a FAQ:
Reply Retweet Označi sa "sviđa mi se"
J 26. sij
Odgovor korisniku/ci @dinodaizovi @isithran
Now that's doing a service - exposing nonsense from seemingly competent sources.
Reply Retweet Označi sa "sviđa mi se"
Dino A. Dai Zovi 26. sij
Odgovor korisniku/ci @justinrwlynn @isithran
Thanks! I just think that it’s important for important public debates that information is factually accurate.
Reply Retweet Označi sa "sviđa mi se"
avuko 26. sij
Odgovor korisniku/ci @dinodaizovi
To quote a colleague: Don’t say “It can’t be done” if you really mean “I don’t know how to do it”. Excellent work.
Reply Retweet Označi sa "sviđa mi se"
Dino A. Dai Zovi 26. sij
Odgovor korisniku/ci @avuko
Thanks! As you can see from the repo, my code is all just “glue”, all of the hard work reverse engineering and re-implementation work had already been done in other open source repos.
Reply Retweet Označi sa "sviđa mi se"
Nicole Perlroth 26. sij
Odgovor korisniku/ci @dinodaizovi
Can you send this to FTI instead?
Reply Retweet Označi sa "sviđa mi se"
Ruud Schramp 26. sij
Odgovor korisniku/ci @dinodaizovi
Nice work, compliments! Haven't read the report itself, so hard to draw conclusions for me... was the key still recoverable from the database in the Bezos case? Because it may have been the first thing to remove.
Reply Retweet Označi sa "sviđa mi se"
Dino A. Dai Zovi 26. sij
Odgovor korisniku/ci @idafanatic
Thanks! Unclear from the report, there was no indication whether or not they knew that the key was in the ZMEDIAKEY column. Agree that removing that would be sneaky for malware to do.
Reply Retweet Označi sa "sviđa mi se"
Solar Designer 27. sij
Odgovor korisniku/ci @dinodaizovi @singe
Do I get it right that the encryption key is encoded in the filename (not surprised), and that filename is stored on WhatsApp servers (am surprised)? So there's effectively no E2E encryption for media, right? Is this consistent with what (lack of) security WhatsApp claims it has?
Reply Retweet Označi sa "sviđa mi se"
Dino A. Dai Zovi 27. sij
Odgovor korisniku/ci @solardiz @singe
What I found corresponds to the excerpt in the security design whitepaper Ivan screenshotted and posted below. The SHA256 of the .enc file as well as the key are stored in the sqlite file after being received from an encrypted message. My tool retrieves them and decrypts file.
Reply Retweet Označi sa "sviđa mi se"