WhatsApp Media Decrypt: Decrypt WhatsApp encrypted media files
WhatsApp Media Decrypt
A recent high-profile forensic investigation reported that “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file] to determine if it contained any malicious code in addition to the delivered video.”
This project demonstrates how to decrypt encrypted media files downloaded from WhatsApp.
Does this break WhatsApp encryption?
No. WhatsApp’s encryption is end-to-end, which ensures that only the sender and recipient can read the message and especially not any servers (or attackers!) in-between them. This uses a cryptographic key stored on one of the endpoints to decrypt a media attachment in the same way that the WhatsApp app does to display it on the screen.
Does this mean my WhatsApp media files are not encrypted at rest?
No. WhatsApp uses iOS Data Protection to encrypt user data files (including ChatStorage.sqlite) using the device-specific and unrecoverable hardware UID key as well as a key derived from the user’s passcode. It may not be decrypted without physical access to the specific iOS device that created the file as well as knowledge of the user’s passcode.
Installation
go get github.com/ddz/whatsapp-media-decrypt
Use
