Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I'm not sure about your phone, check binaries or route through a PC.
Some parts are encrypted with SSL, for that you need to use a MitM attack (proxy that generates certificates)

Probably. Funnily enough I only have an Android phone.
The easiest way (works from any GSM phone) is to dial *#06#

Generally speaking - yes. There may be exceptions though.

P.S. I get the same code via Voice/SMS etc. It never seems to change.
Perhaps that user had two different SIMs that both used the phone as storage, or WhatsApp changed the algorithm.
I'm pretty sure it's just some sort of checksum. They're probably doing something really simple.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Originally Posted by HSwaidan
what is imei for iphone?
is it the same in settings-->general-->about-->IMEI?
Probably. Funnily enough I only have an Android phone.
The easiest way (works from any GSM phone) is to dial *#06#


they r the same ,but the linked provided to find whatsapp account password is not working ,keeps return ERROR: Invalid Service Number / IMEI combination.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

For iphone devices, IMEI is NOT used.

Instead, they take the Unique Identifier value.

You can get this value from iTunes, plug in your device, open itunes, click on the name of your device.
You should see Serial Number, click on it and it will swap to UDID which is the required value.

Your UDID on WhatsApp servers will be md5( reverseOf(UDID) )

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I confirm it's for some reason not being found by the official client. Also weirdly after I send the initial presence, the response presence comes with an attribute status="dirty" , not sure what this means.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Just wanted to drop in and say I'm observing this port very closely.
Unfortunately, it is beyond my knowledge to help you at this phase.

I can only offer my time and code skill once you have every http request sorted out.
I can make clients for any wanted Nokia platform and phone. :cool:

Good luck guys! :)

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Can I guys work with you, Ive been doing the same thing, although the Ive implemented the man in the middle attack through an actual computer in the middle with a sniffer/forwarder after playing with the DNS records.

Anyways, tgalal, how I can get ur working version so far of the decompiled FunXMPP.java or the python version? Can I talk to you privately?

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Attached is a modified WhatsApp 2.0.7 source for S40. I modified it so that I could directly compile FunXMPP (com/whatsapp/client/FunXMPP.java) without problems. I've added a main method to it too that setups a connection and invokes login.(taken from FunXMPPRunner.java). Make sure to change chatUserID in the main method to your phone number.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

attached is a nice pdf of the changes tgalal made:

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Thanks for this. Also I wanted to point out that you should use this modified version only to see how login works. Because to make it work I removed some chunks of code that were causing compilation errors and I chose to completely remove them instead of fixing since they weren't used at login (mainly parts related to Iq reqeuests).

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I'm guessing you didn't do registration properly, but I'm not really sure.

Also, could it be that the number has been re-used?
Can you check a different number and see the status of that also?

I should have a public registration done within the next few days and if mine doesn't work, I'll have NFI why (I'm emulating the full process)

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

actually the password could be any md5 hash then :
each char of the hash returned to ascii + 126 (or 128)
in the java version , the password is generated by inverse the imie number , then md5 or that inverse , then the function above .
any other question ?

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I found that I receive that same presence status when I login using the original whatsapp client on my Nokia C7 (using another phone number registered with original whatsapp as well). So it turned out not referring to anything bad I guess.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Yes, thats how the password is generated. (or it should be, I didn't look at it that close)

The question at the moment is, if there is also an way to calculate the registration-code you get via the API-Call/SMS and you need to register an account.
I personally don't think we would need to know the algorithm (if there is one) because the official clients also seem to ask the code via the API and we would just stand out when we don't do (and it would be easy to prevent registration from our client when they just save which number asked for the code and just letting this numbers register...)

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

+1 on that. It's also possible to read the SMS sent by whatsapp from the application and autoactivate it, the way the official client does. I would like to add, instead of starting to develop a pidgin/telepathy plugin, maybe they could focus developing a simple client un python with just register, login, and send / receive message functionality after that it would be just about putting it a nice gui on top of that.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

my pms arent working or I would pm
but I want to spoof a whatsapp number and install it on my phone

can anyone help me with it? I have seen colas posts, but am having trouble, how do you intercept the connections to do it?
my email is mlizrulez@yahoo.com if anyone can help

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

That's exactly what we are doing (except for teamer, as his biggest problem is how to write a purple plugin)

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

A quick status update, I'm now able to send messages successfully ;)

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

The underlying protocol used by Whatsapp is XMPP. Therefore it does not make sense to create a simple UI (nothing is ever simple!).

Personally I think a telepathy plugin would provide a better user experience as it will be more integrated.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

actually the password could be anything (as long as your number is not yet registered with whatsapp) . but the verification code that is sent via SMS is generated on the server and theres a 'small' probability (small as 99.99999%) that it is built on some random seed which will be almost impossible to figure out . so you need to stick to the code sent by the sms verification . OR , skip all the register/validation process and just login with your username/password created by the official whatsapp (phone as username , the md5 thing as password) , simply ask the user for their phone # and imie of the phone they used to register :)

the verification code sent via sms is only 3 digits as i remember , so its impossible that there are some algorithm that generates it , its randomly generated and linked to your phone number (probably)

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

yup , this is the cool thing in N900 , otherwise i could have bough some cheap android and installed the app to it !

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

yes taglal , otherwise i wouldn't have bothered my self reverse-engineering whatsapp and bought a cheap andro' to use whatsapp . i find it no use to have whatsapp as an APP on N900 , when we have something like telepathy which is easy to access and manage via a click and it's always running and wouldn't need much ram/cpu as a stand alone APP would .
your app might be closed by mistake , forget about you have to find your contacts from within the app instead of having them laying around on the desktop or the contacts list .
running a stand alone whatsapp app will require more used ram and cpu(means less battery time) and app that might malfunction on connection change 3g disconnects while travelling , non default IM tones/notfications/options ...
oops you restared and forgot to start the app , you want to go offline form all acounts ... wheres that app ...
dude i prefer purple plugin or telepathy or whatever it is ! at least you don't have to write that much code for a stand alone app (unless if you're aim is to collect donations or sell it ?) . at least telepathy already has xmpp protocol , so you just have to write the login/verification/registration part in a plugin for the N900 communication center -nice name haha-

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

dude, you are totally missing the point.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

oh, i think teamer's point of view and attitude is perfectly correct. There's a "doing it the right way" and a "let's put in only the effort needed for it to just work". That's one of the major issues of webOS, Android, and iOS: most of the stuff is a self-contained "app", almost nothing's integrated.

EDIT: look at all the crap standalone messengers on Android, and the story behind the (still!) missing ICQ/MSN/XMPP plugins for Synergy Messaging on webOS - nobody took the effort to write a proper plugin for now (webOS 3.x), but some people just want to sell their crappy standalone stuff instead. Same with GStreamer vs. standalone mediaplayers w/ built-in codecs or proprietary streaming solutions there.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

You too are missing my point. I'm not opposing his opinion of having the thing integrated into maemo. I have a N900 and one of the top features I love about it is the way its messaging work. What I'm saying here is that reverse engineering a protocol is not a simple task. You should focus at least on writing a code that actually works first (at least logs in, and sends and receives messages correctly), which wouldn't necessarily have a GUI, and then worry about how the user frontend would look like (whether it's gonna be a standalone app or integrated into maemo's messaging system). You can't just focus on the user-end when the underlying engine itself does not exist! First things first guys, this shouldn't be hard to understand if you're a developer.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

My message was more aimed at the people that are still trying to figure the protocol, like a proof of concept client. Seems like teamer figured out everything, so that's great having to depend just on him :) For the people working on the protocol I have got a Nokia C3, I've just installed the latest S40 whatsapp client and will try to capture something.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I personally believe teamer hasn't made any progress further than registration (which was actually posted by colacheater in first place). And I think many devs here would agree.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

The protocol appears to be just bog standard XMPP (I'm currently reading the XMPP Definitive Guide book and the RFC's).

Registration and sign-in is of course specific to whatsapp, as can be expected.

Anyway for those that don't know what the XMPP protocol is, here is a 5min intro to it and assumes you have some dev knowledge:

An XMPP is just a long lived TCP session (a long TCP session).
XMPP is a profile of the XML standard.

When you start an XMPP session or chat you send a single open session tag. This means the session is open and you can communicate.

Each time you send a message you send a STANZA - this is basically just a block of XML. Thus your session will never be well formed XML until you send the closing session tag.

This is the basic core of XMPP. Additional stuff like multi user chat, sending files and realtime video/voice or streaming etc. are enabled by extensions - which you can query the server to check what it supports.

Check the different RFC's for more detailed info - perhaps it will help some of the guys working on it here.

Post any Q's you have here - I'm not an expert on XMPP but I am reading the book, so will try to answer. Feel free to add anything you think adds value to my post or anything you think is not quite right.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

the question is: since whatsapp port might be developed as a telepathy plugin does this mean that it can be used on the N9 MeeGo-Harmattan OS?

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I certainly hope so as I'm using a n9 now!

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Just because of an PN I got I want to give, independent from the rest of the dev-talk here, some thoughts on security with the to-develop WhatsApp client.

Everyone of us who had a little bit intenser look at WhatsApp should have noticed some security leaks I think. Maybe even more than the one you find scattered on the web.
We may should spend some thoughts about how we could try to prevent everybody using these security issues to fake others accounts, log into existing accounts and so on.
We shouldn't be that naiv to think that WhatsApp would be more secure when we don't make these public but what I mean is just preventing that tons of script-kiddies are playing around feeling cool that they can hack WhatsApp. As said: everybody really willing to find the security isses will find them. I also think that if we wouldn't totaly crash the "security" system WhatsApp has we may be more toleranted by WhatsApp regarding the inofficial client.

Security always is a very difficult theme to talk about, especally how to proceed with found issues.
For my part there are two main reasons why I would try to kepp them "secret" in our case: We actually are using some of them to make the inofficial client work and the said prevention of script kiddies and with that maybe the friendliness of WhatsApp.
Issues we don't need to make the client work and also are minor issues we may can report to WhatsApp independent from our client-work without link to the threads here etc. :rolleyes: (but as the history of found issues shows they seem to don't really care about them)

The difficulty I now see is that if we would write in public what these issues exactly are so that the one working on the client(s) can consider them in their clients we would make it in ways needless. But writing them just a few persons always excludes the other developers.
How the single finder of the security issues is handling it is his decision I would say but at least I woudn't write an "How-To hack WhatsApp" :rolleyes:

For my part the issue I think everybody is aware of and is a minor one we should consider is the registration of new accounts.
With the known way we can fake accounts with numbers we don't own.
The idea of letting the user choose if an automaticly generated password should be used during the registration or if an own password should be used (make an md5 of the password and it shouldn't stand out during registration) is an option I would support.
But everything else that connects the account to an specific phone should be left by the default as the WhatsApp client is also doing it.
This way should be okay for everybody wanting an WhatsApp client for the N900/N9 I think (and it would be the easiest to use for an non-developer). There aren't more options you have to change. Maybe an option of hiding or sending the MCC/MNC would be discussible but I would just use 0's as default.


I hope that every developer currently working on WhatsApp agrees with my position, at least the main ideas.
If not it would be nice to have a small discussion about security here regarding how far we can offer options to the client without threatening the abuse by some people feeling cool because they can do things they shouldn't do...

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Yep totally agree - if everything in Whatsapp was secure it would be alot harder to create a port.

Abusing whatsapp is something we should not do.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Well said!

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

DEVS: Password can be anything, still reverse and MD5 the password, so you don't need to check if it's an IMEI etc. (MAKE SURE YOU REVERSE THE PASSWORD SO ALL CLIENTS ARE COMPATIBLE)
With PHP, I'm doing this: md5(strrev($Password));

Also, you need to send the correct MCC/MNC for registration to work properly, or else you won't receive the code via SMS. (voice will still work though)

Regarding devs discussion, this is why I suggested Google+.
I've already discussed a few security issues with tgalal on there.

Again: My Google+ Profile, I'll create an open discussion with Developers ONLY.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

just a quick question here if I give someone my number and imei if they bypass whatsapp and get the application installed that way would both of us be able to login at the same time? and does whatsapp save chat history would the other person gain acess to all my chat history?

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Guys, this is an exact example of how our work could be misused. Please ignore all requests from lmfao0 because he/she is not going to provide you with his/her own data.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Not trying to misuse anything I am just curious if it is just that easy for anyone to steal anyones information. I am respoding to what was was readily posted on this website. Maybe I am making sure my own account isn't hacked or my own gf can not get into my conversations.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

and one more thing just because you refuse to comment to certain security flaws does not mean that that they arent visible on the internet. I don't see the point of not informing the population and making them aware of what security risks their are as opposed to keeping it amongst yourselves when you yourself admit whatsapp isn't fixing it.

I had a bet with my buddy about apps like whatsapp and tried to prove a point. Take care.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

I guess the PM you've sent me earlier doesn't agree with those words. Does it?

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

Asking about account spoofing and help?

I believe my words were I need help with spoofing an account and registeration on whatsapp and how it works.. or somewhere along the lines. Yes?

Without knowing for what use or for whom it is for don't jump to conclusions. kthnxbye

edit one more thing, its common knowledge when you dont want a hack to be fixed you dont leak it. The best way to ask for a security fix is by leaking it. For example, remember the status update? it was only fixed after it was leaked and spread. Was fixed up within a month. By keeping the flaws a secret you arent protecting anyone just prolonging the the use because whatsapp is thinking that not that many people know about it.

Re: [WIP] Porting Whatsapp to Meego/Maemo (N9, N900)
 

You are right. But is that what you really want?

lol