Well, if we have the source, it's trivial to create a client which replicates the exact behaviour of a legitimate client. That way, they can't see the difference and can't block them. However, I believe that when new clients are released, older versions are blocked from connecting, so that is a problem. Since the client identification is, I believe, largely based on the version string the client sends, this should be easily avoidable but it will cause some downtime for all Maemo users until a new version is released.

It is possible, but reading the source code is easier, I think. Whatsapp uses XMPP as the underlying protocol, yes, but it uses some form of binary XML, the mapping from XML to binary should be in the source somewhere. Maybe a combination of both will yield some good results but I'd still go with the source code.

Are you sure? I sniffed WA traffic from Symbian, Android and Apple devices, all the messages are in the capture in plain text. Maybe you mean that the messages are signed? That could be possible, but encrypted... no. At least not when I checked, which was about two months ago.

Why wouldn't they work? Granted, it'll be a lot of work to RE the protocol from there but it's doable.


Anyway, I've been at this for a short while and stopped because I did not have more time to work on it. First off, I sniffed some traffic from a Symbian phone (not mine and with permission), I quickly found out that the traffic was not encrypted despite being sent over port 443. I also noticed the authentication procedure was the same as described in the XMPP RFC, so I started there. The only thing I really still required was the authentication password.

I then started out with the Android client, because that's the only thing I can run on my N900. My first efforts were at doing MITM, because it's usually not possible to just decompile code. I sniffed the entire registration procedure (which does happen over HTTPS, I set up a MITM with custom certificates and got the entire thing) in an attempt at figuring out the authentication credentials required to log in. I could not really find them in there and tried everything I could find in the configuration files. Still nothing

Then, I decided to try and disassemble the code. I managed to get the bytecode in a human-'readable' format and used JD-gui to make some sense of it. I quickly found out that JD-gui is far from accurate at decompiling code, which was to be expected. Also, I found out that WhatsApp was obfuscated, almost all important classes had their strings encrypted and variable/debug information stripped. With some help of the byte code I managed to decrypt all the strings and after some tedious work I found out where the password came from. (edit: looking at my logs again, it turns out that the 'password' is actually sent to whatsapp but I did not recognize it as such, also due to an error in my version of the authentication algorithm)

Given the amount of work I had to put into this and the fact that I did not have enough time to put into this, I decided to abandon this project, at least for now (then).

Needless to say, I was surprised to find out that the Symbian version is apparently not obfuscated. This will greatly simplify things In a few weeks, I will have more time to put into this so I guess I could lend a hand here and there.