actually the password could be anything (as long as your number is not yet registered with whatsapp) . but the verification code that is sent via SMS is generated on the server and theres a 'small' probability (small as 99.99999%) that it is built on some random seed which will be almost impossible to figure out . so you need to stick to the code sent by the sms verification . OR , skip all the register/validation process and just login with your username/password created by the official whatsapp (phone as username , the md5 thing as password) , simply ask the user for their phone # and imie of the phone they used to register the verification code sent via sms is only 3 digits as i remember , so its impossible that there are some algorithm that generates it , its randomly generated and linked to your phone number (probably)