Active Topics

 


Closed Thread
Thread Tools
Posts: 12 | Thanked: 25 times | Joined on Feb 2012
#41
Originally Posted by rash.m2k View Post
Didn't pick up any traffic though for some reason - didn't spend much time on it though.
I'm not sure about your phone, check binaries or route through a PC.
Some parts are encrypted with SSL, for that you need to use a MitM attack (proxy that generates certificates)

Originally Posted by HSwaidan View Post
what is imei for iphone?
is it the same in settings-->general-->about-->IMEI?
Probably. Funnily enough I only have an Android phone.
The easiest way (works from any GSM phone) is to dial *#06#

Originally Posted by ColaCheater View Post
But even when the code is calculated, wouldn't it may be better to request it from the server? Because the original client seems to do it also...
Generally speaking - yes. There may be exceptions though.

P.S. I get the same code via Voice/SMS etc. It never seems to change.
Perhaps that user had two different SIMs that both used the phone as storage, or WhatsApp changed the algorithm.
I'm pretty sure it's just some sort of checksum. They're probably doing something really simple.
 
Posts: 4 | Thanked: 0 times | Joined on Feb 2012
#42
Originally Posted by HSwaidan
what is imei for iphone?
is it the same in settings-->general-->about-->IMEI?
Probably. Funnily enough I only have an Android phone.
The easiest way (works from any GSM phone) is to dial *#06#


they r the same ,but the linked provided to find whatsapp account password is not working ,keeps return ERROR: Invalid Service Number / IMEI combination.
 
Posts: 8 | Thanked: 3 times | Joined on Feb 2012
#43
For iphone devices, IMEI is NOT used.

Instead, they take the Unique Identifier value.

You can get this value from iTunes, plug in your device, open itunes, click on the name of your device.
You should see Serial Number, click on it and it will swap to UDID which is the required value.

Your UDID on WhatsApp servers will be md5( reverseOf(UDID) )
 
Posts: 246 | Thanked: 2,574 times | Joined on Jan 2010 @ Egypt, Cairo
#44
Originally Posted by ColaCheater View Post
@tgalal: Can you verfiy that the phone-number you used to register the account is found as registered with an official WhatsApp Client?
That was a problem I had when registering the way I described: The registered Account wasn't found by an official client.
Maybe you need to be logged in to get found?
But great to see that you are now able to make a connection to the server!
I confirm it's for some reason not being found by the official client. Also weirdly after I send the initial presence, the response presence comes with an attribute status="dirty" , not sure what this means.
Code:
<presence status="dirty" xmlns="w" from="s.whatsapp.net">
<category timestamp="1329363611" name="groups">
</category>
</presence>
 
knobtviker's Avatar
Posts: 665 | Thanked: 2,388 times | Joined on Feb 2012 @ Zagreb, Croatia
#45
Just wanted to drop in and say I'm observing this port very closely.
Unfortunately, it is beyond my knowledge to help you at this phase.

I can only offer my time and code skill once you have every http request sorted out.
I can make clients for any wanted Nokia platform and phone.

Good luck guys!
 
Posts: 2 | Thanked: 1 time | Joined on Feb 2012
#46
Originally Posted by OzJD View Post
I'm putting much dedication into this and hopefully will come out with something good soon.

I managed to compile FunXMPP.java in the decompiled version of whatsapp which greatly helped in tracing and understanding the code. I'm creating the app using python and BIG THANKS to the very informative guide posted by ColaCheater. I created the 3 functions concerned with registration (obtaining reg code from server, registering the whatsapp account, and checking account existence). That was easy to implement.

And then moving on to login, things turned out a bit complex, I rewrote the whatsapp login functions in python:

Code:
out.streamStart(connection.domain, connection.resource); sendFeatures();
sendAuth();
in.streamStart();
String challengeData = readFeaturesAndChallenge(); sendResponse(challengeData);
readSuccess();
which is working great and I'm able to login now.

Can I guys work with you, Ive been doing the same thing, although the Ive implemented the man in the middle attack through an actual computer in the middle with a sniffer/forwarder after playing with the DNS records.

Anyways, tgalal, how I can get ur working version so far of the decompiled FunXMPP.java or the python version? Can I talk to you privately?
 
Posts: 246 | Thanked: 2,574 times | Joined on Jan 2010 @ Egypt, Cairo
#47
Originally Posted by anasqu View Post
Can I guys work with you, Ive been doing the same thing, although the Ive implemented the man in the middle attack through an actual computer in the middle with a sniffer/forwarder after playing with the DNS records.

Anyways, tgalal, how I can get ur working version so far of the decompiled FunXMPP.java or the python version? Can I talk to you privately?
Attached is a modified WhatsApp 2.0.7 source for S40. I modified it so that I could directly compile FunXMPP (com/whatsapp/client/FunXMPP.java) without problems. I've added a main method to it too that setups a connection and invokes login.(taken from FunXMPPRunner.java). Make sure to change chatUserID in the main method to your phone number.
Attached Files
File Type: zip WhatsApp_2_0_7.src_fun_xmpp.zip (400.9 KB, 558 views)

Last edited by tgalal; 2012-02-20 at 22:05.
 
Posts: 642 | Thanked: 486 times | Joined on Aug 2008
#48
attached is a nice pdf of the changes tgalal made:
Attached Files
File Type: zip print.pdf.zip (87.6 KB, 685 views)
 
Posts: 246 | Thanked: 2,574 times | Joined on Jan 2010 @ Egypt, Cairo
#49
Originally Posted by rash.m2k View Post
attached is a nice pdf of the changes tgalal made:
Thanks for this. Also I wanted to point out that you should use this modified version only to see how login works. Because to make it work I removed some chunks of code that were causing compilation errors and I chose to completely remove them instead of fixing since they weren't used at login (mainly parts related to Iq reqeuests).
 
Posts: 12 | Thanked: 25 times | Joined on Feb 2012
#50
Originally Posted by tgalal View Post
Also weirdly after I send the initial presence, the response presence comes with an attribute status="dirty" , not sure what this means.
I'm guessing you didn't do registration properly, but I'm not really sure.

Also, could it be that the number has been re-used?
Can you check a different number and see the status of that also?

I should have a public registration done within the next few days and if mine doesn't work, I'll have NFI why (I'm emulating the full process)
 
Closed Thread

Tags
galal-t is da, kindergarten, mastar, new tmo low, shameful, tmo not cake, trollfest, whiny_girls


 
Forum Jump


All times are GMT. The time now is 09:17.