Dont use Android-2.12.510 or Android-2.12.5xx

[assegaf]

Yeah, Android 2.12.510 or probably below that version, already use Stream WA Protocol 2.0, stable 2.12.453 still 1.6, older than that version still use 1.6 Protocol.

If you still keep using Stream 2.12.510 or near it, and using protocol 1.6 will be banned instantly ...

@davidgfnet , I got this info from your wireshark-whatsapp hope helps.

[0x3d5157636b525761]

Were you able to analyze the protocol?

[assegaf]

I wish I can, but its completely 100% different, not even wireshark-whatsapp can read it, not even initial tx (without encryption) is same and readable, so probably need reverse enginering first, maybe need additional encryption from the start.

but it still using pw password saved on android,

[0x3d5157636b525761]

I don't recognize any F8 stanza headers... Indeed, completely different. Also, could not find any invocations to Cipher.getInstance("ARC4") (after deobfuscation). :(

[szr8]

On 3/16/2016 2:38 AM, assegaf wrote:

Yeah, Android 2.12.510 or probably below that version, already use
Stream WA Protocol 2.0, stable 2.12.453 still 1.6, older than that
version still use 1.6 Protocol.

If you still keep using Stream 2.12.510 or near it, and using protocol
1.6 will be banned instantly ...

@davidgfnet https://github.com/davidgfnet , I got this info from
your wireshark-whatsapp hope helps.

I've been online since the early 1990s and I honestly don't recall ever seeing such a totalitarian instant messaging protocol to such an extent.

This is seriously feeling way too much like a "paper, show me your papers" mentality; what exactly is their justification for being so incredibly anal about how people connect?

I can certain understand wanting to keep secure communications secure, but as long as that is being maintained, what exactly is the problem? The PTB for Whatsapp just seem to be taking it way too far, to seemingly unhealthy levels of extreme paranoia.

[assegaf]

they really doing their homework and pain in the a** . not even 6 month yet from Protocol 1.6 to 2.0
@0x3d5157636b525761 its possible they change encryption to one of the https://www.bouncycastle.org/ cryptography , seem its mostly used by many vendor.

[0x3d5157636b525761]

BouncyCastle usage was weird in old versions -- it was only partially embedded in the DEX, i.e. they had AES implementation but no ECDH... I will check it out soon.

[hellerbarde]

I just got banned immediately trying whatsapp-purple with Android-2.12.419. (not mad, don't worry ;) )

(EDIT: hmmm... now that I think about it, maybe it banned me during trying to grab the password... Sorry, didn't mean to red herring this.)

[assegaf]

any idea or link what to explain about "Noise Protocol" ?

And I think AES-GCM seem an implementation to allow NSA or any goverment to sniff the packet, so we are an object 👍

[assegaf]

oh that great news about AES-GCM is more secure. but its pain to follow up in this non official client,