How whatsapp messaging works

What WhatsApp Is and How Its Messaging Works

Instant messaging is probably the most popular way for people to communicate nowadays. Lots of people prefer the convenience of online instant messaging over e-mails or phone calls, especially if it’s just to say a few words. You’ve probably used different online messaging tools before, but if you haven’t, you should definitely give it a try!

DISCLAIMER

Just a heads-up that some of the services we’re reviewing here have affiliate partnerships with us, so we may earn a commission if you visit one of them and buy something. You can read more about how this works at https://techboomers.com/how-to-support-techboomers.

In this article, we’ll tell you about an instant messaging application that you can use on your mobile phone. It’s called WhatsApp. WhatsApp has a lot of cool features, so we want to let you in on how great it is! Now, let’s talk about what exactly it is, how it works, and go over some of the app’s features.

What is WhatsApp?

WhatsApp is a multi-functional communication app for your mobile phone. As long as you and other people you know have the app, you can use it to exchange text messages, pictures, videos, audio messages, phone calls, and more… all without having to buy a texting plan or extra phone minutes!

How does WhatsApp work?

WhatsApp uses the Internet data connection through your phone to allow you to send messages to your family and friends. If you’re connected to a Wi-Fi network, it won’t use up your data plan. You can use the app to send text, picture, and audio messages, and make calls, all for free! How great is that?

If you think this sounds like a great messaging app, be sure to download it for your Android device, or your Apple device.

5 great features of WhatsApp

1. Connect with contacts on WhatsApp without the time and hassle of adding each person individually.

WhatsApp automatically detects people in your phone’s address book who are already using the app, so you don’t have to manually add them as contacts. However, you can also invite people who don’t have WhatsApp yet, as well as people you know who aren’t in your address book but who might be using it.

2. Multiple options for methods of communication.

WhatsApp has lots of different ways for you to make sure what you’re trying to communicate reaches your audience. Write a text message, take a picture, record an audio or video message, have a phone call – it’s up to you!

3. Be part of a team with WhatsApp group chats.

You can create custom groups in WhatsApp and swap comments, updates, and ideas with up to 100 other people at once! It’s great if you have a very close-knit group of friends who use WhatsApp, or are part of a business team and need to collaborate.

4. Simple options to search through your messages.

Looking for a contact or an important message that you sent or received? The app lets you search by keyword, by a group or contact’s name, or even by a contact’s phone number. You can also search for keywords inside a particular conversation!

5. Easily back up your messages to your device or Google Drive.

WhatsApp allows you to save a copy of your message history to your phone’s internal memory storage, or even to Google Drive (if you have a Google account). If you ever lose important messages — or WhatsApp itself — simply re-install the app, and all of your messages will be waiting for you!

Is WhatsApp safe?

Yes, WhatsApp is safe to use. It won’t store your personal information, and only people you’ve approved as contacts will be able to message you. This makes it safer than most social networking sites. If someone is bothering you, you can block them. If you see someone breaking the rules, you can report them. To learn more about the safety of WhatsApp, check out our article on WhatsApp safety and security.

How much does WhatsApp cost?

Yes, WhatsApp is free to use. Previously, the app cost 99 cents per year, but since then, the service has become free to use. Instead, they now offer the app to download and use for free, but this only allows users access to all of the basic features. To get more features, users can pay subscription fees. Learn more about the potential costs associated with WhatsApp by checking out this article, which also explains how the company makes money.

Pros and Cons of WhatsApp

Some great things about WhatsApp are that it’s free to use, it’s available on multiple devices, and that it gives you many options and ways to communicate with your contacts. It helps you save money by giving you a way to communicate with people for free rather than needing to add additional texting plans or minutes for phone calls to your mobile plan.

On the negative side, WhatsApp is designed for mobile devices, so while it’s accessible on a computer, it doesn’t work as well as it does on smart phones or tablets. Also, group messages can kind of cancel out privacy settings – even if you have someone blocked on WhatsApp, they could still be part of a group message that you’re included in.

WhatsApp alternatives

If WhatsApp doesn’t sound like it’s quite right for you, don’t worry. There are some other messaging apps that you can try out instead. One of WhatsApp’s biggest competitors is an app called Kik, which is also free to use. Another messaging app with tons of cool features is WeChat. If you’re looking for an app to use primarily for voice and video calls, Google Hangouts is also great option.

You can learn more about all of these apps and websites if you read our WhatsApp alternatives article here.

Those are just a few of the neat things that WhatsApp can do! Check out the rest of our free WhatsApp course to learn more, like how to sign up for an account, and how to use the messaging app!

How Does WhatsApp Work? (A Beginner’s Guide)

Chat with friends and family in no time flat

Messaging apps are basic communication tools that everyone is familiar with. They’re a great way to stay in touch with your family and friends across the world, as well as keep up professional communications with your work colleagues.

While there are a great deal of options to choose from, WhatsApp holds a top position among other messaging clients. This messaging app is secure, easy to use, and comes with a number of handy features for your daily communication. Plus, most of your friends are probably already using it, so why choose a different messenger?

Table of Contents

If you’re still new to the app and trying to figure out your way around it, here’s how WhatsApp works and everything you need to know as a beginner.

How Does Whatsapp Work And Why Use It??

WhatsApp is considered one of the best messaging apps for many reasons. For starters, it allows you to communicate with other people in more ways than one: Through chats, audio and video calls, and through exchanging media files and documents. You can use it on your phone, your computer, and tablet. The app is also highly customizable, so you can choose what your WhatsApp app and your chats look like.

Aside from all the basic features, WhatsApp has some impressive add-ons. Live location sharing can help you keep track of your loved ones and vice versa. The ability to “unsend” messages will save you some embarrassing accidental texts that you meant to send to a different person.

Switching from one phone number to another without losing your data is a great feature for anyone trying to keep their professional and personal communications separate.

If you want all that as well as end-to-end encryption for the messages you exchange with other people, here’s how to install and start using WhatsApp.

How To Install WhatsApp

Before you get started using WhatsApp, you need to head over to the official website and download the free app for your device: Android, or iOS. Then follow the steps.

Launch the app and click Agree And Continue after you read the privacy policy agreement.

Enter your phone number and click Next. WhatsApp will send an SMS with a code and link that you can use to verify your phone number.

If you’ve used the app before, WhatsApp will offer you to restore your backup from Google Drive and access your saved contacts and media.

Once your number is verified, WhatsApp will ask you to fill in your profile info by providing them with your name and picture (optional). You can always change either of those later.

How To Use WhatsApp

After you sign in with your phone number, you can start using WhatsApp to call and chat with other people. You can either import your entire contact list to the app or add contacts manually.

Use WhatsApp To Chat With People On Your Mobile

When you open the app for the first time, you won’t have any active chats.

To get started, click on the green chat bubble in the bottom right corner of your screen.

Then select a contact and go to your private chat with the person.

Start by typing a message, adding emojis or gifs, attaching a media file, or recording an audio message.

When you send a message, you’ll see a single gray tick next to the text. That means your message is sent. Two gray ticks indicate that the message was received. The ticks turning blue indicates the other person has read your message. The clock appearing next to your message instead of the ticks means your message has not been sent yet.

Use WhatsApp To Call Others From Your Smartphone

One of the things that makes WhatsApp so appealing to users is the ability to use it for free unlimited calls. Since it uses the internet connection over cellular data, you can call internationally and not have to pay anything for it.

Open a chat with the person you’d like to call, and click the phone icon in the top right corner of your chat window. If you want to start a video call, opt for the video camera icon instead.

If you’re calling a group instead of a single contact, you’ll get to select how many people can join in before you start the call.

Use WhatsApp On Your Computer

You can access WhatsApp from your computer via the PC version of the app – WhatsApp Web. You can either do it from your browser or by downloading the PC client from the official WhatsApp website. Then follow the steps.

Open WhatsApp on your phone.
Click the Menu or Settings icon in the top of your window.
Scan the QR code from your computer screen.

WhatsApp will then automatically log into your account.

How To Get The Most Out Of WhatsApp

WhatsApp has much to offer outside the basic features that most people use. Here are some WhatsApp tips and tricks that will help you get the most out of the app.

Set Up WhatsApp Groups

WhatsApp allows you to create groups of up to 256 people to discuss anything you like. Whether it’s a secret birthday planning, or a family chat that you’ll use to share funny pictures and videos, setting up a WhatsApp group is a skill you need to learn early on.

Customize Your WhatsApp

When you get tired of the standard look of the app, you can customize it to your liking. One way to do it is to use WhatsApp Dark Mode. To switch it on, go to Settings > Chats > Theme. Switch to Dark and click Ok.

In the same menu you’ll find an option to change your WhatsApp Wallpaper. You can choose to use one of the default options or add a custom chat wallpaper.

Use WhatsApp Without a Phone Number

Your smartphone and your computer aren’t all the devices you can use WhatsApp on. Learn how WhatsApp works without a SIM and you’ll be able to install it on your tablet.

Take Your Online Communication To The Next Level

WhatsApp is a great all-in-one communication tool that enables you to do many things within one app. If you’re looking to unlock even more options for communicating with your friends and family like exchanging quality pictures and videos with them, check out our quick guides on how to use Instagram and TikTok.

Do you use WhatsApp? What’s your favorite WhatsApp feature? Share your experience with us in the comments below.

';document.getElementsByClassName("post-ad-top")[0].outerHTML='';tocEl.outerHTML=tocHTML+newHTML;}}catch(e){console.log(e)}

Anya is a freelance technology writer. Originally from Russia, she is currently a full-time Remote Worker and Digital Nomad. With a background in Journalism, Language Studies, and Technical Translation, Anya couldn't imagine her life and work without using modern technology on a daily basis. Always looking out for new ways to make her life and location-independent lifestyle easier, she hopes to share her experiences as a tech- and internet-addict through her writing. Read Anya's Full Bio

Subscribe on YouTube!

Did you enjoy this tip? If so, check out our very own YouTube channel where we cover Windows, Mac, software, and apps, and have a bunch of troubleshooting tips and how-to videos. Click the button below to subscribe!

WhatsApp Secrets - Aitarget One Blog

Foreword

WhatsApp has grown into the world's most popular messaging app with 1.5 billion monthly active users. Over 40 billion messages are sent through the app daily, over 29 million per minute. WhatsApp has a lot of useful features that you probably know about, but after reading this article, you are sure to discover a few more hidden treasures of the app.

While WhatsApp is primarily a consumer-facing platform, the recent addition of WhatsApp Business has made the app more accessible and relevant to businesses.

As they say, with great success comes great responsibility. In April alone, WhatsApp introduced five more new features. Let's take a look at the full package of options.

Chapter 1 Formatting

Formatting Text

Did you know: that you can format your text like Bold , Italic or Z̶a̶ch̶e̶r̶k̶̶n̶v̶v̶a?

How to do it: for Bold use an asterisk, i. e. *bold*; for Italic use an underscore, i.e. _italic_; for ̶З̶a̶ch̶e̶r̶k̶i̶v̶a̶n̶i̶e̶, use tildes, i.e. ~strikethrough~. On Android, also tap the message before sending it and choose Bold, Italic, or Strikethrough from the pop-up bar.

Font

Did you know: that you can change the font of the message?

Like: use the character ` three times on both sides of the message, for example: ```Hi```. Note that the ` character is not available on iOS, so you will have to copy and paste ```. On Android, also tap the message before sending it and select "Monospaced" from the pop-up bar.

Chapter 2. Messages

Starred messages

Did you know: that you can star a message, which allows you to easily return to it at any time, whether you starred a link, an address, or a number phone?

How to add a star: click on the message and select the star icon. Similarly, you can remove the asterisk from an already marked message.

How to view the highlighted message: To view a previously flagged message on iOS, select the star tab at the bottom of the app screen, or press the menu button on Android.

Send public messages at once as private

Did you know: that you can send private messages (similar to blind copy in emails, or BBC) to different people at the same time?

Like: go to WhatsApp main menu, find "New Group" or "New Newsletter". Use them to create a new list of contacts you want to deliver a message to and enter your message.

Use AI technology

Did you know: that you can send or listen to a message without touching your phone using artificial intelligence technology?

Siri and Google Assistant understand when you want to send someone a message via WhatsApp. Just ask! iOS users can even ask Siri to read responses by telling Siri to "read my last WhatsApp message" after unlocking the phone.

Draw pictures

Did you know: that you can unleash your inner Picasso and impress your friends with your art in a group chat?

Like: Select the image you want to change and use the icons at the top of the screen to add an emoji, write a message, draw on something, or crop the image.

"Quote Messages" in Replies

Did you know: that you can give context to your messy group chat response by stating the specific message you're replying to?

Like: on iOS swipe on the original message; on Android, press and hold on a message, then select the reply icon from the pop-up menu.

Submit your location

Did you know: that you can tell your friends where to find you by uploading your current and preferred location? The location transfer can take 15 minutes, 1 hour, or 8 hours, depending on your settings.

AS: on iOS, press the + to the left of the chat and select "Location", give WhatsApp permission to know your location, then select "Share location" and "Send your location". On Android, tap the paperclip in the menu, select "Location" and then "Share location data."

Send document attachments

Did you know: that you can send a document from Dropbox, iCloud or Google Drive directly to a colleague in a chat instead of using email?

Like: enter the chat, tap the + symbol on iOS or the paperclip symbol on Android, click the Document icon, then select the appropriate document storage and corresponding file.

Send GIFs

Did you know: that you can flash a witty GIF on WhatsApp?

Like: on iOS, click the + icon, choose Photo/Video, and select the GIF in the bottom left corner. On Android, launch the emoji keyboard and select the GIF below your list of emojis.

Add location-based stickers (iOS only)

Did you know : Just like on Instagram, you can add location-based stickers to your photos and videos on WhatsApp?

Like: Tap the + icon in a chat and tap Photo/Video. Once you've selected your media, click on the emoji icon and add stickers. Note that the location-based sticker is only available on iOS, and for Android users, there are many more stickers to choose from.

Keep conversations private

Sometimes group chats get too open and you would like to discuss a specific issue with a person in private.

Did you know: that you can initiate a private chat without leaving the group chat?

Like: hold the message for a while, select the three dots in the menu at the top and the "Write [person's name]" option to open a previous private conversation or create a new one. Alternatively, click on the name when posting in a group chat and select "Write [person's name]" from the pop-up menu.

Delete messages

Did you know: that with a recent WhatsApp update within an hour, you can delete a message you sent by mistake?

Like: just hold the message and select delete. The "Delete for everyone" option is only available for an hour after the message is sent, while the "Delete for me" option is always available.

Create sticky chats

Did you know : you can get quick access to your favorite chat by placing it above other chats on the main page?

Like: Scroll to the right side of the selected chat on iOS or long press on a chat on Android and then press the button icon.

Chapter 3 Notifications

Disable Message Read Receipts

Did you know: that you can turn off your message read notifications so that your friends don't feel ignored?

Like: go to the Settings menu, select Account, then Privacy, and disable Read Receipt. Note that you will also not receive other people's notifications when you do this.

Tip: If you want to read something without turning off read receipts, switch your phone to Airplane Mode before reading the message.

Check read time

Did you know: that you can know exactly when a message was read?

Like: To view information about when and to whom a message was delivered and when a message was read, swipe it to the left in iOS. On Android, hold a message and select the information icon.

Mark messages as unread

Did you know: that you can mark as unread something that you have already opened and read?

Like: on iOS, swipe the chat to the right and tap the Unread icon. On Android, press and release the chat button, then select "Mark as unread."

Disable group chat

Did you know: that you can follow just a few simple steps to keep your phone from fluff from the number of group chats?

Like: select the group chat you want to disable and then click on its name. In the Group Info section, click Silent and choose whether you want to turn off notifications for eight hours, one week, or a year.

Hide preview

Did you know: that you can hide the message preview by turning off the notification feature so that all your secret messages are safe?

Like: In the settings, go to "Notifications" and select the desired option in "Pop-up notifications".

Make shortcuts (Android only)

Did you know: that Android users can create shortcuts to their most used chats and save them on the home screen?

Like: Press and hold the chat of your choice. On the pop-up tab, select "Add chat icon to screen" and the chat will appear as a profile photo on the mobile desktop.

Set up personalized notifications

Did you know: that you can assign different notification ringtones to different chats or contacts so you know when to respond most (or not)?

Like: Tap the name of the contact or chat. From the Contacts or Group Info menu that appears, select Individual Notifications, then choose whatever your heart desires.

Chapter 4 Other

Launch YouTube (iOS only)

Did you know: that you can now watch YouTube videos in WhatsApp and keep messaging or switch chats?

Like: just click on any YouTube video sent to you via WhatsApp and that's it! Once the video opens, you can do other things like keep messaging or access another chat.

Find your most frequent contact

Did you know: that WhatsApp lets you know who you chat with the most on the app?

Like: Under Settings go to Data & Storage and then Storage. There you can see the ranking of the most important groups and contacts based on the data you used to communicate with them.

Message Search

Did you know: that you can find the exact text you need with a simple search?

Like: press the search button in the main menu, enter the text you are looking for, and that's it! If you know what chat the message is in, click on its name and hit search, then type in the text.

Hide your profile photo

Did you know: that you can log in incognito and set to hide your profile photo?

Like: in Settings, go to Account, then to Privacy and select Nobody in Profile Photo.

Hide your presence

Did you know: that you can become invisible by turning off the last activity status?

Like: in the settings, go to "Account", then to "Privacy" and click "Visiting time" and select the appropriate option.

Back up

Did you know: that you can protect your chat history in the cloud so you never have to worry about losing it?

Like: on iOS WhatsApp requests automatic daily/weekly/monthly backup. To enable this setting on both platforms, in Settings, choose Chats > Chat Backup.

Data and media storage

Did you know: that you can avoid the huge phone bill of sending and receiving all those cat videos?

Like: on iOS and Android, go to Settings, select Data & Storage. Browse through the options and select your preferred method for getting and downloading media. Choose Wi-Fi to receive media only if you're offline from a data plan, or switch to "Auto Download Media" when everything downloads automatically.

Saving call data

WhatsApp calling is a convenient but data-consuming feature.

Did you know: that there is a way to save mobile traffic when using calls?

Like: In Settings, go to Data & Storage on both iOS and Android and select the Save Data option.

Transfer money to your contacts (option being tested)

Did you know: that soon you will be able to make payments to your friends and family via WhatsApp? Is the app in beta testing in India at the time of writing?

Like: You don't have the ability to make transfers on WhatsApp at the moment, but we know that the Payment feature will be coming soon to the Settings menu. You will need to accept the "Terms and Privacy Policy", click continue, confirm your phone number, and then select your bank.

Please note: Facebook Messenger, which already has a built-in payment option, requires more details to access the payment option, so be careful if this option is accompanied by a request for personal data when it appears in WhatsApp.

Whatsapp on a big screen

Sometimes it can be difficult to type a detailed reply using only the phone keypad.

Did you know: that you can use WhatsApp on your computer to make it easier to write long messages?

Like: go to web.whatsapp.com on your internet browser, then go to the WhatsApp main menu on your phone and select WhatsApp Web and scan the QR code.

Add dates to calendar (iOS only)

Did you know: that you can instantly save an agreed date before starting a call and never miss an appointment?

Like: iOS automatically detects and underlines date-related parts of a conversation. To save a date, click on it and select the "Create an event" option.

Send all chat to

Sometimes it seems that your favorite Whatsapp chat is so good that it would make a great book.

Did you know: that you can email the entire conversation, including emoji and media attachments?

Like: on Android, enter the chat, select "More" from the menu, and then "Send chat by email". On iOS, swipe on the chat from right to left, select "Export chat" and one of the options - "With files" or "Without files".

Afterword

Congratulations, you've become a WhatsApp master by learning all the tricks you now have up your sleeve! The app is constantly growing and will continue to introduce more features in the future. Aitarget, as always, will be part of this journey, and we will be happy to help you walk on uncharted paths.

Whatsapp, what's inside? / Habr

In continuation of the publication of our company's research on the internal mechanisms of the world's largest instant messengers. Today we will look at WhatsApp in its current state. In fact, the insides have not changed much over the past three years, the changes there are more cosmetic.

In this article, we will see in detail how you can study the protocol of the messenger, answer the question "can WhatsApp read our correspondence?" and I will attach all the necessary PHP code.

General information

WhatsApp uses a modified version of the XMPP protocol as a message format. All messages are compressed by replacing frequently used words with 1 or 2 byte tokens (for example, instead of “message”, we write byte 0x5f), thus getting what is called FunXMPP.

Some packages can be further compressed by zlib. The received packet is encrypted with AES GCM 256-bit and sent to the server.

The client performs a noise protocol handshake to obtain encryption keys. It's well described here. For some reason, all developers of open source implementations refused to implement it in code and hung up the “end of support” die, we will fix this.

The first time you connect, a full handshake is performed. After a successful connection to the server, each time a new key is issued for the next session, with the help of which a connection is subsequently made without exchanging keys.

WhatsApp supports end-to-end encryption using libaxolotl (Signal Protocol), two versions are implemented in the code - first they just did encryption, and then they added alignment and called it v2. There is only one problem here - because. Since this is a centralized system, then the keys are transferred through the WhatsApp server, so technically there are no obstacles for the developers of the messenger to transfer fake encryption keys and fully read the correspondence. But this does not have retroactive effect - you will not be able to read the messages retroactively.

By the way, when you receive a message from an unauthorized contact, the messenger displays a “report spam” button, by clicking on it we will not only block the contact, but also send the text of the message through a secure channel (already clear!). Without studying the entire application code, there is no way to guarantee that this functionality is not used in any other cases.

To check the authenticity of the encryption keys in the WhatsApp application, you can go to the contact card, select the "Encryption" item, after which the application will prompt you to scan the QR code on the recipient's device. Thus, by the way, you can make a custom application based on the WhatsApp protocol, which will constantly monitor the status of encryption keys and issue beautiful “NSA is watching you” or “You are safe” badges: given the variety of instant messengers, replace one of them with this the application will be even useful.

The algorithm of work can be assumed as follows: the device that displays the QR code encodes its public key into it, the device that reads the QR code checks the key with the one in its database. This is a secure way to verify the key, but only if there are no bookmarks in the application.

When sending media, the files are uploaded to the WhatsApp servers, we have not done further research to see if they are encrypted there. Most likely they are not encrypted, because the application developer trusts himself, and the link to the file is transmitted over a channel protected by end-to-end encryption.

Account registration

Registration takes place in three https requests to the v.whatsapp.net domain (they can be peeped in any known way, for example, burp or mitmproxy, the application uses certificate pinning, which is bypassed using the ssl kill switch).

v.whatsapp.net/v2/exists?cc=countrycode&in=phone&id=deviceid&lg=en&lc=zz
does nothing useful, before, most likely, it served to check if this number was already registered (most likely until the moment when someone began to sort through their base)

v.whatsapp.net/v2/code?method=sms&cc=country_code&in=phone&token=token&sim_mcc=mcc&sim_mnc=mnc&id=device_id&lg=en&lc=zz&end-to-end encryption settings
It actually asks for an activation sms code. A similar request can also be used to receive a call. End-to-end encryption settings are optional and can be configured upon further connection. The token is obtained like this:

 md5("0a1mLfGUIBVrMKF1RdvLI5lkRBvof6vn0fD2QRSM" . md5("21752") . "phone")

The first line is the encrypted string landscape, whatever that means. Any version of the application (21752) can be substituted (the most curious can try to register with a version that has not yet been released), the hash of the version is sewn up in the application code itself, but something similar to an md5 hash is selected quite quickly.

v.whatsapp.net/v2/register?cc=country_code&in=phone&code=code_from_sms&id=device_id&lg=en&lc=zz
This request, respectively, confirms the registration with the code received by SMS or call.

Requests use User-Agent: WhatsApp/2.17.52 iPhone_OS/7.1.2 Device/iPhone_4 . The correct agent is most likely required for the correct verification of the token.

MITM

All this has been known for more than a day - there are several implementations of the WA16 protocol (Chat-API, Yowsup), the difference from the current WA20 is, in fact, only in the Noise Protocol. With this information, we can develop a local MITM to view decrypted application traffic. Because Initially, the XMPP application protocol - then everything that happens there will be quite clear immediately from the decrypted traffic, so there is no particular need to dive into the wilds of the disassembler.

To start MITM, we will pretend to be a real WhatsApp server, perform a full handshake, after which our application will listen for traffic, redirecting it to the original whatsapp server and back. To do this, we need to change the original application:

All operations are carried out in the following configuration: iPhone 4, iOS 7.1.2, IDA 7, WhatsApp 2.17.52.

Patch application

1. We will perform a full handshake on each connection, this will greatly simplify our lives. In method -[NoiseHandshakeManager initWithLoginPayload:clientStaticKeyPair:serverStaticPublicKey:] If serverStaticPublicKey is present, ResumeHandshake is executed, and if is not present, FullHandshake is performed.

The serverStaticPublicKey is stored in the R0 register, and if it is absent, the transition to FullHandshake is performed. And we will make this transition unconditional. To do this, replace the two bytes

with

Result

In the decompiler, we see that one of the condition branches has become unattainable and is not displayed.

we don't have the private keys of the original server. Without this change, it will be impossible to sniff the traffic. To do this, we will make changes to the method (bool)- [NoiseHandshakeManager validateNoiseCertificate:serverHandshakeStaticPublicKey:] .

We want the function to always return one. Now the result of the certificate check from register R6 is put into R0.

Let's make it so that

is written to R0. As a result, we get

The application is assembled with all the debug information, so additionally renaming, describing structures and generally performing a patch reversing process is actually not required during creation. The images are shown immediately after the decompiler was launched, without additional processing.

iOS 7.1.2 does not verify the authenticity of application binaries, so all changes can be made directly in the application file. In later versions of iOS, you can make these same changes to the running app's memory.

Writing code...

Next, with the help of IDA and long painstaking efforts, we prepare the code that successfully executes NoiseHandshake on the WhatsApp servers. Then we implement a fake server - we do all the same encryption operations, but in reverse order (sounds simple, but if you don’t do it every day, it’s still a headache). The finished code is here.

Download the MITM application from the link above to your computer. Install PHP 5.6 (another version is also suitable, this version was used in my configuration). You will also need two more libraries:
- first
- second

We intercept the connection

It remains only to force the application to connect to our server, instead of the real one. The application connects to one of the e%d.whatsapp.net servers (where %d is a number from 1 to 16, for example e5.whatsapp.net), each of which resolves to several IP addresses, each time different, in total over 300 servers. The easiest way would be to change the server's DNS response and direct it to our computer with MITM.

To do this, we put the phone and the computer on the same network (literally any wifi router will do), on the phone we set DNS to our computer on which we install bind9 with the following host:

 $TTL 86400 @ IN SOA ns. whatsapp.net. admin.whatsapp.net. ( 2017100500 28800 7200 1209600 86400) @ IN NS @ @ IN A YOUR IP v IN A 184.173.136.86 v IN A 174.37.243.85 * IN CNAME@

Watch traffic

Next, edit mitm.php - you need to substitute your phone number in the username field and the contents of the cck.dat file (located in the application directory) in the password field.
Run php mitm.php. We launch the WhatsApp application and see the following picture:

The screenshot shows two packets from the server - a message about successful authorization and some settings. This is how absolutely all application traffic looks - everything is readable and, in most cases, it is not required to further analyze the application.

Algorithm for turning FunXMPP into readable text is available in all WhatsApp libraries. Inside is the simplest state machine, I will not describe it further here.

Pins

The application is made with high quality, uses modern encryption protocols, but deep inside lies the XMPP left over from the originally used ejabberd.