CN117610032A - Whatsapp end-to-end encryption data evidence obtaining method based on Web platform - Google Patents
Whatsapp end-to-end encryption data evidence obtaining method based on Web platform Download PDFInfo
- Publication number
- CN117610032A CN117610032A CN202311430843.0A CN202311430843A CN117610032A CN 117610032 A CN117610032 A CN 117610032A CN 202311430843 A CN202311430843 A CN 202311430843A CN 117610032 A CN117610032 A CN 117610032A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- decryption
- message
- message data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 150000003839 salts Chemical class 0.000 claims abstract description 34
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 30
- 238000009795 derivation Methods 0.000 claims abstract description 10
- 230000002085 persistent effect Effects 0.000 claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000013075 data extraction Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 14
- 238000000605 extraction Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention provides a Whatsapp end-to-end encryption data evidence obtaining method based on a Web platform, which comprises the steps of accessing a Whatsapp webpage version through a Web browser, and reading message data of a message table in a Web browser persistent storage database I ndexedDB; acquiring a salt decryption parameter from the Whatsapp webpage version server, and acquiring a key for decryption by combining the salt decryption parameter and an AES-CBC key derivation algorithm; and decrypting the message data in the message table through the key and downloading and caching the message data to the local in batches. The problems that some data information is missed, manual operation errors are caused by manual screenshot and manual copying of chat information and media files of involved persons, and the data fixed evidence obtaining requirement is difficult under special conditions are solved, an automation technology is introduced, manpower investment is further reduced, complete chat message data is extracted more comprehensively and efficiently by directly accessing a webpage database, and the influence of page environment factors on the data extraction accuracy is avoided.
Description
Technical Field
The invention relates to the technical field of electronic data evidence obtaining, in particular to a Whatsapp end-to-end encryption data evidence obtaining method based on a Web platform.
Background
With the continuous development of mobile internet technology, people increasingly rely on various chat software to communicate with daily work and life, however, some lawbreakers also use the chat software to conduct illegal criminal activities, whatsApp is an application program for communication between smart phones, and as a foreign chat tool with global users, whatsApp is favored by lawbreakers, so the importance of fixedly evidence data on WhatsApp is self-evident.
Currently, the Web platform-based WhatsApp data extraction tool provided on the market is mainly capable of extracting a contact chat list in a plaintext, but extracting encrypted chat data is relatively difficult. Since WhatsApp stores chat data based on end-to-end encryption, it is almost impossible to directly read local data files for extraction, and the office can only manually copy the chat information of the involved person and download the media files, or save evidence in a screenshot manner.
The prior art for carrying out fixed evidence collection on Whatsapp data requires a large amount of manpower and time cost, cannot meet the requirement of large-scale data fixed evidence collection, previews chat contents in real time and stores screenshot, and a plurality of windows need to be continuously switched to intercept all chat data, so that the problems of missing data or misoperation on the data are easy to occur, and the stored evidence is incomplete and inaccurate; message data for media files can only be saved with triggered downloads and chat records on Web pages that are not loaded or that are in error are not available.
Aiming at the problems in the prior art, the invention provides the WhatsApp end-to-end encryption data evidence obtaining method based on the Web platform, which introduces an automatic technology, directly adopts a mode of accessing a Web page database to extract corresponding chat data, not only does not depend on the extraction of page presentation data, avoids the influence of page environment factors, but also reduces the manpower investment, avoids manual error operation and omission, improves the accuracy and extraction efficiency of database fixed evidence obtaining, and realizes the comprehensive and accurate extraction and decryption of WhatsApp end-to-end encryption chat data.
Disclosure of Invention
The present invention proposes the following technical solution to one or more of the above technical drawbacks of the prior art.
A WhatsApp end-to-end encryption data evidence obtaining method based on a Web platform comprises the following steps:
s1, accessing a Whatsapp webpage version through a Web browser, and reading message data of a message table in a Web browser persistent storage database IndexdDB;
s2, acquiring a salt decryption parameter from the Whatsapp webpage version server, and combining the salt decryption parameter with an AES-CBC key derivation algorithm to acquire a key for decryption;
s3: and decrypting the message data in the message table in the S1 through the key in the S2, and downloading and caching the message data to the local in batches.
Further, the message data types in the message table in S1 include text chat content and media files;
wherein the media files include pictures, audio, video, and document files.
Still further, the encrypted message data of which the message data type is text chat content is obtained from the msgrowopaquedata_data key value.
Further, the encrypted message data of the message data type being a media file is obtained from a directpath key in the message table.
Still further, the salt decryption parameter in S2 is obtained by: setting a decryption monitoring function in the Web browser, and receiving a salt decryption parameter which is randomly generated when the Whatsapp webpage version client communicates with a server by using the decryption monitoring function.
Setting the monitoring function can monitor the connection request from the client on the appointed port, the salt decryption parameter is randomly generated, any number, letter or combination of the number and the letter can be caused, the combination and the hash of the combination and the hash in the data dictionary are needed to be matched, and the salt decryption parameter is necessary to decrypt the encrypted message data.
Still further, S2 further includes: if the type of the message data in the acquired S1 is text chat content, acquiring local key information stored in the persistent storage database IndexdDB, and then deriving an AES-CBC key by combining the salt decryption parameter and a key derivation algorithm.
Decrypting using the AES-CBC key not only consumes less resources, but also further improves the efficiency of decrypting the message data using a symmetric decryption algorithm.
Still further, S2 further includes: if the type of the message data in the acquired S1 is a media file, an AES-CBC key is derived by utilizing a directPath key value in the message table and combining the salt decryption parameter and a message type deduction algorithm.
Furthermore, in S3, the message data is decrypted and the media key is named after the message data is downloaded and cached, so as to find the association relationship between the media file and the object storage data.
Further, the hash value needs to be calculated after decrypting the message data and downloading the buffer in S3 to ensure the validity of the data.
The meaning of calculating the hash value on the message data downloaded after decryption is to prove that the electronic data file is an original and that the authenticity and integrity of the message data can be verified.
Still further, the AES-CBC key needs to be cut to get an initialization vector and the AES-CBC key that is eventually used for decryption.
Still further, the AES-CBC key that is ultimately used for decryption needs to further decrypt the encrypted bytes in the decrypted media file data after the decrypted media file data is obtained.
The invention also proposes a readable computer storage medium on which computer program instructions are stored, characterized in that the computer program instructions, when executed by a processor, implement a system as described in any of the above.
The invention has the technical effects that: according to the invention, an automatic technology is introduced, corresponding chat data is directly extracted by accessing the webpage database, extraction of page display data is not relied on, influence of page environment factors is avoided, labor input is reduced, manual error operation and omission are avoided, accuracy and extraction efficiency of database fixed evidence obtaining are improved, and comprehensive and accurate extraction and decryption of WhatsApp end-to-end encrypted chat data are realized.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings.
Fig. 1 is a flowchart of an overall scheme of a WhatsApp end-to-end encryption data forensics method based on a Web platform according to an embodiment of the present invention.
Fig. 2 is a specific flowchart of a WhatsApp end-to-end encrypted data forensics method based on a Web platform according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a computer system suitable for use in implementing embodiments of the present application.
Detailed Description
The present application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
Fig. 1 is a flowchart of an overall scheme of a WhatsApp end-to-end encrypted data forensics method based on a Web platform according to an embodiment of the present invention, including the following steps:
s1, accessing a Whatsapp webpage version through a Web browser, and reading message data of a message table in a Web browser persistent storage database IndexdDB;
s2, acquiring a salt decryption parameter from the Whatsapp webpage version server, and combining the salt decryption parameter with an AES-CBC key derivation algorithm to acquire a key for decryption;
s3: and decrypting the message data in the message table in the S1 through the key in the S2, and downloading and caching the message data to the local in batches.
It should be noted that, the message data types in the message table in S1 include text chat content and media files;
wherein the media files include pictures, audio, video, and document files.
It should be noted that, the message data in the message table is stored in a database in a Json object format, and the type of the message data is determined according to the type field in the message table.
It should be noted that the encrypted message data whose message data type is text chat content is obtained from the msgrowopaquedata_data key value.
It should be noted that, the encrypted message data with the message data type being a media file is obtained from the directpath key value in the message table.
It should be noted that, the salt decryption parameter in S2 is obtained by the following manner: setting a decryption monitoring function in the Web browser, and receiving a salt decryption parameter which is randomly generated when the Whatsapp webpage version client communicates with a server by using the decryption monitoring function.
When the salt decryption parameters are acquired, the WhatsApp server needs to be simulated to refresh the WhatsApp webpage or click on the chat list to trigger the WhatsApp server to call the decryption function and send the salt decryption parameters.
Note that S2 further includes: if the type of the message data in the acquired S1 is text chat content, acquiring local key information stored in the persistent storage database IndexdDB, and then deriving an AES-CBC key by combining the salt decryption parameter and a key derivation algorithm.
After decrypting the data in the msgRowOpaqueData_data key, the protobuf serialization format message is generated and needs to be further decoded into the original message data.
It should be noted that the message data of the media file class is not stored in the ptotobuf serialization message, but is stored encrypted in the CDN service of WhatsApp.
Note that S2 further includes: if the type of the message data in the acquired S1 is a media file, an AES-CBC key is derived by utilizing a directPath key value in the message table and combining the salt decryption parameter and a message type deduction algorithm.
It should be noted that, the directPath key value further includes a url address for providing the downloaded encrypted media file, and the media file obtained by the url address is encrypted and needs to be further decrypted.
In S3, the message data is decrypted and the media key value is named when the message data is downloaded and cached, so as to find the association relationship between the media file and the object storage data.
It should be noted that, in S3, after decrypting the message data and downloading the buffer, a hash value needs to be calculated to ensure the validity of the data.
It should be noted that, the hash algorithm is an algorithm for converting data with any length into a fixed length value, and the main idea is to generate a unique binary string, i.e. a hash value, from input data through a series of computation and transformation, where the hash value is usually a fixed length string, and is used to represent the state or feature of the original data, and has the characteristics of irreversibility, uniqueness and collision resistance.
It should be noted that the meaning of calculating the hash value on the message data downloaded after decryption is to prove that the electronic data file is an original and that the authenticity and integrity of the message data can be verified.
It should be noted that, the calculation of the hash value refers to the calculation by the program, without manual intervention, and the specific method is as follows: and dragging the file into hash verification software to obtain a hash value, copying the hash value, recording the hash value into electronic data evidence, and extracting a stroke.
It should be noted that the AES-CBC key needs to be cut to obtain an initialization vector and the AES-CBC key that is ultimately used for decryption.
It should be noted that, after obtaining the decrypted media file data, the AES-CBC key finally used for decryption needs to further decrypt the encrypted bytes in the decrypted media file data.
In addition, according to an embodiment of the present invention, there is further provided a storage medium on which program instructions are stored, which when executed by a computer or a processor, are configured to perform the corresponding steps of a WhatsApp end-to-end encrypted data forensic method under a Web platform according to an embodiment of the present invention.
The storage medium may include, for example, a memory card of a smart phone, a memory component of a tablet computer, a hard disk of a personal computer, a read-only memory (ROM), an erasable programmable read-only memory (EPROM), a portable compact disc read-only memory (CD-ROM), a USB memory, or any combination of the foregoing storage media.
It should be noted that the computer readable storage medium may be any combination of one or more computer readable storage media, for example, one computer readable storage medium contains computer readable program code for randomly generating a sequence of action instructions, and another computer readable storage medium contains computer readable program code for performing a WhatsApp end-to-end encryption data forensics method under a Web platform.
With continued reference to fig. 2, fig. 2 is a specific flowchart of a WhatsApp end-to-end encrypted data forensics method based on a Web platform according to an embodiment of the present invention. Comprising the following steps:
accessing a Whatsapp webpage version through a Web browser, waiting for webpage data loading to be completed, connecting a model-storage database in a Web browser persistent storage database IndexedDB, acquiring message data in a message table, and judging whether the acquired message data type is text chat content or not;
if the message data type is text chat content, monitoring a salt decryption parameter issued by a WhatsApp server, storing the salt decryption parameter after receiving the salt decryption parameter, acquiring a local key from a model-storage database, deriving an AES-CBC key through a key derivation algorithm by combining the salt decryption parameter and the local key, and decrypting the text chat content in a data_data key value in a message table through an AES-CBC algorithm by utilizing the AES-CBC key;
if the message data type is a media file, downloading the media file encrypted and stored in the WhatsApp CDN service through a directionPath key value in a message table, deriving a key by combining the media key value in the message table and a message type derivation algorithm, decrypting the media file through an AES-CBC algorithm, further decrypting the encrypted bytes of the decrypted media file data, and caching the media file;
and finally, packaging and downloading the decrypted text chat content and the media file to the local.
It should be noted that, the message data types include text chat content and media files;
wherein the media files include pictures, audio, video, and document files.
It should be noted that, the message data in the message table is stored in a database in a Json object format, and the type of the message data is determined according to the type field in the message table.
It should be noted that, the salt decryption parameter is obtained by the following method: setting a decryption monitoring function in the Web browser, and receiving a salt decryption parameter which is randomly generated when the Whatsapp webpage version client communicates with a server by using the decryption monitoring function.
When the salt decryption parameters are acquired, the WhatsApp server needs to be simulated to refresh the WhatsApp webpage or click on the chat list to trigger the WhatsApp server to call the decryption function and send the salt decryption parameters.
After decrypting the message data in the msgRowOpaqueData_data key, the protobuf serialization format message is generated and needs to be further decoded into the original message data.
It should be noted that, the directPath key value further includes a url address for providing the downloaded encrypted media file, and the file obtained by the url address is encrypted and needs to be further decrypted.
It should be noted that the AES-CBC key needs to be cut to obtain an initialization vector and the AES-CBC key that is ultimately used for decryption.
It should be noted that, when decrypting the message data and downloading the cache, the message data is named by a media key value to find the association relationship between the media file and the object storage data.
It should be noted that, after decrypting the message data and downloading the buffer, a hash value needs to be calculated to ensure the validity of the data.
It should be noted that the meaning of calculating the hash value on the message data downloaded after decryption is to prove that the electronic data file is an original and that the authenticity and integrity of the message data can be verified.
It should be noted that, the calculation of the hash value refers to the calculation by the program, without manual intervention, and the specific method is as follows: and dragging the file into hash verification software to obtain a hash value, copying the hash value, recording the hash value into electronic data evidence, and extracting a stroke.
It should be noted that, the AES-CBC algorithm is one of symmetric encryption algorithms, and is called as advanced encryption standard-cipherblockchannel mode, and decrypting encrypted data by using the AES-CBC algorithm converts the data back to the original form, i.e., plaintext;
an AES-CBC key is required to be obtained before message data decryption is performed by using an AES-CBC algorithm, and an initialization vector iv (usually 16 bytes) is required to be set;
after generating the AES-CBC key and initialization vector iv, the ciphertext needs to be converted into an array of bytes and decoded using Base 64.
Note that, when decrypting using the AES-CBC algorithm, care needs to be taken to select an appropriate key length to ensure the security of the data.
It should be noted that, the AES-CBC algorithm encrypts each block using the AES algorithm, and increases data security using the CBC operation mode;
during decryption, firstly, the ciphertext is divided into blocks with fixed length (usually 128 bits), and then the initialization vector iv is used for carrying out exclusive OR operation with the first block; decrypting the result obtained by the exclusive-or operation by using an AES algorithm, performing the exclusive-or operation on the plaintext obtained by the decryption and the ciphertext of the last block, and repeating the steps until all the blocks are processed, but the last block may need to be filled.
It should be noted that, the AES-CBC algorithm combines the advantages of the AES algorithm and the CBC working mode, the AES algorithm encrypts and decrypts data in an iterative manner, the CBC working mode introduces the initialization vector iv and the ciphertext of the previous block to increase the security of the data, the encryption of each block depends on the ciphertext of the previous block, and this dependency relationship increases the tolerance of the algorithm to data modification.
Referring now to FIG. 3, a schematic diagram of a computer system suitable for use in implementing embodiments of the present application is shown. The electronic device shown in fig. 3 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments herein.
As shown in fig. 3, the computer system includes a Central Processing Unit (CPU) 301 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage section 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the system operation are also stored. The CPU 301, ROM 302, and RAM 303 are connected to each other through a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input section 306 including a keyboard, a mouse, and the like; an output portion 307 including a Liquid Crystal Display (LCD) or the like, a speaker or the like; a storage section 308 including a hard disk or the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. The drive 310 is also connected to the I/O interface 305 as needed. A removable medium 311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed on the drive 310 as needed, so that a computer program read therefrom is installed into the storage section 308 as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 309, and/or installed from the removable medium 311. The above-described functions defined in the method of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 301. It should be noted that the computer readable storage medium of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present application may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments described in the present application may be implemented by software, or may be implemented by hardware.
As another aspect, the present application also provides a computer-readable storage medium that may be included in the electronic device described in the above embodiments; or may exist alone without being incorporated into the electronic device. The computer-readable storage medium carries one or more programs that, when executed by the electronic device, cause the electronic device to: accessing a Whatsapp webpage version through a Web browser, and reading message data of a message table in a Web browser persistent storage database IndexdDB; obtaining a salt decryption parameter from the Whatsapp webpage version server, and combining the salt decryption parameter with an AES-CBC key derivation algorithm to obtain a key for decryption; and decrypting the message data in the message table through the key and downloading and caching the message data to the local in batches.
Finally, what should be said is: the foregoing description is only of the preferred embodiments of the present application and is presented as a description of the principles of the technology being utilized. It will be appreciated by persons skilled in the art that the scope of the invention referred to in this application is not limited to the specific combinations of features described above, but it is intended to cover other embodiments in which any combination of features described above or equivalents thereof is possible without departing from the spirit of the invention. Such as the above-described features and technical features having similar functions (but not limited to) disclosed in the present application are replaced with each other.
Claims (12)
1. The WhatsApp end-to-end encryption data evidence obtaining method based on the Web platform is characterized by comprising the following steps of:
s1, accessing a Whatsapp webpage version through a Web browser, and reading message data of a message table in a Web browser persistent storage database IndexdDB;
s2, acquiring a salt decryption parameter from the Whatsapp webpage version server, and combining the salt decryption parameter with an AES-CBC key derivation algorithm to acquire a key for decryption;
s3: and decrypting the message data in the message table in the S1 through the key in the S2, and downloading and caching the message data to the local in batches.
2. The method of claim 1, wherein the message data types in the message table in S1 include text chat content and media files;
wherein the media files include pictures, audio, video, and document files.
3. The method of claim 2, wherein the encrypted message data of the message data type that is text chat content is obtained from an msgrowopaquedata_data key value.
4. The method of claim 2, wherein the encrypted message data for the message data type media file is obtained from a directpath key in the message table.
5. The method of claim 1, wherein the salt decryption parameters in S2 are obtained by: setting a decryption monitoring function in the Web browser, and receiving a salt decryption parameter which is randomly generated when the Whatsapp webpage version client communicates with a server by using the decryption monitoring function.
6. The method of claim 1, wherein S2 further comprises: if the type of the message data in the acquired S1 is text chat content, acquiring local key information stored in the persistent storage database IndexdDB, and then deriving an AES-CBC key by combining the salt decryption parameter and a key derivation algorithm.
7. The method of claim 1, wherein S2 further comprises: if the type of the message data in the acquired S1 is a media file, an AES-CBC key is derived by utilizing a directPath key value in the message table and combining the salt decryption parameter and a message type deduction algorithm.
8. The method of claim 1, wherein the message data is decrypted and cached in S3 using a media key value name to find an association between the media file and the object store data.
9. The method of claim 1, wherein the decrypting the message data and downloading the cache in S3 requires a hash value to be calculated to ensure the validity of the data.
10. The method of claim 7, wherein the AES-CBC key requires a cut to obtain an initialization vector and an AES-CBC key that is ultimately used for decryption.
11. The method of claim 10, wherein the AES-CBC key used in the decryption, after obtaining the decrypted media file data, further decrypts the encrypted bytes in the decrypted media file data.
12. A computer readable medium, having stored thereon a computer program which, when executed by a processor, implements the method of any of claims 1-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311430843.0A CN117610032A (en) | 2023-10-31 | 2023-10-31 | Whatsapp end-to-end encryption data evidence obtaining method based on Web platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311430843.0A CN117610032A (en) | 2023-10-31 | 2023-10-31 | Whatsapp end-to-end encryption data evidence obtaining method based on Web platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117610032A true CN117610032A (en) | 2024-02-27 |
Family
ID=89952431
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311430843.0A Pending CN117610032A (en) | 2023-10-31 | 2023-10-31 | Whatsapp end-to-end encryption data evidence obtaining method based on Web platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117610032A (en) |
-
2023
- 2023-10-31 CN CN202311430843.0A patent/CN117610032A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10218687B2 (en) | Differential client-side encryption of information originating from a client | |
| EP3229397B1 (en) | Method for fulfilling a cryptographic request requiring a value of a private key | |
| US20180124023A1 (en) | Method, system and apparatus for storing website private key plaintext | |
| CN108777685B (en) | Method and apparatus for processing information | |
| US20230106584A1 (en) | Securing User-Entered Text In-Transit | |
| CN111258602B (en) | Information updating method and device | |
| CN107908632B (en) | Website file processing method and device, website file processing platform and storage medium | |
| CN111083108A (en) | Data processing method, device, medium and electronic equipment | |
| CN116015767A (en) | Data processing method, device, equipment and medium | |
| CN110545542B (en) | Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment | |
| CN115795538A (en) | Desensitization document anti-desensitization method, apparatus, computer device and storage medium | |
| CN114615031A (en) | File storage method and device, electronic equipment and storage medium | |
| CN113132484B (en) | Data transmission method and device | |
| CN111400760B (en) | Method, device, server and storage medium for web application to access database | |
| US9244918B2 (en) | Locating electronic documents | |
| CN109343971B (en) | Browser data transmission method and device based on cache technology | |
| Gregorio et al. | Forensic analysis of Telegram messenger desktop on macOS | |
| CN111708680A (en) | Error reporting information analysis method and device, electronic equipment and storage medium | |
| CN107729345B (en) | Website data processing method and device, website data processing platform and storage medium | |
| CN112182603B (en) | Anti-crawler method and device | |
| CN117610032A (en) | Whatsapp end-to-end encryption data evidence obtaining method based on Web platform | |
| CN110858243B (en) | Page acquisition method and device for gateway | |
| CN113783835B (en) | Password sharing method, device, equipment and storage medium | |
| CN115051799B (en) | Digital information processing system based on block chain | |
| KR20180017470A (en) | Electronic document managing system using hybrid cloud and method for thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |