I have a Micro SD from a Blackberry containing encrypted WhatsApp message stores/db files.
Until recent times, the only way of obtaining the contents, is to view the Chats through the Handset with the Memory Card inserted and capture via a manual… painful task but does the job.
I know there was a new release in August of Cellebrite PA which cracked the decryption of the db files via completing a file system & physical extraction of the device; then using the 'open advanced' feature on PA to eventually obtain the chats.
I don't seem to be having much luck with this method, all data is decoded however no WhatsApp contents…
Any other ideas/assistance is appreciated.
Thanks in advance,
Dan
So besides the Micro SD you also have a extraction of the Blackberry?
Send you a pm for some more info.
BTW Have a look at http//
Yes.
Cheers
Dan
Oxygen Forensic Suite support WhatsApp decryption.
Please use the UFED version that was released this week, there was a fix exactly for this.
Ron Serber
Thanks for this guys. Will be sure to check both out when next in the lab.
I just decrypted one whatsapp db from an unrooted android device, the process is simple…these are the tools I used
1. http//
2. http//
good luck.
The question was about a Blackberry.
The question was about a Blackberry.
I have seen android backups on a Blackberry memory card before but it is not common.
Can you please give the path to the db file? Is the header of the file REM?
If its REM then it is encrypted with RIM encryption. You need to download the phone file system and physical using UFED at the same time in PA using 'Open Advanced'. This is the only way I know to decrypt Blackberry enrypted whats app backups and is only supported on a limited iterations of Blackberry OS
I have seen android backups on a Blackberry memory card before but it is not common.
Can you please give the path to the db file? Is the header of the file REM?
If its REM then it is encrypted with RIM encryption. You need to download the phone file system and physical using UFED at the same time in PA using 'Open Advanced'. This is the only way I know to decrypt Blackberry enrypted whats app backups and is only supported on a limited iterations of Blackberry OS
This was concluded a couple of weeks back - thanks to kbertens and others for the help on this one.
It turns out for my specific scenario it is not possible to decrypt on a BB 9320 running 7 OS. (Due to the way in which the encryption keys are stored & also the the fact that the PA method/alternative method does not support version 7 OS).
Cellebrite's PA method will work, but only on certain models of BB running mostly under v5 OS.(following testing and further assistance).
There is an alternative method using an LE tool, however for this model also at this stage it is not possible to extract the encryption keys, due to the way they are stored for this model.
So, yes i was defeated on this occasion! evil