The software which I will introduce in this post, called WhatsDump, is a multi-platform tool that can be run by command line and is able to forensically acquire the cipher key needed to decrypt WhatsApp‘s msgstore.db.crypt*.
You might be familiar with the well-known WhatsApp-Key-DB-Extractor which basically does the same thing but does not support Android Nougat and above devices. This is because it exploits a procedure called APK Downgrade in which the WhatsApp application is temporary replaced by an older version so that the private key can be extracted; the original version is then re-installed to avoid significantly altering the evidences on the examined device.
The problem of this approach is that APK Downgrade procedure fails on Android devices that run on a recent (>= Nougat) version of the operating system. In fact, if you try to run the above-mentioned tool on an Android 8.0 device you’ll get the following error code: INSTALL_FAILED_VERSION_DOWNGRADE. This is due to a security update of the operating system committed on 24-02-2016 and released on Android Nougat (you can find the details of this commit here).
WhatsDump‘s approach is different: it exploits the way WhatsApp generates the private key. In fact, cipher key is linked to the mobile phone number which is used to initially register to WhatsApp service. If we register using the same number and trick the application in thinking that we have a local backup, we would both decrypt the database and get the decryption key.
The software spawns an Android emulator (in which we can execute commands as root) and interacts with it programmatically to (1) register the phone number, (2) verify the code and (3) extract the cipher key.

You can find more informations on the features and usage of the tool on the GitHub Repository. This tool is a POC and not complete so it might not be stable and might have bugs; you’re free to submit PR to improve it.
Hello,
I installed the Python library dependencies.
When I try to use the following command with cmd: python whatsdump.py –msgstore C:\Users\XY\Desktop\msgstore-2019-06-11.1.db.crypt12 –wa-phone +49176*** –wa-verify sms
I got the following error:
File “whatsdump.py”, line 228
except WaException, e:
^
SyntaxError: invalid syntax
Could you tell me, what I’m doing wrong?
Best Regards
Yannick
Hello, it looks like you’re using Python 3, you must use Python 2.7 to be able to use WhatsDump.
Hello, I try run with Python2.7 and I got the following mesage error:
File “C:\Users\Me\Downloads\WhatsDump-master\whatsdump.py”, line 5, in
import phonenumbers
ImportError: No module named phonenumbers
Thanks for your help.
Ok Marco, I installed the Python 2.7, but no have PIP, now with install requirements.txt wiht pip install -r requirements.txt
Python 2.7.9 with integrated PIP is required to execute the commands as indicated on this page.
Hello, I try run with Python2.7 and I got the following mesage error:
File “C:\Users\Me\Downloads\WhatsDump-master\whatsdump.py”, line 5, in
import phonenumbers
ImportError: No module named phonenumbers
Thanks for your help.
Take a look here https://github.com/MarcoG3/WhatsDump/issues/1
Hi!
After running whatsdump –install-sdk the SDK installation gets frozen in:
Accept? (y/N): All SDK package licenses accepted
I tryed pressing “y”, enter, etc. It is frozen…
I have the same problem. Any solution? Thanks a lot!
existe algum tutorial?
Same problem for me, the –install-sdk command won’t deliver any results, even after hours of waiting. When I restart Whatsdump, it asks for the Android SDK again just to reach the same problem again.
Same problem, did you solve it?
hello.
does it work on android 9?
thanks
DECRYPTING WHATS APP KEY