Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Whoa...I did a 'zcat /vmlinuz > /dev/audio' and I think I heard God... -- mikecd on #Linux


computers / comp.mobile.android / How does the WhatsApp contacts database hash work?

SubjectAuthor
o How does the WhatsApp contacts database hash work?Andy Burnelli

1
How does the WhatsApp contacts database hash work?

<t0r6vs$17s0$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=29291&group=comp.mobile.android#29291

 copy link   Newsgroups: comp.mobile.android
Path: i2pn2.org!i2pn.org!aioe.org!Gj+613xB9sVIQxAtFideEw.user.46.165.242.75.POSTED!not-for-mail
From: spa...@nospam.com (Andy Burnelli)
Newsgroups: comp.mobile.android
Subject: How does the WhatsApp contacts database hash work?
Date: Tue, 15 Mar 2022 23:20:29 +0000
Organization: Aioe.org NNTP Server
Message-ID: <t0r6vs$17s0$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="40832"; posting-host="Gj+613xB9sVIQxAtFideEw.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
X-Notice: Filtered by postfilter v. 0.9.2
 by: Andy Burnelli - Tue, 15 Mar 2022 23:20 UTC

Nobody else but Frank explained how it works (in another thread a few weeks
ago) where I think what happens is something like this (but I'm not sure).

1. Your contacts have to be in your default Android sqlite location
2. The WA app will grab them to create a hash on the phone, I think
3. That one-way (we hope) hash is based on what?
a) the phone number only?
b) the name & phone number?
c) whatever is in the contacts record?
4. That hash of your entire contacts db is uploaded to the WA server
(I can't see how the stripping can be done on the phone, can you?)
6. The WA server compares every hash to known WA accounts
7. If the account isn't known, then the WA server (we hope) deletes it
8. The WA server feeds back to the phone just the accounts that it owns
9. The WA app on the phone will display only those WA accounts inside it

Notice this may not be right, but even if it is, there are unknowns to me.
A. If you change the contact by a single character, does the hash change?
B. Is the hash done on the phone or on the WA servers?
C. Is the hash one way only?

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor