Skip to content

WhatsApp Handshake Noise Protocol

Jump to bottom
Ben edited this page Mar 29, 2021 · 2 revisions

This page explains the handshake of WhatsApp using Noise Protocol.

Edge Routing Info

If you have a edge_routing_info, first send ED 0x00 0x01 and then 4 bytes containing the edge_routing_info.

Prologue

WhatsApp needs to know what version of the protocol you are using. For example, when using protocol version 4.1, send WA 0x04 0x01. This 4 bytes (WA 0x04 0x01) should also set as prologue when using Noise Protocol.

Noise Protocol

After the WhatsApp version is sent, the client and servers communicates with segments, so every data fragment is prefixed with a int24 length. This isn't only for the handshake, but also after it, when sending (encrypted) FunXMPP.

During the handshake, the client and server send Protobuf messages to each other to initiate a encrypted communication. The used Protobuf structure can be found here. The handshake uses Noise Pipes.

Handshake

What do you need:

  • client_static_keypair (generated before the registration), consisting of:
    • client_static_public (Used during registration as authkey)
    • client_static_private
  • server_static_public (If you don't have it, it will be send by the server)
  • client_ephemeral_keypair (generate before handshake), consisting of:
    • client_ephemeral_public
    • client_ephemeral_private
  • server_ephemeral_public (Will be send by the server)

If you don't know what the server_static_public of the server is, go to XX. If you already know the server_static_public, then go to IK.

XX

XX means:

  • Static key for initiator Xmitted ("transmitted") to responder
  • Static key for responder Xmitted ("transmitted") to initiator

Client Hello

Direction: Client -> Server

  • e: Client sends it's client_ephemeral_public (unencrypted) to the server.

Server Hello

Direction: Server -> Client

  • e: Server sends it's server_ephemeral_public (unencrypted) to the client.
  • ee: Both client and server calculate the shared secret with the received public ephemeral and their stored private ephemeral.
  • s: Server sends it's server_static_public (encrypted with ee) to the client (in same packet).
  • es: Server calculates the shared secret with the received public ephemeral and their stored private static.
  • Server sends it's Certificate payload (encrypted with es) to the client (in same packet).

Client Finish

Direction: Client -> Server

  • s: Client sends it's client_static_public (encrypted with es`) to the server.
  • se: Client calculates the shared secret with the received public ephemeral and their stored private static.
  • Client sends it's User-Agent payload (encrypted with se) to the server (in same packet).

IK

IK means:

  • Static key for initiator Immediately transmitted to responder, despite reduced or absent identity hiding
  • Static key for responder Known to initiator

Client Hello

Direction: Client -> Server

  • e: Client sends it's client_ephemeral_public (unencrypted) to the server.
  • es: Server calculates the shared secret with the received public ephemeral and their stored private static.
  • s: Client sends it's client_static_public (encrypted with es`) to the server (in same packet).
  • ss: Both client and server calculate the shared secret with the received/stored public static and their stored private static.

Server Hello

Direction: Server -> Client

NOTE: If this packet does have a server_static_public, than you should look at Server Hello (XXfallback).

  • TODO

XXfallback

XXfallback means:

  • Fallback to XX, when IK fails.

Server Hello

Direction: Server -> Client

  • TODO

Client Finish

Direction: Client -> Server

  • TODO

WAPI!!!

WAPI!!!

Clone this wiki locally