Cloning the WatsApp

Key Points

● ISP controls the incoming verification messages

● ISP verifies IMSI

● Apple Devices We need Mac address or UUID.

Modified XMPP

04­Jan­2013

WhatsApp uses some sort of customized XMPP server, named internally as FunXMPP, which is basically some extended proprietary version.

Login procedure

Much like XMPP, WhatsApp uses JID (jabber id) and password to successfully login to the service. The password is hashed and happened to be an MD5’d, reversed­version of the mobile’s IMEI (International Mobile Equipment Identity) or equivalent unique ID, stored in servers upon account creation and used transparently everytime the client connects the server.

The JID is a concatenation between your country’s code and mobile number. Initial login uses Digest Access Authentication.

Message sending

Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs). Despite the usage of SSL­like communication, messages are being sent in plain­text format.

Thats all we need

ISP controls the user interaction from the internet we can clone watsapp and filter contents via API calls like images, location, chat everything etc. Whole watsapp data on the entire network can be logged, analysed etc.

WhatsApp Hostnames:

*/ // The hostname of the whatsapp server. const _whatsAppHost = ‘c.whatsapp.net’; // The hostnames used to login/send messages. const _whatsAppServer = ‘s.whatsapp.net’; const _whatsAppGroupServer = ‘g.us’; // The device name. const _device = ‘iPhone’; // The WhatsApp version. const _whatsAppVer = ‘2.8.7’; // The port of the whatsapp server. const _port = 5222; // The timeout for the connection with the Whatsapp servers. const _timeoutSec = 2; const _timeoutUsec = 0; // The request code host. const _whatsAppReqHost = ‘v.whatsapp.net/v2/code’; // The register code host. const _whatsAppRegHost = ‘v.whatsapp.net/v2/register’; // The check credentials host. const _whatsAppCheHost = ‘v.whatsapp.net/v2/exist’; // User agent and token used in reques/registration code. const _whatsAppUserAgent = ‘WhatsApp/2.3.53 S40Version/14.26 Device/Nokia302’;\ const _whatsAppToken = ‘PdA2DJyKoUrwLw1Bg6EIhzh502dF9noR9uFCllGk1354754753509’; // The upload host. const _whatsAppUploadHost = ‘https://mms.whatsapp.net/client/iphone/upload.php’;