Not an Issue - Just Appreciation & Learning

[vishalv26]

Hello,

First of all Great Job with this extension. There is lot to learn and get inspired from this. The work you have done with WS interception is unmatched. I have been using this like forever. and good job maintaining this too.

I have a small request. Although I have the source code, I would greatly appreciate some direct guidance from you. Could you provide me with the smallest possible code snippet (standalone) or some guidance for decrypting a message after receiving it from a WA WebSocket. ?

Thank you so much for your help!

[tomer8007]

Hello, and thank you for your warm words, this is appreciated.

To decrypt an incoming message from the WebSocket, you'll need to basically:

1. Capture the WebSocket packet (wsHook.after)
2. Decrypt the Noise Protocol frames you see from keys you've established earlier in the handshake (MultiDevice.decryptNoisePacket)
3. Parse the binary XMPP stanza to figure out if it's a message at all (nodeReaderWriter.decodeStanza)
4. Decrypt the message encrypted part with the Signal library, again with the correct message key (which you maintain earlier for each chat) (MultiDevice.decryptE2EMessagesFromMessageNode)
5. In the end, use the protobuf schemes to actually parse the message (here).

If you didn't do this already I highly recommend following the code from here:

whatsapp-web-incognito/core/interception.js

Line 107 in e55506e

wsHook.after = function (messageEvent, url)

As you can see this is pretty complicated because you have to get and be in sync with at least two type of keys which change over type (Signal keys for the chat, Noise keys) , parse protocols, and handle cases differently (Group message, direct message, first-time message).

So really, I think the best way to explain the steps is in the code I mentioned. It's fairly easy to understand, I hope.

[vishalv26]

Thank you mate. problem is i want all this to be done in inline script i can't do script src i need to minimize it to as small as i can. :p

[tomer8007]

This is going to be a lot of code to do this inline.
For example right now I am injecting the script really early to catch the Noise keys. If you're injecting your script later you'll need to get the keys from WhatsApp internal objects.

[tomer8007]

Depending on what you're trying to do, intercepting the messages all the way from the socket yourself might not be the best way the achieve it.

[vishalv26]

So, thing is i am making a mobile app which will load whatsapp web in webview. sadly i can't do script src due to csp policy. and probably adding this much inline would be a challenge. only good part here is web.whatsapp is already loaded and its doing the enc and decryption already on the page. can we utilize their function somehow?

[tomer8007]

Yes, you can use their functions like I do inside exposeWhatsAppAPI. Then you can find and hook the function that is getting called whenever there is a new message. This is the easiest way.

By the way I don't know which WebView you are using, but perhaps you can disable the CSP policy.

[vishalv26]

I am using default Webview i guess. do you know anything i can do to make it work?

[tomer8007]

Not without looking at the docs. But these are the advises I can give you. Most importantly, try to find a function inside WhatsApp code to get messages, and then use require to hook it, or use it to get messages.

[vishalv26]

Thank you mate. and in above msg i meant do you know how to disable csp in any webview or any webview which will allow us to disable csp?

[tomer8007]

I don't know how to disable CSP in a webview, I thought maybe you can modify the headers or perhaps there is a function to do that. Give it a google search, this will be the best.

[vishalv26]

I tried there is nothing. even the chrome extension that disable the csp intercept the request and modify header using chrome extension api.

[tomer8007]

Oh well so do it inline. You can also package multiple files into one

[vishalv26]

Hey is there anything i can use in exposeWhatsAppAPI to intercept message? Basically i need to show notification when the message is recieved. thats all

[tomer8007]

Open up the WhatsApp javascript files and look for classes that deal with messages and communications, like decryptSignalProto, WAComms