Elcomsoft Explorer for WhatsApp 2.30 adds the ability to extract and decrypt WhatsApp stand-alone backups created by Android users in Google Drive. The tool obtains a WhatsApp cryptographic key by registering itself as a new device. Access to user’s Google authentication credentials and their verified phone number is required to generate the encryption key.
Elcomsoft Explorer for WhatsApp 2.30 adds the ability to access Android users’ WhatsApp conversation histories by extracting and decrypting WhatsApp stand-alone backups from Google Drive. Access to the user’s Google Account and their verified phone number (SIM card) is required to obtain the encryption key and decrypt the backup.
For several years, WhatsApp has been encrypting its backup databases. Both stand-alone and cloud backups produced by the Android app and are securely protected with industry-standard AES256 encryption. The encryption key is generated by WhatsApp at the time of the first backup. The key is unique per account and per phone number. If the user has multiple WhatsApp accounts and only one Google Account, each WhatsApp account will use a unique encryption key.
If a SIM card with a verified phone number is available, Elcomsoft Explorer for WhatsApp 2.30 can generate the cryptographic key required to decrypt the backups by registering itself with WhatsApp as a new device. Once obtained, the cryptographic key will be used to decrypt WhatsApp backups (Google Account authentication credentials or binary authentication token required).
At this time, Elcomsoft Explorer for WhatsApp 2.30 supports all of the following WhatsApp acquisition methods:
More information and the complete walkthrough guide at https://blog.elcomsoft.com/2018/01/extract-and-decrypt-whatsapp-backups-from-google/