Elcomsoft Explorer for WhatsApp 2.10 adds the ability to extract and decrypt WhatsApp stand-alone backups created in iCloud Drive. The tool can obtain a WhatsApp encryption key by registering itself as a new device. Access to user’s iCloud authentication credentials and their verified phone number is required to generate the encryption key.
Elcomsoft Explorer for WhatsApp 2.10 adds the ability to access iPhone users’ WhatsApp conversation histories by extracting and decrypting WhatsApp stand-alone backups from iCloud Drive. Access to the user’s iCloud account and their verified phone number (SIM card) is required to obtain the encryption key and decrypt the backup.
Since last year, both manual and daily stand-alone backups stored by WhatsApp in iCloud Drive are automatically encrypted. The encryption key, generated by WhatsApp when the user makes a backup for the first time, is unique per each combination of Apple ID and phone number. Different encryption keys are generated for different phone numbers registered on the same Apple ID. These encryption keys are generated and stored server-side by WhatsApp itself; they are never stored in iCloud or on the device.
If a SIM card with a verified phone number is available, Elcomsoft Explorer for WhatsApp 2.10 can now access the encryption key by registering itself with WhatsApp as a new device. Once obtained, the encryption key will be used to decrypt WhatsApp stand-alone backups (iCloud authentication credentials or binary authentication token required).
At this time, Elcomsoft Explorer for WhatsApp 2.10 supports all of the following WhatsApp acquisition methods:
More information and the complete walkthrough guide is available in our blog.
Get more information on Elcomsoft Explorer for WhatsApp and download free trial version:
Read a press release:
Read our blog post: WhatsApp: The Bad Guys’ Secret Weapon
Read our blog post: Extract and Decrypt WhatsApp Backups from iCloud