Mac Spoofing for WhatsApp Hacking

soldi3r
6 years ago | edited 6 years ago

-3

Hi,

I am going to share a tutorial on how to spoof mac address of a phone to hack whatsapp account.

WHAT WE NEED?

  • ANDROID PHONE
  • TERMINAL APP
  • BUSYBOX APP

Both apps are available in Play Store.

SO, HOW TO DO IT?

  • First thing, write down your phones mac address. To find out, go to Settings > About > Status >Wifi Mac address.
  • Open the downloaded app Terminal. Type su and hit enter. Command will execute and cursor will move to the next line.
  • After that type busybox iplink show eth0 and hit enter. If it prompts some sort of error, replace eth0 with wlan0. Actually this is used to show your wlan mac address.
  • Type busybox ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX and hit enter. Do not forget to replace XX:XX:XX:XX:XX:XX with the mac address you want to change to. This will change your mac address to the mac address you just entered.
  • To confirm whether its changed or not, type busybox iplink show eth0 and hit enter. Itll show you the new mac address.

GREAT..!! It’s all done mac spoofing for whatsapp hacking. If you want to learn how to hack whatsapp account by mac spoofing, you can follow whatsapp hack tutorial here.

CHEERS..!!

37replies
12voices
15,429views
Smyler [WHGhost]
6 years ago

0

That won’t work if the device is not rooted.
I don’t really know whatsapp, and I have trouble understanding the article you linked. What’s the point of spoofing the MAC address if the code is sent over gsm?

SIGKILL [r4v463]
6 years ago

0

I’m not really sure that I understand the logic behind this “hack”. Can you give some further explanations please? For example, from what I’ve read from your post, I don’t understand in which way the MAC address can give you access to a Whats'App account. I highly doubt that they use MAC address, which is spoofable as you’ve told, as an authentication.

soldi3r
6 years ago

0

@WHGhost, I agree it needs a rooted phone to work with. And the point of MAC spoofing is to clone the WhatsApp or any other app that is used over a phone number.

@r4v463, As you hijack the MAC address, you will create a new whatsapp account on the victim’s number. As you verify their whatsApp will be running live on your smartphone too. Any message they send or receive will be cloned to your smartphone. Even you can send messages too from their account. And MAC spoofing works fine in many cases.

Smyler [WHGhost]
6 years ago

0

I still don’t get the point of spoofing the Mac address, since you need to login to the account anyway. Have you tried it personally?


0

How does logging into whatsapp happen? From my understanding it never required a password from me… I think you enter your number then it sends an OTP to your number to confirm you own the number.. I may be wrong so corrections are welcome :p

Smyler [WHGhost]
6 years ago

0

Yes, so the Mac address isn’t used to identiffy the device. Or maybe it is as a second protection layer? Spoofing it wouldn’t work in any case.


0

I am very interested about this though so I might do some testing when I get home. The MAC address shouldn’t matter over the internet as the router will replace the MAC address with its own and sometimes even changes the IP address (NAT). The MAC address is really only valid on the LAN environment meaning you can’t even communicate with the device if you’re on another network. I think maybe whatsapp will store a mobile number with a MAC address in a database to avoid having it on 2 phones at once so spoofing will allow you to fool whatsapp in thinking it’s 1 device. This doesn’t explain the OTP issue though. If you uninstall your whatsapp, spoof your MAC address and then enter the victim’s number you will still need to get the OTP.

soldi3r
6 years ago

0

I had used it few months back personally and it worked for me. This MAC spoofing becomes handy once you grab the victim’s OTP code and put it on your phone whose MAC you have changed. It’ll just make a cloned WhatsApp of victim.


0

Are you able to send messages yourself?

soldi3r
6 years ago

0

No, spoofing doesn’t mean you get the OTP code to your phone. OTP code must have to be grabbed manually from victim’s phone.


0

Yes I am aware of that, I mean can you send whatsapp messages on behalf of the victim?

SIGKILL [r4v463]
6 years ago | edited 6 years ago

0

So you mean that to make this “hack” you need to:
- steal the phone of your victim, which is the stealing of type 2 credentials
- enter in the phone, which is stealing of type 1 credentials, to recover his MAC address
- create a What'sApp account with the victim’s number, which assume that you can create several What'sApp accounts with the same number (I don’t know if it’s possible or not)
- Get the OTP that your victim received, which corresponds to the first two points).
- Validate your account and assume that What'sApp is so bad designed that if two accounts have the same number, they’ll send the messages to both accounts

Even if everything above is possible, can you explain to me how you’ll read the messages that you’ll receive, because What'sApp uses end-to-end encryption and the private key of the user is tied to his phone.


0

This point
- create a What'sApp account with the victim’s number, which assume that you can create several What'sApp accounts with the same number (I don’t know if it’s possible or not)
is why I believe you do the spoofing so you fool whatsapp into thinking it’s the same device as it doesn’t let you use your account on multiple devices…

soldi3r
6 years ago

0

Yes, as you’ll change MAC address, you have to put victim’s number while creating a WhatsApp account, once you do that OTP code will be sent to their number. If I am unable to make you everything clear about it, you can read this article on WhatsApp hack that may clear your mind.

SIGKILL [r4v463]
6 years ago

0

Can you answer to my question please? I’ve read your article and as I’ve said, even if you can do everything that I’ve described, how do you bypass the E2E encryption?


0

From my understanding you don’t need too… Whatsapp will be sending the data to the “correct” phone as the MAC address correlates to the phone number. Does that help? If not I’ll try explain it better…

P.S. I may be wrong but it makes sense to me now

SIGKILL [r4v463]
6 years ago

0

It’s not how it works. They don’t send anything, it’s the account when it connects that will retrieve his messages in the database. In addition, it doesn’t solve the problem of the E2E encryption.


0

But by logging into the victim’s whatsapp account aren’t you going to get their private key for the asymmetric encryption… No?

SIGKILL [r4v463]
6 years ago

0

Nop, the private key is tied to the hardware, not the software.

SIGKILL [r4v463]
6 years ago

0

I guess that no answer == “damn my bullshit method that I haven’t tried doesn’t work”.

Darwin [DIDIx13]
6 years ago

0

Looks right r4v463,

Didn’t knew the private key was in the hardware ! Same for all PGP ?

SIGKILL [r4v463]
6 years ago

0

If you could have recover your private key by the the software, it would mean that you send your private key to the server, which can decrypt all your symmetric keys and then all your messages.

In PGP you can export your private key. If you do this, the security of your private key depends on how you store it.

Darwin [DIDIx13]
6 years ago

0

Hmm and that’s the role of the public key to be sended to the server, am I right ? Never fully understood the logic behind PGP

SIGKILL [r4v463]
6 years ago

1

Yes, you send the public key to the server, so the server forward your key to the users that want it, so they can send you encrypted messages. You need to have the public key of a user to send them encrypted message. The concept behind PGP is hybrid cryptography, it means that you will use an asymetric algorithm (such as RSA or ECC) to encrypt a symmetric key. You send the symmetric key to the user you want to discuss with, he decrypts it and then you can send messages by encrypting them with your symmetric key.

Darwin [DIDIx13]
6 years ago

0

Thank you, I tried to explore how PGP work for Cicada 3301 but it looks more comprehensible now.

(ECC is an algorithm ? I’ve seen ECC when I build a server we called the server RAM ECC )

SIGKILL [r4v463]
6 years ago

1

You’re welcome.

Yes, ECC is an algorithm, but it has nothing to do with RAM ECC x)

In RAM ECC, ECC stands for Error Correction Coding.

The algorithm ECC stands for Elliptic Curve Cryptography. This is an asymetric cryptographic algorithm which has a linear security level of key-length/2 bits (a contrario of RSA, where the key length grows exponentially comparing to the security level). The trapdoor function of ECC is based on the elliptic curve discrete logarithm problem. Here is a link with way more informations than I can give you. If it interests you, you can also look on the references part on Wikipedia.

Darwin [DIDIx13]
6 years ago

0

That’s look huuuuuuge, love it :D

SIGKILL [r4v463]
6 years ago

0

Yes x) it changes from the easy-to-understand trapdoor function of RSA. From my point of view, most systems should skip from RSA to ECC, because of the level of security and the computing time (and key size also). The problem is that when RSA will become totally unusable, ie when the security level required will lead to have very big RSA keys (they are already really big), and a really long computing, some companies/intelligence agencies will have quantum computers, and then ECC will be broken and we will need to skip to post-quantum key exchange systems.

Darwin [DIDIx13]
6 years ago

0

So in the 10 next years we need to find a new key exchange algorithm to counter the new quantum computers ?

SIGKILL [r4v463]
6 years ago

1

When quantum computers will be sufficiently advanced, yes. Now, it all depends when such a computer will be available. This field is called Post-Quantum Cryptography

Darwin [DIDIx13]
6 years ago

0

Thanks for those links, we should do an article about it :)

SIGKILL [r4v463]
6 years ago

0

Yes, I might write one after the one on the OTP.

Darwin [DIDIx13]
6 years ago

0

Soon the gold forum medal r4v463 hm ;)

SIGKILL [r4v463]
6 years ago | edited 6 years ago

0

Yay!! :) A few messages left :p

Smyler [WHGhost]
6 years ago

0

I had an Interview with a French mathematician with my school not so long ago. The Topic was the contribution of French mathematicians to cryptography, and so he spoke about RSA, which in practice uses the Pierre Fermat’s theorem. He made it very clear that he thought it wouldn’t be secure for too long as quantum computers are “already capable of so much”. I had no idea they were way more efficient on that topic and it quite surprised me. According to him, “it’s for tomorrow”.

SIGKILL [r4v463]
6 years ago

1

Yes, and I’m not sure that the civil society is ready for that (and tbh I’m sure it isn’t)

PS: 1000th message :p

Smyler [WHGhost]
6 years ago | edited 6 years ago

0

Congratulation!

No one is ready. Except @dloser

8 replies have been removed
Discussion thread has been locked. You can no longer add new posts.
1 of 38

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss