Mac Spoofing for WhatsApp Hacking
Hi,
I am going to share a tutorial on how to spoof mac address of a phone to hack whatsapp account.
WHAT WE NEED?
- ANDROID PHONE
- TERMINAL APP
- BUSYBOX APP
Both apps are available in Play Store.
SO, HOW TO DO IT?
- First thing, write down your phones mac address. To find out, go to Settings > About > Status >Wifi Mac address.
- Open the downloaded app Terminal. Type su and hit enter. Command will execute and cursor will move to the next line.
- After that type busybox iplink show eth0 and hit enter. If it prompts some sort of error, replace eth0 with wlan0. Actually this is used to show your wlan mac address.
- Type busybox ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX and hit enter. Do not forget to replace XX:XX:XX:XX:XX:XX with the mac address you want to change to. This will change your mac address to the mac address you just entered.
- To confirm whether its changed or not, type busybox iplink show eth0 and hit enter. Itll show you the new mac address.
GREAT..!! It’s all done mac spoofing for whatsapp hacking. If you want to learn how to hack whatsapp account by mac spoofing, you can follow whatsapp hack tutorial here.
CHEERS..!!
I’m not really sure that I understand the logic behind this “hack”. Can you give some further explanations please? For example, from what I’ve read from your post, I don’t understand in which way the MAC address can give you access to a Whats'App account. I highly doubt that they use MAC address, which is spoofable as you’ve told, as an authentication.
@WHGhost, I agree it needs a rooted phone to work with. And the point of MAC spoofing is to clone the WhatsApp or any other app that is used over a phone number.
@r4v463, As you hijack the MAC address, you will create a new whatsapp account on the victim’s number. As you verify their whatsApp will be running live on your smartphone too. Any message they send or receive will be cloned to your smartphone. Even you can send messages too from their account. And MAC spoofing works fine in many cases.
How does logging into whatsapp happen? From my understanding it never required a password from me… I think you enter your number then it sends an OTP to your number to confirm you own the number.. I may be wrong so corrections are welcome :p
There are 10 types of people in this world, those who understand binary and those who don’t.
I am very interested about this though so I might do some testing when I get home. The MAC address shouldn’t matter over the internet as the router will replace the MAC address with its own and sometimes even changes the IP address (NAT). The MAC address is really only valid on the LAN environment meaning you can’t even communicate with the device if you’re on another network. I think maybe whatsapp will store a mobile number with a MAC address in a database to avoid having it on 2 phones at once so spoofing will allow you to fool whatsapp in thinking it’s 1 device. This doesn’t explain the OTP issue though. If you uninstall your whatsapp, spoof your MAC address and then enter the victim’s number you will still need to get the OTP.
There are 10 types of people in this world, those who understand binary and those who don’t.
I had used it few months back personally and it worked for me. This MAC spoofing becomes handy once you grab the victim’s OTP code and put it on your phone whose MAC you have changed. It’ll just make a cloned WhatsApp of victim.
There are 10 types of people in this world, those who understand binary and those who don’t.
No, spoofing doesn’t mean you get the OTP code to your phone. OTP code must have to be grabbed manually from victim’s phone.
There are 10 types of people in this world, those who understand binary and those who don’t.
So you mean that to make this “hack” you need to:
- steal the phone of your victim, which is the stealing of type 2 credentials
- enter in the phone, which is stealing of type 1 credentials, to recover his MAC address
- create a What'sApp account with the victim’s number, which assume that you can create several What'sApp accounts with the same number (I don’t know if it’s possible or not)
- Get the OTP that your victim received, which corresponds to the first two points).
- Validate your account and assume that What'sApp is so bad designed that if two accounts have the same number, they’ll send the messages to both accounts
Even if everything above is possible, can you explain to me how you’ll read the messages that you’ll receive, because What'sApp uses end-to-end encryption and the private key of the user is tied to his phone.
This point
- create a What'sApp account with the victim’s number, which assume that you can create several What'sApp accounts with the same number (I don’t know if it’s possible or not)
is why I believe you do the spoofing so you fool whatsapp into thinking it’s the same device as it doesn’t let you use your account on multiple devices…
There are 10 types of people in this world, those who understand binary and those who don’t.
Yes, as you’ll change MAC address, you have to put victim’s number while creating a WhatsApp account, once you do that OTP code will be sent to their number. If I am unable to make you everything clear about it, you can read this article on WhatsApp hack that may clear your mind.
From my understanding you don’t need too… Whatsapp will be sending the data to the “correct” phone as the MAC address correlates to the phone number. Does that help? If not I’ll try explain it better…
P.S. I may be wrong but it makes sense to me now
There are 10 types of people in this world, those who understand binary and those who don’t.
But by logging into the victim’s whatsapp account aren’t you going to get their private key for the asymmetric encryption… No?
There are 10 types of people in this world, those who understand binary and those who don’t.
Looks right r4v463,
Didn’t knew the private key was in the hardware ! Same for all PGP ?
Message me anytime!
If you could have recover your private key by the the software, it would mean that you send your private key to the server, which can decrypt all your symmetric keys and then all your messages.
In PGP you can export your private key. If you do this, the security of your private key depends on how you store it.
Hmm and that’s the role of the public key to be sended to the server, am I right ? Never fully understood the logic behind PGP
Message me anytime!
Yes, you send the public key to the server, so the server forward your key to the users that want it, so they can send you encrypted messages. You need to have the public key of a user to send them encrypted message. The concept behind PGP is hybrid cryptography, it means that you will use an asymetric algorithm (such as RSA or ECC) to encrypt a symmetric key. You send the symmetric key to the user you want to discuss with, he decrypts it and then you can send messages by encrypting them with your symmetric key.
Thank you, I tried to explore how PGP work for Cicada 3301 but it looks more comprehensible now.
(ECC is an algorithm ? I’ve seen ECC when I build a server we called the server RAM ECC )
Message me anytime!
You’re welcome.
Yes, ECC is an algorithm, but it has nothing to do with RAM ECC x)
In RAM ECC, ECC stands for Error Correction Coding.
The algorithm ECC stands for Elliptic Curve Cryptography. This is an asymetric cryptographic algorithm which has a linear security level of key-length/2 bits (a contrario of RSA, where the key length grows exponentially comparing to the security level). The trapdoor function of ECC is based on the elliptic curve discrete logarithm problem. Here is a link with way more informations than I can give you. If it interests you, you can also look on the references part on Wikipedia.
Yes x) it changes from the easy-to-understand trapdoor function of RSA. From my point of view, most systems should skip from RSA to ECC, because of the level of security and the computing time (and key size also). The problem is that when RSA will become totally unusable, ie when the security level required will lead to have very big RSA keys (they are already really big), and a really long computing, some companies/intelligence agencies will have quantum computers, and then ECC will be broken and we will need to skip to post-quantum key exchange systems.
So in the 10 next years we need to find a new key exchange algorithm to counter the new quantum computers ?
Message me anytime!
When quantum computers will be sufficiently advanced, yes. Now, it all depends when such a computer will be available. This field is called Post-Quantum Cryptography
Message me anytime!
I had an Interview with a French mathematician with my school not so long ago. The Topic was the contribution of French mathematicians to cryptography, and so he spoke about RSA, which in practice uses the Pierre Fermat’s theorem. He made it very clear that he thought it wouldn’t be secure for too long as quantum computers are “already capable of so much”. I had no idea they were way more efficient on that topic and it quite surprised me. According to him, “it’s for tomorrow”.
Congratulation!
No one is ready. Except @dloser