A few days ago the Android developer Sam Granger published an article explaining how the log-in process works on WhatsApp for Android. In his article, Granger says that the password corresponds to MD5 hash of reversed IMEI number. Citing its notation
Granger also asserts that the same method is not applicable in the case of iOS devices, and the algorithm is not yet known.
Thus, I decided to examine whatsapp for iPhone and how it generates the password. Well, the principle is the same, but this time the MD5 hash is calculated using the mac address of WiFi interface (en0) taken twice because Apple does not allow third-party applications to access IMEI number.
Using the notation of Granger
Below I reported a portion of the ARM code that handles the password generation
The method is verifiable by simulating the log-in process from any browser. You have to compose the following request
If everything is ok you should get something like this
However the GET request just helps to inform the app that we are accessing from a device previously registered.
The authentication process starts after the GET request just viewed, using the X-WAWA protocol.
Paradoxically, because of the restrictions that Apple imposed(about retrieving of IMEI number), the authentication method for iOS devices is less secure than on Android devices. The MAC address can be easily achieved on a wifi network.