You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

202 lines
4.9 KiB

package whatsapp
import (
func Download(url string, mediaKey []byte, appInfo MediaType, fileLength int) ([]byte, error) {
if url == "" {
return nil, fmt.Errorf("no url present")
file, mac, err := downloadMedia(url)
if err != nil {
return nil, err
iv, cipherKey, macKey, _, err := getMediaKeys(mediaKey, appInfo)
if err != nil {
return nil, err
if err = validateMedia(iv, file, macKey, mac); err != nil {
return nil, err
data, err := cbc.Decrypt(cipherKey, iv, file)
if err != nil {
return nil, err
if len(data) != fileLength {
return nil, fmt.Errorf("file length does not match")
return data, nil
func validateMedia(iv []byte, file []byte, macKey []byte, mac []byte) error {
h := hmac.New(sha256.New, macKey)
n, err := h.Write(append(iv, file...))
if err != nil {
return err
if n < 10 {
return fmt.Errorf("hash to short")
if !hmac.Equal(h.Sum(nil)[:10], mac) {
return fmt.Errorf("invalid media hmac")
return nil
func getMediaKeys(mediaKey []byte, appInfo MediaType) (iv, cipherKey, macKey, refKey []byte, err error) {
mediaKeyExpanded, err := hkdf.Expand(mediaKey, 112, string(appInfo))
if err != nil {
return nil, nil, nil, nil, err
return mediaKeyExpanded[:16], mediaKeyExpanded[16:48], mediaKeyExpanded[48:80], mediaKeyExpanded[80:], nil
func downloadMedia(url string) (file []byte, mac []byte, err error) {
resp, err := http.Get(url)
if err != nil {
return nil, nil, err
if resp.StatusCode != 200 {
return nil, nil, fmt.Errorf("download failed with status code %d", resp.StatusCode)
defer resp.Body.Close()
if resp.ContentLength <= 10 {
return nil, nil, fmt.Errorf("file to short")
data, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, nil, err
n := len(data)
return data[:n-10], data[n-10 : n], nil
func (wac *Conn) Upload(reader io.Reader, appInfo MediaType) (url string, mediaKey []byte, fileEncSha256 []byte, fileSha256 []byte, fileLength uint64, err error) {
data, err := ioutil.ReadAll(reader)
if err != nil {
return "", nil, nil, nil, 0, err
mediaKey = make([]byte, 32)
iv, cipherKey, macKey, _, err := getMediaKeys(mediaKey, appInfo)
if err != nil {
return "", nil, nil, nil, 0, err
enc, err := cbc.Encrypt(cipherKey, iv, data)
if err != nil {
return "", nil, nil, nil, 0, err
fileLength = uint64(len(data))
h := hmac.New(sha256.New, macKey)
h.Write(append(iv, enc...))
mac := h.Sum(nil)[:10]
sha := sha256.New()
fileSha256 = sha.Sum(nil)
sha.Write(append(enc, mac...))
fileEncSha256 = sha.Sum(nil)
var filetype string
switch appInfo {
case MediaImage:
filetype = "image"
case MediaAudio:
filetype = "audio"
case MediaDocument:
filetype = "document"
case MediaVideo:
filetype = "video"
uploadReq := []interface{}{"action", "encr_upload", filetype, base64.StdEncoding.EncodeToString(fileEncSha256)}
ch, err := wac.writeJson(uploadReq)
if err != nil {
return "", nil, nil, nil, 0, err
var resp map[string]interface{}
select {
case r := <-ch:
if err = json.Unmarshal([]byte(r), &resp); err != nil {
return "", nil, nil, nil, 0, fmt.Errorf("error decoding upload response: %v", err)
case <-time.After(wac.msgTimeout):
return "", nil, nil, nil, 0, fmt.Errorf("restore session init timed out")
if int(resp["status"].(float64)) != 200 {
return "", nil, nil, nil, 0, fmt.Errorf("upload responsed with %d", resp["status"])
var b bytes.Buffer
w := multipart.NewWriter(&b)
hashWriter, err := w.CreateFormField("hash")
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
io.Copy(hashWriter, strings.NewReader(base64.StdEncoding.EncodeToString(fileEncSha256)))
fileWriter, err := w.CreateFormFile("file", "blob")
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
io.Copy(fileWriter, bytes.NewReader(append(enc, mac...)))
err = w.Close()
if err != nil {
fmt.Fprintf(os.Stderr, "%v\n", err)
req, err := http.NewRequest("POST", resp["url"].(string), &b)
if err != nil {
return "", nil, nil, nil, 0, err
req.Header.Set("Content-Type", w.FormDataContentType())
req.Header.Set("Origin", "")
req.Header.Set("Referer", "")
req.URL.Query().Set("f", "j")
client := &http.Client{}
// Submit the request
res, err := client.Do(req)
if err != nil {
return "", nil, nil, nil, 0, err
if res.StatusCode != http.StatusOK {
return "", nil, nil, nil, 0, fmt.Errorf("upload failed with status code %d", res.StatusCode)
var jsonRes map[string]string
return jsonRes["url"], mediaKey, fileEncSha256, fileSha256, fileLength, nil