Whatsapp – iOS password generation

A few days ago the Android developer published an article explaining how the log-in process works on WhatsApp for Android. In his article, Granger says that the password corresponds to MD5 hash of reversed IMEI number. Citing its notation

md5(strrev(‘your-imei-goes-here’))

Granger also asserts that the same method is not applicable in the case of iOS devices, and the algorithm is not yet known.
Thus, I decided to examine whatsapp for iPhone and how it generates the password. Well, the principle is the same, but this time the MD5 hash is calculated using the mac address of WiFi interface (en0) taken twice because Apple does not allow third-party applications to access IMEI number.

Using the notation of Granger

md5(AA:BB:CC:DD:EE:FFAA:BB:CC:DD:EE:FF)

Below I reported a portion of the ARM code that handles the password generation

The method is verifiable by simulating the log-in process from any browser. You have to compose the following request

hxxps://r.whatsapp.net/v1/exist.php?cc=COUNTRY_CODE&in=TELEPHONE_NUMBER&udid=MD5(MACMAC)

If everything is ok you should get something like this

However the GET request just helps to inform the app that we are accessing from a device previously registered.
The authentication process starts after the GET request just viewed, using the X-WAWA protocol.

Paradoxically, because of the restrictions that Apple imposed(about retrieving of IMEI number), the authentication method for iOS devices is less secure than on Android devices. The MAC address can be easily achieved on a wifi network

"This tutorial is Education Purpose only don’t misuse it Trick2do will Not Hold any responsibility"