How To Decrypt Whatsapp Database Crypt 14 Fix May 2026

There are two primary ways to decrypt the file once you have both the key and the database.

Have you successfully decrypted a Crypt14 file? Contribute your iteration count and WhatsApp version to the open-source community to help others.

Decrypting a WhatsApp database is a technical process that allows users to access their chat history outside of the official application. This is typically done for data recovery, forensic analysis, or migrating messages to a different platform. WhatsApp uses end-to-end encryption for its backups, and the current standard for Android devices is the .crypt14 extension.

The .crypt14 file is a database format encrypted using a 256-bit AES key. This key is unique to your account and is stored in a protected system folder on your Android device. Without this specific key, the database is impossible to read. Requirements for Decryption

To successfully decrypt a .crypt14 database, you need three specific components:

The Database File: Usually named msgstore.db.crypt14, found in the /WhatsApp/Databases folder. The Key File: A 158-byte file simply named key.

Decryption Software: Tools like WhatsApp Viewer or specialized Python scripts. Phase 1: Extracting the Key File

The most difficult step in this process is obtaining the key file. On modern Android versions, this file is located in /data/data/com.whatsapp/files/key. This directory is restricted and cannot be accessed on a standard phone without "Root" access. Option A: Rooted Devices

If your device is rooted, use a file explorer with root permissions (like ES File Explorer or Root Browser). Navigate to /data/data/com.whatsapp/files/. Locate the file named key. Copy it to your computer or your phone’s public storage. Option B: Non-Rooted Devices (The "Legacy" Method) how to decrypt whatsapp database crypt 14 fix

If you do not have root access, you must use a "Legacy WhatsApp" method. This involves temporarily installing an older version of WhatsApp that allows data extraction. Back up your chats to Google Drive or local storage first. Uninstall the current WhatsApp. Install an older version (specifically version 2.11.431). Use a tool like WhatsApp Key Database Extractor on your PC.

Connect your phone via USB with USB Debugging enabled in Developer Options. Run the script to extract the key from the legacy app. Phase 2: Decrypting the Database

Once you have both the msgstore.db.crypt14 and the key file on your computer, you can convert the encrypted file into a readable format. Using WhatsApp Viewer (Recommended)

WhatsApp Viewer is a lightweight, open-source tool designed for this exact purpose. Download and open WhatsApp Viewer. Go to File > Decrypt .crypt14.

A dialog box will appear. Select your msgstore.db.crypt14 file. Select your key file in the second slot. Click the "Decrypt" button (represented by three dots).

The software will generate a file named msgstore.decrypted.db. Using Python Scripts

For advanced users, you can use Python libraries like pycryptodome. Ensure Python is installed on your system. Use a script that reads the 158-byte key file.

The script extracts the AES key (bytes 126-157) and the IV (bytes 110-125). There are two primary ways to decrypt the

Run the decryption command to output a standard SQLite database. Troubleshooting Common "Fixes"

If you encounter errors during the process, check these common points of failure:

Wrong Key Version: A key file from a .crypt12 backup will not work on a .crypt14 file. They must be from the same backup cycle.

Incomplete Backups: If the msgstore.db.crypt14 file is 0KB or significantly smaller than expected, the backup was interrupted. Try triggering a manual backup in WhatsApp settings.

Crypt15/16 Updates: Meta occasionally updates encryption protocols. If your extension is higher than .crypt14, ensure your decryption tool is updated to the latest version.

Java Errors: Many extraction tools require Java. Ensure you have the latest Java Runtime Environment (JRE) installed on your PC. Ethical and Security Warning

Decrypting a database should only be done on your own personal data. Bypassing encryption on a device you do not own is a violation of privacy laws and terms of service. Additionally, be cautious when downloading "Decryption Tools" from untrusted sources, as these can often contain malware designed to steal your chat logs or session tokens.

Disclaimer: This guide is intended for educational purposes and forensic analysis of databases you own or have explicit authorization to access. Decrypting private communication without consent is illegal in many jurisdictions. This is usually found on the device storage or an SD card

This is usually found on the device storage or an SD card.

Save as decrypt_crypt14.py:

import sys
import hashlib
import hmac
from Crypto.Cipher import AES
def decrypt_crypt14(enc_file, key_file, out_file):
with open(key_file, "rb") as kf:
key = kf.read()  # must be 32 bytes
with open(enc_file, "rb") as ef:
    data = ef.read()
# Crypt14 format:
# 32 bytes salt + rest = ciphertext
salt = data[:32]
ciphertext = data[32:]
# Derive key using PBKDF2-HMAC-SHA256 (iterations=1)
derived_key = hashlib.pbkdf2_hmac('sha256', key, salt, 1, dklen=32)
# AES-GCM nonce = first 12 bytes of ciphertext? No — GCM mode info.
# Actually Crypt14: nonce is 12 bytes random prepended to ciphertext inside the encrypted blob.
# But structure: salt(32) + nonce(12) + ciphertext(rest-12) + tag(16)
nonce = ciphertext[:12]
tag = ciphertext[-16:]
encrypted = ciphertext[12:-16]
cipher = AES.new(derived_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt_and_verify(encrypted, tag)
with open(out_file, "wb") as of:
    of.write(plaintext)
print("Decrypted to", out_file)

if name == "main":
if len(sys.argv) != 4:
print("Usage: python decrypt_crypt14.py msgstore.db.crypt14 key_file output.db")
sys.exit(1)
decrypt_crypt14(sys.argv[1], sys.argv[2], sys.argv[3])

Here is a Python script updated for Crypt14 (AES-GCM, PBKDF2 with 30k iterations):

import hashlib
import hmac
import binascii
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2
def decrypt_crypt14(key_file, crypt14_file, output_file):
# Read key file
with open(key_file, 'rb') as f:
key_data = f.read()
# Extract components from key file (WhatsApp-specific offsets)
salt = key_data[0:32]
encrypted_key_material = key_data[32:64]
mac_key = key_data[64:128]
# Read crypt14 file
with open(crypt14_file, 'rb') as f:
    raw = f.read()
# Header: 30 bytes (version 2, salt, nonce)
version = raw[0]  # Should be 14
crypt_salt = raw[1:17]  # 16 bytes salt for DB
nonce = raw[17:29]      # 12 bytes nonce for GCM
ciphertext = raw[29:-16]  # Remove GCM tag at end
gcm_tag = raw[-16:]
# Derive key using PBKDF2 (>30k iterations as per Crypt14 spec)
# Eloy Gomez's research indicates 0x7530 = 30000 iterations
iterations = 30000
derived_key = PBKDF2(encrypted_key_material, crypt_salt, dkLen=32, count=iterations, hmac_hash_module=hashlib.sha256)
# Decrypt with AES-GCM
cipher = AES.new(derived_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt_and_verify(ciphertext, gcm_tag)
# Save output as SQLite database
with open(output_file, 'wb') as f:
    f.write(plaintext)
print(f"Decryption successful: output_file")

Find msgstore.db.crypt14 and the 32-byte key file (must be from same device/time period).
The best "fix" is preventing the lockout.


adb shell
su
cat /data/data/com.whatsapp/files/key > /sdcard/whatsapp_key
exit
adb pull /sdcard/whatsapp_key