Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Whapp-irc – A simple WhatsApp IRC gateway (github.com)
100 points by lieuwex 63 days ago | hide | past | web | favorite | 48 comments

It looks like this opens a copy of WhatsApp Web and instruments it as its client. And it uses compiled class names like `._2EZ_m` to interact with the DOM. Unless I'm missing something, this will probably break weekly or every time they release a new build of the frontend. Not sure if there's a better way?

That specific classname didn't change since the beginning of the project, I had a breaking change on WhatsApp's side one time (was several months ago already).

I'm aware of https://github.com/tulir/mautrix-whatsapp which I'm personally interested in, which uses a reverse engineered implementation of the WhatsApp web protocol.

One alternative is sandboxing the js code (or using existing browser or networking logging capabilities) to reverse engineer network requests and write a more raw client instead of piggybacking onto the web client, that would still have risks of changes but less likely than this.

> reverse engineer network requests and write a more raw client

People already have done that. The most famous example is the yowsup [1] python library. The problem with these client implementations is that WhatsApp is banning any numbers that use them [2]. So most recent attempts to use WhatsApp outside of the official clients revolve around using WhatsApp Web somehow. That appears to work better, but even here if you are using it on a long term basis, WhatsApp might ban you.

Ultimately, WhatsApp is a bad host when it comes to using their service outside of the official app. This is really sad for people like me who don't want to install WhatsApp on their phones because it sends too much of my data to Facebook... probably that's precisely why they are so strict, to get all the data because that's all they get (the service is gratis after all). That and spam.

[1]: https://github.com/tgalal/yowsup [2]: http://google.com/search?q=yowsup+name+ban

3rd party implementations, such as that python library, have two fundamental issues (beyond what's mentioned here).

1) They're using outdated versions of the protocols, which they won't be motiviated to fix until those old versions are cut off server-side and their implementation suddenly stops working. 2) They never quite figured out how to correctly handle all the nuances and corner cases of the E2E encryption, so that part of their design is extremely fragile (just look at the issue trackers for all the evidence of this that you need).

On top of all that, the maintainers have basically given up and abandoned the projects... So they're not even being actively maintained.

> they won't be motiviated to fix until those old versions are cut off server-side and their implementation suddenly stops working.

I've never used one of these products, so I might be wrong, but as far as I understood it, the way WhatsApp bans your phone number if you use a third party client is done in a way that is permanent? So instead of saying "sorry your version is too old please use a newer one" they say "sorry your version is too old we don't want to see you ever again even if you fix it". It's totally okay to do something like "sorry the version is too old" if it's not your number that's banned but the outdated protocol implementation.

> the maintainers have basically given up and abandoned the projects

Because WhatsApp is sending DMCA requests like crazy [1] and the constant protocol changes make it hard for third party developers. See the opinion by one dev here [2].

If WhatsApp came out with a public statement about supporting third party clients, listing their conditions, it would be really great progress. Matrix, IRC, etc all thrive with different client implementations, even Threema officially tolerates the OpenMittsu third party client. The official communication I've seen by WhatsApp is the opposite.

[1]: https://github.com/github/dmca/blob/332f1896902c4f5780a249c0...

[2]: https://github.com/Enrico204/Whatsapp-Desktop/commit/18ba8a4...

I have used yowsup for some time, bans were not the issue. However there is a keying issue, leading to failed messages. Ultimately I had to switch to some Web API, as the 'official' version hasn't been updated for some time.

How can the server component of WhatsApp tell that the client is using the Python library you mention? If that library implements the protocol correctly, shouldn't it be indistinguishable from the official web client to the server?

Creating a correct implementation of a protocol is one thing, creating one that is indistinguishable from another implementation another. E.g. for TCP/IP you can find out the OS just from the additional information even though implementations are correct [1]. I guess they are doing something similar. And even if your protocol implementation were perfectly indistinguishable from the other one, usage patterns might reveal differences. E.g. if you have a bot then bots will most likely reply immediately after you issue a command. If you add a constant wait time, it's still distinguishable from humans typing at varying times. Same for uniformly randomly distributed wait times, I'm sure there is a distinction (I'd say it's correlated to message length for example). All of this is visible without looking at the message contents, which are obviously not available to the WhatsApp service.

[1]: https://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting

Based on your parent comment...

> This is really sad for people like me who don't want to install WhatsApp on their phones because it sends too much of my data to Facebook... probably that's precisely why they are so strict, to get all the data because that's all they get (the service is gratis after all).

When you send a message through WhatsApp, WhatsApp knows you sent the message and who you are.

Since they know who you are, they also know, independently of the request you just sent, whether you're using their official client, and what data they've managed to extract from your phone.

If I get a seemingly-valid message from you despite the fact that I know perfectly well you've never installed my official client, I'm going to conclude you're not using my official client.

This was an incredibly interesting topic when pokemon go came out. People started using the reverse engieered protocol to gain information about the map from the pc (instead of the official android app), and Niantic updated the app every now and then with slight protocol changes and complex functions or crypto algorithms so that it was harder for those people to perfectly emulate the client. The protocol worked, but they could detect them sometimes because it was not identical.

I feel that I love this topic. It seems that it is an exciting challenge trying to protect an API to only be used (or at least, detected if not) by the official app. I don't even know if there is even a 'solution' to this problem. Would like to read more about it.

In my experience it doesn't break all that often. Once in a while it does, of course, but not weekly; and knowing the creator personally, I can say he uses it himself too, so any breakage will be fixed quite quickly (at least at the moment). ;)

My solution was to run WhatsApp in emulator and enable adb over tcp and send adb commands from server directly to emulator. I automate sending messages and pdf files from our erp system. and for receiving messages we just have a Whatsapp web available for one of our employee so he can reply and escalate whatever.

What's a shame here is that the "WhatsApp Business API Client" [1] would actually be the perfect tool for personal projects like this. Unfortunately, its still being reserved for use by only larger businesses planning to use it at scale, so they can be meaningfully paying customers.

Offering low-volume non-customer-facing free access to a product like this would likely make everyone here quite happy.

[1]: https://developers.facebook.com/docs/whatsapp/getting-starte...

Indeed, it would be great to have something like this for non-business customers as well. Right now it's very much targeted at large businesses atm and seems to want a beefy computer, so you can't really install it on your RPI.


> For single-instance production server setup, we recommend at least 250 GB SSD, 16 GB RAM, and 4 core CPU.


> In order to ensure a high quality experience for businesses and users, we're in a limited public preview. If you'd like to work with us, submit more information about your business for consideration as we continue to expand our availability.

The beefy computer requirements are really just the result of needing to invent pie-in-the-sky specifications for the website, and wanting to avoid any bottlenecks when running at high load. Remember, most of the current customers are trying to actively communicate with an enormous number of contacts.

The truth is that the product does not actually need much RAM, and storage is a direct function of the number of conversations and messages you're handling with the product. The main bottleneck is really just I/O for the databases. For the use cases of everyone here, it absolutely could run on an RPi. Easily.

> Offering low-volume non-customer-facing free access to a product like this would likely make everyone here quite happy.

I suspect that one reason they're not doing that is to prevent spambots. This is probably a valid concern, as experience as shown that preventing spam is a hard problem.

Time to finally add a bot to my WhatsApp group chat!

My thoughts exactly! What do you recommend in terms of IRC bot building tools?

There are a whole bunch of tools but you really only want something simple that gives you an infinite loop that runs every time a message comes in and gives you access to the current message as an object

fwiw, a similar project for bridging WhatsApp into Matrix is https://github.com/tulir/mautrix-whatsapp.

why hasn't there been anything like this for iMessage? or any 3rd party applications at all, really.

I don't know whether this falls within that, but some people have made iMessage "versions" for Android by using a Mac computer as a bridge.


I created a native iMessage app for Windows 10:


Taking full advantage of UWP features and functionality.

Where is the app itself?

A Signal gateway would be nice but an irc gateway to a e2e secure platform might constitute a reduction of security for all involved parties.

There are jabber and slack gateways.

In practicality,I would like to see a gitter to IRC gateway,because of foss projects usage of both platforms.

Check out matterbridge (https://github.com/42wim/matterbridge) which bridges gitter, irc and much more :-)


Signal Weechat does this iirc, there are a few other alternative clients out there too: https://github.com/thefinn93/signal-weechat

They do exist. Here's one for Discord: https://github.com/reactiflux/discord-irc

There was someone who made something like that, but didn't make it public for fear of getting C&D'd by apple.

because iMessage is closed api by apple. and they likely will prohibit any interference with their api...

WhatsApp is as closed and guarded (even though better documented through reverse engineering).

And this obviously does exist. So that’s not the reason.

This thing here apparently uses WhatsApp web, which might be simpler to use than a full reverse of iMessage and its protocol.

Is iMessage even a thing outside the US? Everybody in Europe uses WA or Messenger, at least

The iPhone has about a 56% market share in the US, compared to a 26% market share in Europe (with the UK being the outsider with 52% market share).

That makes a huge difference: in Europe it's very unlikely that everyone out of any group of friends has an iPhone, making Whatsapp, Telegram etc the goto solutions for group messages.

Apple is also huge in Japan, but I don't know what kind of chat apps are used there.

Line, mostly.

idk, most people I know here in the UK have both iPhones and WhatsApp. Back in Australia, iPhones is fairly pervasive, and so is WhatsApp.

I'm from EU and it is a thing. I use iMessages whenever the other side has an iPhone. In my social circle, it's about two thirds. But it is also true that many people who have an iPhone still use Whatsapp or Messenger as the default communication channel even if the other side has an iPhone as well.

Its certainly not the default in Australia. Only a few people I know have iPhones. SMS is always the default messaging app unless you have added the person on something else which is a bit of a mess between different services.

I‘m from EU and prefer iMessage to anything else.

Is there any chance Whatsapp the company will try to take this down and if they do is there any chance it might survive?

Whatsapp has been notorious for taking down third party APIs and any tools that allow message automation.

Very nice project.

I would like to move away from WhatsApp for privacy reasons and out of principle.

Could I use this to set an auto-reply message to users contacting me, redirecting them to my new messenger e.g. Signal?

If you don't mind having a phone (or emulated phone) being on at all times running the whatsapp native app, and if you make an IRC bot that automatically replies to things, yes that's possible.

Why did you build this? What are you using it for?

I wanted to chat using WhatsApp comfortably using my Weechat setup.

should call it WhatsIRC

On that point though, what do people think when they see WhatsApp the name? I get the whole whats up thing, but whenever I see the name I think "What's App???" as in What is App???

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact