Right, it's not a custom app talking to their servers.
It piggybacks on the official WhatsApp Web client whatsapp-web.js runs web.whatsapp.com in headless Chromium and automates it, linked as a companion device via the standard QR flow.
WA Web has no device attestation so as far as Meta sees it's a normal linked-device session. hchat just RSA-encrypts the plaintext before it enters that session, so WhatsApp only ever carries ciphertext.
Login to reply
Replies (2)
Madness, but sounds cool :-)
Pretty good thanks for the explanation I was wondering how it worked with the servers