Tag Archives: firepassword

Hacking / Recovering Firefox Saved Passwords

Introduction

I covered how/where Firefox store saved passwords on the previous blog post. Today, I will mention how to hack them.

As discussed previously, Firefox uses TripleDES as its encryption algorithm. If master password is not set, we can crack the password with any 64 base decoder since there won’t be encryption.

If master password is used, user needs to attack  key3.db with a password cracker such as FirePassword to recover master password.

Master password is not stored on the key3.db. Firefox stores  encrypted data associated with known string.

Say the known string is realinfosec. If user enter correct master password, he can decrypt the encrypted data as realinfosec.  BOOM!

Known string and decrypted one matched! Firefox now knows that user entered correct master password, so it will decrypt all the saved passwords.

The way Firemaster works is same.

  1. First, Firemaster generates password by using bruteforce, hybrid and dictionary attacks.
  2. After that, it computes hash of master password.
  3. Firepassword uses this hash to decrypt encrypted data.
  4. If the decrypted data matches with the string (i.e realinfosec), it means FireMaster gets the password!

firemaster1

After having master password,  you can decrypt saved passwords via FirePassword.

Currently, Firepassword can only decrypt saved passwords on Sigons.txt files not the ones on the signons.sqlite

Nagareshwar Talekar, creator of these two nice tools,  informed me that he will try to update FirePassword, then it may crack saved passwords stored on the signons.sqlite.

Conclusion

1-) If you forget your master password, you can get it back via FireMaster.

2-) Strength of encryption is depend on the strength of the Master Password you choose

3-)Nothing is impossible, you can recover your Firefox password. However, this means that hackers can crack them as well… Don’t forget; they only need to have key3.db and sigons files (txt and sqlite) to do that. You need to be sure that physical security and network security for your machine are OK.