| |
| Exposing the Facebook Password Secrets |
|
|
|
|
|
|
|
|
|
|
| |
|
Facebook is the most popular social
network used by millions of people around the world. Users use
variety of applications to access Facebook services such as social
interaction, user updates, chat etc. In addition to Internet
browsers such as Firefox, IE, Chrome there are dedicated desktop
applications for accessing Facebook services. There are also lot of
messengers such as Paltalk, Digsby, Miranda which allows user to
access Facebook chat service
Most of the these applications
either browsers or messengers generally store the Facebook account
password for subsequent logins so that user don't have to enter the
password every time. Each application uses their own encryption
method and storage mechanism to securely store the password.
This research article throws light on the internal password storage
and encryption mechanisms used for storing the Facebook
password by some of the popular applications and finally shows how to recover Facebook passwords from each of these applications.
|
| |
|
| This section explains how each of
these popular browsers store the passwords, how to distinguish
between Facebook & other passwords and finally how to recover the
Facebook password from their secret store. |
| |
|
| Firefox stores the account passwords in its sign-on secret store
using Triple-DES encryption coupled with BASE64 encoding technique.
Different versions of Firefox used different method to store the login
passwords. Initial versions of Firefox used signons.txt while latest
versions uses signons.sqlite (SQLite database file) for storing all
login details for visited websites.
Firefox stores all website passwords including Facebook passwords
ofcourse at the user consent. To recover the Facebook password from this
big list we need to distinguish between the Facebook & other passwords.
This task is not difficult as Firefox stores the website URL along
with encrypted username & password for each of the stored login entries.
Here we just need to check if URL contains the magic string
'www.Facebook.com' and then recover only those details to recover real
Facebook username & password. |
| |
|
| Like Firefox and most other browsers, Internet Explorer also stores
the sign-on credentials for all visited websites. Before version
7, Internet Explorer used the famous 'Protected Storage' to store such
sign-on passwords. Since it was less secure and easy to decipher, with
version 7 onwards IE uses 'Credential Provider' store & 'Windows
Cryptography' functions to securely store the passwords.
As IE will be storing the passwords for all the
websites, we need to separate out Facebook passwords from it. For older
version using 'Protected Storage' mechanism we can simply check for URL
entries against 'www.facebook.com' to get the stored Facebook login
details. However for version 7 onwards we need to have Facebook login
URLs in the IE history database as explained in above research article.
So before we proceed to recover Facebook Password, we need to
add following login URLs
- http://www.facebook.com/
- http://facebook.com/login.php
- http://www.facebook.com/login.php
- http://login.facebook.com/
- https://login.facebook.com/login.php
|
| It depends on which URL is used by user to login to Facebook
account. Generally such URLs will be in IE history but sometimes it may
have been deleted accidentally by user.
Once we add these URLs to the IE history we can proceed to recover any
stored Facebook passwords IE Credential store. |
| |
|
| Like Internet Explorer and other browsers, Chrome also
stores the login passwords for all visited websites based on user
consent. Chrome uses Sqlite database to store the account information in
encrypted format.
Now in order to distinguish between
Facebook & other account passwords we just need to check for
'www.Facebook.com' in the URL for each of entries. |
| |
|
| Opera browser also stores the login username & password for all
visited websites at user's content. Opera uses the DES algorithm to
encrypt the password and store it along with other details in the magic
wand file.
Each of
such stored entries contain the main URL & login URL of the website.
Here we have check each of login URL for 'facebook.com' to recover only
Facebook account passwords. |
| |
| |
|
| Most of the universal messengers such as Trillian,
Digsby, Paltalk
etc supports Facebook chat as well as other protocols such as Gtalk,
Yahoo, AIM etc. Like web browsers these messengers also store the login
details including password for future use.
But not all of them
store the account passwords locally. Some of them actually store it in
their servers. Hence it is difficult to recover such account passwords.
Here we will present details on recovering the login passwords from
Messengers such as Paltalk, Miranda etc who store the passwords locally
on user's system. |
| |
|
| Paltalk is one of the emerging messenger of recent times which
supports multiple messenger protocols including Facebook chat. It stores
the login account passwords in the registry using the different
encryption mechanism for main and other protocols.
As mentioned in
this article, login passwords for each of the protocols are stored in
the registry under unique subkey. Facebook account passwords are stored
under subkey named 'FBK'. So once we find this key, we can decrypt the
encrypted password stored under this key to get the Facebook password. |
| |
|
| Miranda is the new universal messenger which also supports most of
popular chat protocols including Facebook. Miranda stores the login
passwords in the local database file using its own proprietary format.
Miranda uses
Jabber protocol for
Facebook and Gmail chat. As a result all such Jabber based accounts are
stored under protocol name 'JABBER' in its database. Here we need to
distinguish Facebook from other Jabber accounts such as Gmail.
For each Jabber protocol, Miranda stores 'LoginServer', 'LoginName' &
'LoginPassword'. Here we can use 'LoginServer' as the distinguishing key
among different Jabber accounts. For Facebook accounts, LoginServer is
set to 'chat.facebook.com'. Using this information we can easily recover
only Facebook account passwords from Miranda password store.
|
|
Facebook Password Decryptor is the FREE tool to instantly recover
stored Facebook account passwords stored by popular web browsers and
messengers.
It automatically crawls through each
of the above mentioned applications and instantly recovers the encrypted
Facebook account password. |
|
 |
|
| Facebook Password Decryptor works on wide range of platforms starting from Windows
XP to latest operating system Windows 10. |
| |
| |
| |
|
|
|
|
|
|
| |
| |
| |
| |
| |
| |
| |
