Exposing the Password Secrets of Beyluxe Messenger -
Exposing the Password Secrets of Beyluxe Messenger
Author: Departure 
See Also
About Beyluxe Messenger
Beyluxe is the latest instant messenger which is still in early Beta stage. Along with basic chatting it also offers group video calls, public/private chat rooms & free video conferencing services.

Beyluxe Messenger
Beyluxe Account Password Storage
Like most of IM clients, Beyluxe also stores the user account details including passwords in the registry for subsequent logins so that user do not have to enter the password every time. Note that the password is stored only if user has selected 'Save Password' at login time.

Beyluxe saves your password in the Registry at following location in the registry under the sub key named after your nickname
HKEY_CURRENT_USER\Software\Beyluxe Messenger\<nick_name>
Beyluxe Messenger Registry Storage
Actual encrypted password is stored under above key with value name as 'Password'.
For example I could find the encrypted password for my nickname in the registry at following location as shown in the screen shot above
HKEY_CURRENT_USER\Software\Beyluxe Messenger\Departure\
Internals of Beyluxe Password Encryption
Beyluxe uses almost similar encryption algorithm as that of PaltalkScene Messenger. For more interesting details refer to the research article, 'Exposing the Password Secrets of PaltalkScene'

Coming back to Beyluxe, let us retrieve the encrypted password from the registry. It may look similar to '229226264233285234272' which is my encrypted password for BeyluXe, Just this alone tells us a few info like the length of the original password. Divide the length of this registry password string by 3 and you will have the length of the original password. In my case the length of the encrypted password is 21 characters in length, so that would make my original password Length 7 characters long.

Lets visualize splitting this encrypted password up into 3's

229 = 1st char

226 = 2nd char

264 = 3th char

233 = 4th char

285 = 5th char

234= 6th char

272= 7th char
At the moment it does not tell us much except the length of the Unencrypted Password, we will discover more in our next section
Beyluxe Password Decryption Operation
The decryption process requires a couple of variables and some small mathematics, The variables required is the system Hard drive serial number in hex format and your user name, These two variables get mix by using 1 char of user name and then 1 char of Hard drive Serial, Then concatenated so the mixed string is equal or greater than the Unencrypted password length( in my case 7 characters) For Example My Hard drive serial in hex format is '8ED93AAE' and my User name is 'Departure' so my mixed string would look like,

[To understand how to get drive serial number, refer to  'Exposing the Password Secrets of PaltalkScene']
We wont need to concatenate this string because its already longer than Unencrypted password length, The next stage is the mathematical part.

This is where our Encrypted password from the registry comes in to play, So we know our password is 7 characters long(by dividing Encrypted password by 3) and we also know the encrypted value for each character of our password. Now would be a good time to get familiar with the ASCII chart and understand for each character of the alphabet there is a decimal and a hex representation, So with that in mind we do something like this to decrypt (in Delphi) the first char of the password.
1st Unencrypted Character = Char(229 - (ord('D') xor 4) - 116) => 1 (first char of original password)
Here is the detailed step by step explanation of above decryption process
  • Each time we took the first 3 Encrypted password characters (for first step, it is '229' )

  • Then we took the decimal value(ord) of nth char (for first step, it is 'D') in our earlier formed serial ( 'D8eEpDa9r3tAuArEe' ) and Xor'ed it with 4

  • Finally subtract 116 from it to get the nth char (for first step, it is '1') of original password.
For the first step, we took the first 3 Encrypted password characters '229', Then we took the decimal value(ord) of 'D' and Xor'ed it with 4. Lets break this down a little more, going by the ASCII chart 'D' = 68 in decimal, so we can say that '68 xor 4 then we minuses 116 so the whole sum looks like '229 - (68 xor 4) - 116

68 xor 4 = 64 so we can also say '229 - 64 - 116 which of cause equals 49, So we convert 49 to its character value which is '1 so the first Character of our password = '1'

Keeping the above logic lets decrypt the rest..
2nd Unencrypted Character = Char(226- (ord('8') xor 4) - 116) = 2

3rd Unencrypted Character = Char(264- (ord('e') xor 4) - 116) = 3

4th Unencrypted Character = Char(233- (ord('E') xor 4) - 116) = 4

5th Unencrypted Character = Char(285- (ord('p') xor 4) - 116) = 5

6th Unencrypted Character = Char(234- (ord('D') xor 4) - 116) = 6

7th Unencrypted Character = Char(272- (ord('a') xor 4) - 116) = 7
And we have the original Password which is  '1234567'
Recovering Beyluxe Password using MessengerPasswordDecryptor
MessengerPasswordDecryptor is the FREE software to instantly recover stored passwords from most of the popular instant messengers. Most of the messengers have the auto-login feature which requires the user account information including password to be saved in encrypted format for subsequent logins. MessengerPasswordDecryptor helps in instantly recovering such stored passwords for popular instant messengers.
You can use MessengerPasswordDecryptor to automatically recover all stored passwords by Beyluxe Messenger for all nicknames. It is portable tool and works across wide range of platforms starting from Windows XP to Windows 7. 
In nutshell, above article explains how Beyluxe messenger encrypts and stores its account password. In the second part it shows how one can decrypt such encrypted password to recover the original password.

Note that above decryption process is based on early beta version of Beyluxe Messsenger and it may change with upcoming versions of the Messenger.
See Also