SecurityXploded.com
SecurityTrainings
Mailing List Join us on Google+ Twitter facebook RSS Feeds
Exposing the Facebook Password Secrets - www.SecurityXploded.com
 
 
Exposing the Facebook Password Secrets
 
 
 
See Also
 
 
 
Contents
 
 
About Facebook Account Password Recovery
Facebook is the most popular social network used by millions of people around the world. Users use variety of applications to access Facebook services such as social interaction, user updates, chat etc. In addition to Internet browsers such as Firefox, IE, Chrome there are dedicated desktop applications for accessing Facebook services. There are also lot of messengers such as Paltalk, Digsby, Miranda which allows user to access Facebook chat service.

Facebook Password Secrets


Most of the these applications either browsers or messengers generally store the Facebook account password for subsequent logins so that user don't have to enter the password every time. Each application uses their own encryption method and storage mechanism to securely store the password.

This research article throws light on the internal password storage and encryption mechanisms used for storing the Facebook account password by some of the prominent applications. It also shows how to recover Facebook passwords from each of such applications.
 
 
 
Recovering Facebook Password From Web Browsers
This section explains how each of these popular browsers store the passwords, how to distinguish between Facebook & other passwords and finally how to recover the Facebook password from their secret store.
 
 
Firefox & Facebook Password
Firefox stores the account passwords in its sign-on secret store using Triple-DES encryption coupled with BASE64 encoding technique. Different versions of Firefox used different method to store the login passwords. Initial versions of Firefox used signons.txt while latest versions uses signons.sqlite (SQLite database file) for storing all login details for visited websites.

For more details on how different versions of Firefox store the secrets and what storage format is being used, refer to section 'Firefox Password Secrets'

Firefox stores all website passwords including Facebook passwords ofcourse at the user consent. To recover the Facebook password from this big list we need to distinguish between the Facebook & other passwords.

This task is not difficult as Firefox stores the website URL along with encrypted username & password for each of the stored login entries. Here we just need to check if URL contains the magic string 'www.Facebook.com' and then recover only those details to recover real Facebook username & password.
 
 
 
Internet Explorer & Facebook Password
Like Firefox and most other browsers, Internet Explorer also stores the sign-on credentials for all visited websites.

Before version 7, Internet Explorer used the famous 'Protected Storage' to store such sign-on passwords. Since it was less secure and easy to decipher, with version 7 onwards IE uses 'Credential Provider' store & 'Windows Cryptography' functions to securely store the passwords.

Here is the detailed research article which explains how to recover the passwords from any IE version, 'Exposing the Secrets of Internet Explorer'

As IE will be storing the passwords for all the websites, we need to separate out Facebook passwords from it. For older version using 'Protected Storage' mechanism we can simply check for URL entries against 'www.facebook.com' to get the stored Facebook login details. However for version 7 onwards we need to have Facebook login URLs in the IE history database as explained in above research article.

So before we proceed to recover Facebook Password, we need to add following login URLs
  • http://www.facebook.com/
  • http://facebook.com/login.php
  • http://www.facebook.com/login.php
  • http://login.facebook.com/
  • https://login.facebook.com/login.php
It depends on which URL is used by user to login to Facebook account. Generally such URLs will be in IE history but sometimes it may have been deleted accidentally by user.

You can use IEPasswordDecryptor to add these URLs to IE history database. Once we add these URLs to the IE history we can proceed to recover any stored Facebook passwords IE Credential store.
 
 
 
Google Chrome & Facebook Password
Like Internet Explorer and other browsers, Chrome also stores the login passwords for all visited websites based on user consent. Chrome uses Sqlite database to store the account information in encrypted format.

For more information on deciphering the website login passwords from Chrome database read the article, 'Exposing the Secrets of Facebook Chrome'

Now in order to distinguish between Facebook & other account passwords we just need to check for 'www.Facebook.com' in the URL for each of entries.
 
 
 
Opera & Facebook Password
Opera browser also stores the login username & password for all visited websites at user's content. Opera uses the DES algorithm to encrypt the password and store it along with other details in the magic wand file.

For more details on the storage format used by Opera and complete code to decrypt such password refer to the article, "Exposing the Secret of Decrypting Opera's Magic Wand"

Each of such stored entries contain the main URL & login URL of the website. Here we have check each of login URL for 'facebook.com' to recover only Facebook account passwords.
 
 
 
Recovering Facebook Password From Messengers
Most of the universal messengers such as Trillian, Digsby, Paltalk etc supports Facebook chat as well as other protocols such as Gtalk, Yahoo, AIM etc. Like web browsers these messengers also store the login details including password for future use.

But not all of them store the account passwords locally. Some of them actually store it in their servers. Hence it is difficult to recover such account passwords.

Here we will present details on recovering the login passwords from Messengers such as Paltalk, Miranda etc who store the passwords locally on user's system.
 
 
 
Paltalk Messenger & Facebook Password
Paltalk is one of the emerging messenger of recent times which supports multiple messenger protocols including Facebook chat. It stores the login account passwords in the registry using the different encryption mechanism for main and other protocols.


For more details on how Paltalk stores the passwords under the hood and complete code to recover the Paltalk passwords, refer to our research article, "Exposing the Password Secrets of PaltalkScene"

As mentioned in this article, login passwords for each of the protocols are stored in the registry under unique subkey. Facebook account passwords are stored under subkey named 'FBK'. So once we find this key, we can decrypt the encrypted password stored under this key to get the Facebook password.
 
 
 
Miranda Messenger & Facebook Password
Miranda is the new universal messenger which also supports most of popular chat protocols including Facebook. Miranda stores the login passwords in the local database file using its own proprietary format.

For more details on storage format used by Miranda and how to recover passwords from it, refer to our research article "Exposing the Password Secrets of Miranda"

Miranda uses Jabber protocol for Facebook and Gmail chat. As a result all such Jabber based accounts are stored under protocol name 'JABBER' in its database. Here we need to distinguish Facebook from other Jabber accounts such as Gmail.

For each Jabber protocol, Miranda stores 'LoginServer', 'LoginName' & 'LoginPassword'. Here we can use 'LoginServer' as the distinguishing key among different Jabber accounts. For Facebook accounts, LoginServer is set to 'chat.facebook.com'. Using this information we can easily recover only Facebook account passwords from Miranda password store.
 
 
 
Facebook Password Recovery Tool - FacebookPasswordDecryptor

Facebook Password Decryptor is the FREE tool to instantly recover stored Facebook account passwords stored by popular web browsers and messengers.

It automatically crawls through each of the above mentioned applications and instantly recovers the encrypted Facebook account password.

 
FacebookPasswordDecryptor
 
It works on wide range of platforms starting from Windows XP to latest operating system Windows 7.
 
 
 
See Also