FireMaster : Free Tool to Recover Your Lost or Forgotten Master Password in Firefox
FireMaster - The Firefox Master Password Recovery Tool
Presenting FireMasterCracker - GUI Version of FireMaster
See Also
About FireMaster

FireMaster is the first ever tool developed to recover your lost or forgotten Master Password of Firefox using simple to advanced password recovery techniques.

Master password is used by Firefox to protect the stored loign/password information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lose all the passwords stored in it.

Now you can use FireMaster to recover the forgotten master password and get back all the stored Login/Passwords.

FireMaster supports following Firefox Master Password Recovery methods,

  • Dictionary Method
  • Hybrid-Dictionary Method
  • Brute-force Method
  • Pattern based Brute-force Method

Pattern based technique reduces recovery time significantly especially when you remember part of the password.

For GUI version check out our new tool - FireMasterCracker

FireMaster is successfully tested with all versions of Firefox starting from 1.0 to latest version. It works on wide range of platforms starting from Windows XP to Windows 10.

Firefox Password Manager and Master Password

Firefox comes with built-in password manager tool which remembers username and passwords for all the websites you visit. This login/password information is stored in the encrypted form in Firefox database files residing in user's profile directory.

However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword.

Hence to protect from such threats, Firefox uses master password to provide enhanced security. By default Firefox does not set the master password. However once you have set the master password, you need to provide it every time to view login credentials. So if you lose the master password then that means you have lost all the stored passwords as well.
So far there was no way to recover these credentials once you have lost the master password. Now the FireMaster can help you to recover the master password and get back all the sign-on information.
How FireMaster Works?

Once you have lost master password, there is no way to recover it as it is not stored at all.

Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string. If the decrypted data matches this known string then the entered password is correct. FireMaster uses the similar technique to check for the master password, but in more optimized way.

The entire operation goes like this.
  • FireMaster generates passwords on the fly through various methods.
  • Then it computes the hash of the password using known algorithm.
  • Next this password hash is used to decrypt the encrypted data for known plain text (i.e. "password-check").
  • Now if the decrypted string matches with the known plain text (i.e. "password-check") then the generated password is the master password.
Firefox stores the details about encrypted string, salt, algorithm and version information in key database file key3.db in the user's profile directory. You can just copy this key3.db file to different directory and specify the corresponding path to FireMaster. You can also copy this key3.db to any other high end machine for faster recovery operation.
FireMaster supports following password recovery methods
1) Dictionary Cracking Method
In this mode, FireMaster uses dictionary file having each word on separate line to perform the operation. You can find lot of online dictionary with different sizes and pass it on to Firemaster. This method is more quicker and can find out common passwords.
2) Hybrid Cracking Method
This is advanced dictionary method, in which each word in the dictionary file is prefixed or suffixed with generated word from known character list. This can find out password like pass123, 12test, test34 etc. From the specified character list (such as 123), all combinations of strings are generated and appended or prefixed to the dictionary word based on user settings.
3) Brute-force Cracking Method
In this method, all possible combinations of words from given character list is generated and then subjected to cracking process. This may take long time depending upon the number of characters and position count specified. 
4) Pattern based Brute-force Cracking Method
Pattern based cracking method significantly reduces the password recovery time especially when password is complex. This method can be used when you know the exact password length and remember few characters.
Video Demonstration of FireMaster
Here is the video demonstration of recovering Firefox master password using FireMaster.  In the video tutorial below it shows how to use Hybrid Crack & Brute-Force Crack method to easily recover the master password
Installation & Un-installation
FireMaster comes with Installer to help in local installation & un-installation. This installer has intuitive wizard which guides you through series of steps in completion of installation.
At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)
[Windows 32 bit]
C:\Program Files\SecurityXploded\FireMaster

[Windows 64 bit]
C:\Program Files (x86)\SecurityXploded\FireMaster
How to use FireMaster?
First you need to copy the key3.db file to temporary directory. Later you have to specify this directory path for FireMaster as a last argument.

Here is the general usage information

Firemaster [-q]
           [-d -f <dict_file>]
           [-h -f <dict_file> -n <length> -g "charlist" [ -s | -p ] ]
           [-b -m <length> -l <length> -c "charlist" -p "pattern" ]

Note: With v5.0 onwards, you can specify 'auto' (without quotes) in place of "<Firefox_Profile_Path>" to automatically detect default profile path.
Dictionary Crack Options:
   -d Perform dictionary crack
   -f Dictionary file with words on each line
Hybrid Crack Options:
   -h Perform hybrid crack operation using dictionary passwords.
Hybrid crack can find passwords like pass123, 123pass etc
   -f Dictionary file with words on each line
   -g Group of characters used for generating the strings
   -n Maximum length of strings to be generated using above character list
These strings are added to the dictionary word to form the password
   -s Suffix the generated characters to the dictionary word(pass123)
   -p Prefix the generated characters to the dictionary word(123pass)
Brute Force Crack Options:
   -b Perform brute force crack
   -c Character list used for brute force cracking process
   -m [Optional] Specify the minimum length of password
   -l Specify the maximum length of password
   -p  [Optional] Specify the pattern for the password
Examples of FireMaster
// Dictionary Crack
FireMaster.exe -d -f c:\dictfile.txt auto
// Hybrid Crack
FireMaster.exe -h -f c:\dictfile.txt -n 3 -g "123" -s auto
 // Brute-force Crack
FireMaster.exe -q -b -m 3 -l 10 -c "abcdetps123" "c:\my test\firefox"
 // Brute-force Crack with Pattern
FireMaster.exe -q -b -m 3 -c "abyz126" -l 10 -p "pa??f??123" auto
Here Firefox_Profile_Path refers to the directory where key3.db file is present. This points to the Firefox profile directory (Ex: C:\Documents and Settings\<user>\Application Data\Mozilla\Firefox\Profiles\<prof name>) on your machine. However you can also copy key3.db file from any other machine such as Linux system to your local windows machine and specify that path during recovering operation.
Quiet mode ( -q option ) will disable printing each password while recovery is in progress. This makes it much faster especially for brute force operation. However during brute force operation if the password count exceeds 50000 passwords then it automatically enters the quiet mode.
Hybrid method tries normal dictionary password as well as password created by appending/prefixing the generated strings to the dictionary word. For example if the dictionary word is "test" and you have specified character set as '123' (-c 123 -s) then the new passwords will be test1, test12, test123, test32 etc.
By default FireMaster includes smaller password list file "passlist.txt". You can find larger password dictionary file here

Character list (-g for hybrid and -c for brute force) specifies the characters to be used for generating passwords. If you don't specify then the default character list is used. For brute force -m indicates the minimum length of password to be generated.

This can reduce the generated passwords and hence the time considerably when large number of character set is specified. Similarly -l (small 'L') specifies the maximum length of password to be generated. For example, if you specify -m 6 and -l 8 then only passwords which are of length at least 6 and above but below 8 will be generated.

Now you can reduce the password cracking time significantly using "Pattern based Brute-force Password Recovery" method.
If you know that password is of certain length and also remember few characters then you can specify that pattern for brute force cracking. For example, assume that you have set the master password of length 12 and it begins with 'fire' and ends with '123' then command will look like below

FireMaster.exe -b -c "abyz" -l 12 -p "fire?????123" c:\testpath
This will reduce the time to seconds which otherwise would have taken days or hours to crack that password. You can even crack the impossible looking passwords using the right pattern.
Firemaster in Action
FireMaster and FireFox
FireMaster is successfully tested with latest Firefox version and it can recover master password successfully from any Firefox, starting with version 1.0 or more.

If the FireMaster failed to work with your Firefox version then please send us the key3.db and cert8.db (required for older versions) files which are present in your Firefox profile directory. Note that sign-on credentials are stored in the signons.txt file and key3.db just contains the master password related information. So even if some one knows your master password it will be useless unless he/she has access to password database file (signons.txt/logins.json).

FireMaster is designed with good intention to recover your lost Master Password so that every one keep enjoying their experience with Firefox. Like any other tool its use either good or bad, depends upon the user who uses it. However neither author nor SecurityXploded is in anyway responsible for damages or impact caused due to misuse of FireMaster.

Read our complete 'License & Disclaimer' policy here.


Thanks to the Mozilla-Firefox crew for making such an excellent, beautiful, free browser.Thanks to everyone who shared their experience with FireMaster through their valuable feedbacks and suggestions.

Release History
Version 7.0: 10th Jan 2017
Important release with the major fix to brute force password recovery operation.
Version 6.5: 19th Aug 2016
Major 2016 edition with support for latest Firefox version on Windows 10.
Version 6.0: 1st Aug 2015
Integrated Uninstaller into Windows Add/Remove Programs, now you can uninstall it in a standard way. Also added feature for dynamically downloading latest version
Version 5.6: 26th July 2012
Fixed the problem with checking for empty Master Password during initialization.
Version 5.5: 22nd May 2012
Fixed critical bug in Dictionary & Hybrid Crack with first character missing. Thanks to josebautista for reporting the error.
Version 5.2: 27th Apr 2012
Fixed minor bugs in UI and messages, Works well with latest version of Firefox v11.
Version 5.1: 11th Sep 2011
Tested successfully with latest version of Firefox v6.0.2. Fixed the issue with silent mode operation.
Version 5.0: 20th July 2011
Automatically discover default Firefox profile path, Support for showing up larger numbers & total time, Silent mode with no verbose messages and prompts - good for scripting & few bug fixes and better of display of intermediate results.
Version 4.5: 15th Nov 2010
Installer for local Installation & Uninstallation of the software. Few usability interface related changes.
Version 4.0: 8th Jan 2010
Support for Windows 7. Error messages are now shown clearly in RED. Few bug fixes and security changes.
Version 3.5: 22nd Aug 2009
Resolved the compatibility problem with latest Firefox version 3.5. Now FireMaster dynamically detects the Firefox version and recovers the master password accordingly.
Version 3.1: 28th Sep 2008
Fixed the bug in recovering the master password for Iceweasel which is browser derived from Firefox.
Version 3.0: 29th July 2008
Support for Firefox version 3.0, now you can recover the master password of latest version of Firefox. The differences in reading the Firefox key database file is resolved.
Kudos to the Firefox crew for yet another beautiful version of Firefox...!
Version 2.5:  22nd March 2008
Pattern based brute force password recovery method is implemented which reduces the time considerably when certain part of the password is already known. Also minimum length of password can be specified which improves the recovery time greatly.  
Usage is simplified by forcing one crack method at a time and providing better meaningful options. Fixed the bug in displaying statistics and now it displays the remaining time accurately based on the current speed which is computed dynamically.
Thanks for your suggestions and feedbacks...
Version 2.2:  8th July 2006
FireMaster source code is released under GPL v2.
Version 2.1:  18th June 2006
Tested successfully with latest version of Firefox.
Statistics display during the operation is improved.
Version 2.0:  25th Feb 2006
First public release of FireMaster SOURCE code.
Now it works at amazing speed of 50k passwords per second on normal m/c.
Firefox library dependency is removed completely.
For brute force, speed and time is displayed during operation.
Lots of optimizations and few bug fixes.
Thanks to 'T Barton' for reporting the bug with 1.5 version.
Version 1.5:  14th Jan 2006
Bug in parsing key3.db fixed.
Displaying results during recovery operation.
Speed is doubled compared to the original version.
Version 1.0:  1st Jan 2006
First public release of FireMaster.
Download FireMaster
FREE Download FireMaster v7.0

License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8, Windows 10


Presenting FireMasterCracker - GUI Version of FireMaster
See Also