FireMasterLinux : Linux Port of Firefox Master Password Recovery Tool -
Author: Broseidon
See Also
About FireMasterLinux
FireMasterLinux is the Linux port of popular tool FireMaster. FireMaster is the first ever built tool to recover the lost master password of Firefox. In order to protect the stored login passwords, Firefox uses master password. If the master password is forgotten, then there is no way to recover the master password and user will lose all the stored login passwords as well.

In this direction, FireMasterLinux helps in recovering lost master password to get back all the stored passwords. FireMasterLinux uses combination of techniques such as dictionary, hybrid and brute force to recover the master password from the Firefox key database file.
Often it takes long hours and some times days together to completely recover the master password based on its length and complexity. Hence one end up performing recovery operation for days continuously. However Windows system often goes slower as the day passes and performance is not optimal when it comes to continuous processing.

In such a case where it involves processing for long hours with consistent high-performance, Linux becomes the ideal platform. To address this exact problem, we have started the project, FireMasterLinux !!!
Firefox Password Manager and Master Password
Firefox comes with built-in password manager tool which remembers username and passwords for all the websites you visit. This sign-on information is stored in the encrypted form in Firefox database files residing in user's profile directory. However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword.
Hence to protect from such threats, Firefox uses master password to provide enhanced security. By default Firefox does not set the master password. However once you have set the master password, you need to provide it every time to view sign-on credentials. So if you lose this master password that means you have lost all stored credentials as well.
So far there was no way to recover these credentials once you have lost the master password. Now with FireMasterLinux you can recover your master password and get back all the sign-on passwords.
Team Members
This project is lead by Broseidon along with other liked minded individuals. Here is the list of all members
  • broseidon [Project Lead]
  • endeavormac
  • oldgregg
  • MustardBedroomWrench
If you would like to be part of this project then contact us. Below is the status of current work and remaining work to be done.
Current Work Status
Here is the current status of the FireMasterLinux project with details on finished as well as remaining work
  •   Port a working version (brute force only) to linux [Finished on 16 MAY 2010]
  •  Incorporate dictionary crack [Finished on 24 MAY 2010]
  •  Incorporate and optimize hybrid crack to include not just addition, but case changes within dictionary words [Finished on 9 JUN 2010]
  •  Use threading to improve application performance
  •  Use with CUDA/OpenCL
  •  Roll into Nagareshwar's FirePassword tool
  •  Write a Metasploit module to grab requisite databases & automatically check for a master password set
Final aim of the project is to build complete Linux port of FireMaster and later integrate it into Metasploit Framework.
Internals of FireMasterLinux
FireMasterLinux supports following password generation methods

1) Dictionary Method
In this mode, FireMasterLinux uses dictionary file having each word on separate line to perform the operation. You can find lot of online dictionary with different sizes and pass it on to Firemaster. This method is more quicker and can find out common passwords.
H2) Hybrid Method
This is advanced dictionary method, in which each word in the dictionary file is prefixed or suffixed with generated word from known character list. This can find out password like pass123, 12test, test34 etc. From the specified character list (such as 123), all combinations of strings are generated and appended or prefixed to the dictionary word based on user settings.
H3) Brute Force Method
In this method, all possible combinations of words from given character list is generated and then subjected to cracking process. This may take long time depending upon the number of characters and position count specified. 
Video Demonstration
Here is the video demonstration of recovering Firefox master password using FireMaster (Windows Port). Though they are similar some of the things will be different.

In the video tutorial below it shows how to use Hybrid Crack & Brute-Force Crack method to easily recover the master password
How to use FireMasterLinux?
First you need to copy the key3.db file to temporary directory. Later you have to specify this directory path for FireMasterLinux as a last argument.

Here is the general usage information
FiremasterLinux [-q]
           [-d -f <dict_file>]
           [-h -f <dict_file> -n <length> -g "charlist" [ -s | -p ] ]
           [-b -m <length> -l <length> -c "charlist" -p "pattern" ]

Dictionary Crack Options:
   -d Perform dictionary crack
   -f Dictionary file with words on each line
Hybrid Crack Options:
   -h Perform hybrid crack operation using dictionary passwords.
Hybrid crack can find passwords like pass123, 123pass etc
   -f Dictionary file with words on each line
   -g Group of characters used for generating the strings
   -n Maximum length of strings to be generated using above character list
These strings are added to the dictionary word to form the password
   -s Suffix the generated characters to the dictionary word(pass123)
   -p Prefix the generated characters to the dictionary word(123pass)
Brute Force Crack Options:
   -b Perform brute force crack
   -c Character list used for brute force cracking process
   -m [Optional] Specify the minimum length of password
   -l Specify the maximum length of password
   -p  [Optional] Specify the pattern for the password
Sample Usage Information
// Dictionary Crack
FireMasterLinux.exe -d -f c:\dictfile.txt Firefox_Profile_Path
// Hybrid Crack
FireMasterLinux.exe -h -f c:\dictfile.txt -n 3 -g "123" -s Firefox_Profile_Path
 // Brute Force Crack
FireMasterLinux.exe -q -b -m 3 -c "abyz126" -l 10 -p "pa??f??123" Firefox_Profile_Path
Note that some of the options mentioned above may not have fully implemented in FireMasterLinux. Hopefully they will be present in future version.
Here Firefox_Profile_Path refers to the directory where key3.db file is present. However you can also copy key3.db file from any other machine and specify that path during recovering operation.
Quiet mode ( -q option ) will disable printing each password while recovery is in progress. This makes it much faster especially for brute force operation. However during brute force operation if the password count exceeds 50000 passwords then it automatically enters the quiet mode.
Hybrid method tries normal dictionary password as well as password created by appending/prefixing the generated strings to the dictionary word. For example if the dictionary word is "test" and you have specified character set as '123' (-c 123 -s) then the new passwords will be test1, test12, test123, test32 etc.
Character list (-g for hybrid and -c for brute force) specifies the characters to be used for generating passwords. If you don't specify then the default character list is used. For brute force -m indicates the minimum length of password to be generated. This can reduce the generated passwords and hence the time considerably when large number of character set is specified. Similarly -l (small 'L') specifies the maximum length of password to be generated. For example, if you specify -m 6 and -l 8 then only passwords which are of length at least 6 and above but below 8 will be generated.

Now you can reduce the password cracking time significantly using pattern based password recovery mechanism. If you know that password is of certain length and also remember few characters then you can specify that pattern for brute force cracking. For example, assume that you have set the master password of length 12 and it begins with 'fire' and ends with '123' then command will look like below
FireMasterLinux.exe -b -c "abyz" -l 12 -p "fire?????123" c:\testpath
This will reduce the time to seconds which otherwise would have taken days or hours to crack that password. You can even crack the impossible looking passwords using the right pattern.
FireMasterLinux and FireFox
FireMasterLinux is tested with latest Firefox version 3.5.6 and it can recover master password successfully from any Firefox, starting with version 1.0 or more.

If the FireMasterLinux failed to work with your Firefox version then please send me the key3.db and cert8.db (required for older versions) files which are present in your Firefox profile directory. Note that sign-on credentials are stored in the signons.txt file and key3.db just contains the master password related information. So even if some one knows your master password it will be useless unless he/she has access to signons.txt file.
FireMasterLinux is designed with good intention to recover the lost master password so that every one keep enjoying their experience with Firefox. Like any other tool its use either good or bad, depends upon the user who uses it. However author is not responsible for damages or impact caused due to misuse of FireMasterLinux.
Release History
Version 0.3.1:  Aug 9 2010
Fixes minor problems parsing arguments for brute force
Version 0.3:  Jun 9 2010
Now Supports Hybrid Cracking. Last single-threaded version of firemaster_linux.
Version 0.2:  May 21 2010
Added support for -m (minimum pass length) and -c (user defined character set) for password recovery options.
Version 0.1:  May 16 2010
First public version of FireMasterLinux
Free Download FireMasterLinux
FREE Download FireMasterLinux 0.3.1
     (Tested successfully for Firefox version 3.6)

License  : Freeware
Platform : Linux

Note: You need to download the Gecko SDK from Mozilla website, if you want to build the FireMasterLinux from the source code.
See Also