SecurityXploded.com
Exposing the Password Secrets of Miranda - www.SecurityXploded.com
 
 
Exposing the Password Secrets of Miranda
 
 
 
See Also
 
 
Contents
 
 
About Miranda
Miranda is open source based Messenger which has become more popular in the recent times. It's simple interface makes it very easier and faster. It is universal messenger which supports multiple IM protocols including Yahoo, MSN, GTalk, Jabber, Facebook IRC, AIM, ICQ, Gadu-Gadu etc.


Miranda Messenger
 
Miranda works on wide range of platforms starting from Windows 95 to latest operating system, Windows 7.
 
 
 
Miranda Password Storage Location
Like most instant messengers, Miranda also stores the all user account information including passwords in the profile location. This is to prevent the user from entering the passwords each time.

Latest version of Miranda (v0.9.10) stores the user account & password in the profile file at following location
[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Miranda\%profile_name%\%profile_name%.dat

[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\Miranda\%profile_name%\%profile_name%.dat
User can have multiple profiles specific to office or home environment and corresponding account information is stored in the respective profile file.

Initial versions of Miranda stored all account information in .dat file directly within the base location as shown below,
[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Miranda\%profile_name%.dat

[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\Miranda\%profile_name%.dat
Miranda uses modified version of ICQ database format to store all the account details and all of these versions used the same format to store the account information in the .DAT file.
 
 
Internals of Miranda Password Storage
As explained in earlier section, Miranda stores the account information including passwords in an proprietary format in .DAT files. Typical information include protocol name, username, password in encoded format, email etc.

Each of the account information begins with keyword 'AM_BASEPROTO'. Then follows the protocol and other relevant information.

General structure for each account information is in below shown format
 
struct Miranda_Account
{
//protocol
char strProtoID[]="AM_BaseProto";
char seperator=0xff;
short protoLength; //2 bytes
char varProtoName[]; "AIM" "YAHOO" "JABBER" "MSN" etc

//username
byte usernameFieldLength;
char varUserNameField;
char seperator=0xff;
short usernameLength;
char varUserName[usernameLength];

//<Other Fields>
...
...


//password
byte passFieldLength;
char varPassField; // 'Password' or 'LoginPassword' for Jabber
char seperator=0xff;
short passwordLength;
char varEncPassword[passwordLength];

...
...
}
 
This is common structure for most of the protocols but for some protocols such as IRC, IRQ or Gadu-Gadu it differs slightly around the username.

Password for each account begins with keyword 'Password' (except for Jabber protocol it is 'LoginPassword') and then follows the actual password in encoded format.
 
 
 
Miranda Password Encryption and it's Decryption Operation 
 
Miranda uses simple encryption algorithm with simple maths to cryptize the password from the spying eyes. For all protocols except Jabber it uses common algorithm to encrypt the password.

In this simple encryption mechanism, Miranda adds the magic number 5 to each character in the password to encode it and then stores into the profile file.

Here is the simple decryption mechanism for all protocols (except Jabber) supported by Miranda
for(int i=0; i<PasswordLength; i++)
{
   clearPassword[i] = encryptedPassword[i]-5;
}
 
For Jabber protocol (as per version v0.9.10) it uses XOR based encoding algorithm using the magic number 0xC3 to secure the password, Here is the decryption algorithm for the Jabber Protocol
 
for(int i=0; i<PasswordLength; i++)
{
   clearPassword[i] = encryptedPassword[i] ^ 0xC3;
}
 
On completion of the above operation with those magic numbers, you will have the secret in your hands !
 
 
 
Recovering Miranda Password using MirandaPasswordDecryptor
MirandaPasswordDecryptor is a dedicated tool to instantly recover Miranda account passwords. It can automatically detect the currently installed version of Miranda and recover the passwords for all stored accounts.

MirandaPasswordDecryptor
 
MirandaPasswordDecryptor is portable tool which can be directly run from portable devices. It also comes with Installer for complete support for Installation and Uninstallation. You can also use our other tool, IMPasswordDecryptor to recover the Miranda passwords along with passwords stored by other Instant Messengers.  
 
 
 
Conclusion
Above article explains how Miranda stores the account password using its own proprietary encryption algorithm and shows how one can manually decrypt such password to recover the original password.

Note that it does not mean lapse on Miranda Security as only authorized user can view and decrypt the stored passwords. But due to nature of its password storage mechanism, you are advised to exercise caution while handing over your system to amigos.
 
 
 
See Also