Meebo is one of the popular online messenger which provides one
point of access for various messenger services such as Gtalk, AIM,
Yahoo, Windows Live etc. Meebo Notifier is thin desktop client which
allows the user to keep track of notifications on any of the
messenger service from their system.
In this article, we will explore where Meebo notifier stores the
account passwords, its encoding algorithm and how to
Note that information presented in this
article applied to Meebo Notifier beta version, so the
password encoding mechanism presented here may or may not change with
Meebo Password Storage Location
Meebo Notifier supports following
It stores any of the above messenger account passwords in the
'MeeboAccounts.txt' file at below mentioned location,
C:\Documents and Settings\Application Data\Meebo\MeeboAccounts.txt
[Windows Vista & Windows 7]
Once you find the 'MeeboAccounts.txt'
file, open it in Notepad.You will see all your Meebo login settings
along with the password as shown in the sample
Current login account name is stored as 'username'
and encoded password is saved after 'password' string.
The 'protocol' string refers to Messenger such as AIM,
Yahoo, GTalk etc with 0 refering to 'Meebo Account' itself.
Internals of Meebo Password Encryption
Meebo Notifier uses simple
XOR encoding algorthm with magic bytes to protect the
password from privy eyes.
Here are the exact magic bytes
used by Meebo for XOR encoding algorithm.
As mentioned in previous section
Meebo uses simple XOR encoding algorithm with those
magic bytes. So once you get the encoded password from the
'MeeboAccounts.txt' file it is simple matter of passing it
through the XOR loop to decode the original password.
Special thanks to Yogesh Khatri for discovering and
sending us the Magic bytes used by Meebo Notifier.
Above article exposes how Meebo stores the account password
using the simple encoding algorithm and presents sample code to decode
the same to recover the original password.
Note that it does not mean lapse on Meebo Security as only authorized
user can view and decrypt the stored passwords. But due to nature of its
password storage and encoding mechanism, you are advised to exercise caution while
granting others access to your system. However Meebo can use user
oriented encryption algorithms (such as
Microsoft Cryptography functions) to prevent it
from being accessed by other logged in users.