|
Message-ID: <CANWtx00ZVRfVEUwfKH2cMhU9fM6jyCbVmKdXWKWu733NM_Z0Tg@mail.gmail.com> Date: Tue, 20 Mar 2012 21:32:37 -0400 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: Cracking Thunderbirds password database. On Tue, Mar 20, 2012 at 4:59 PM, a <fromthestormofshadows@...il.com> wrote: > I have managed to extract the encrypted user names and passwords from my > Thunderbird database file, signons.sqlite and saved the data to a plain > text file. I have eight lines, each with the user name and password, yet > I have four email accounts. There is also the file, key3.db, which > contains information about encryption for the passwords in signons.sqlite. > > However John states there are "No password hashes loaded (see FAQ)" for > all files. > > Apparently the passwords in signons.sqlite are encoded by using base64 > and encrypted with 3DES and key3.db provides the decryption. A PKCS-12 PBE With Sha1 and 3Des in CBC mode :) http://www.sei.cmu.edu/reports/99tn010.pdf > I am not sure how to tackle this problem. This has been approached before here, but nothing came of it. These files are encrypted with NSS found in the Mozilla Dev kit and in FF source. I've been compiling information that pertains to this very task, but with focus on FF as opposed to TB. The previous thread about FF/signons.sqlite: http://www.openwall.com/lists/john-users/2008/10/09/2 (old version) http://www.openwall.com/lists/john-users/2009/07/18/2 Firemaster does provide source: http://securityxploded.net/getfile.php?file=FiremasterLinux.zip Some additional code I've found: https://gist.github.com/1208808 http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html https://wiki.mozilla.org/NSS_Shared_DB "global salt" is important (naturally) I've created a number of example files I'll post a link to in the morning. Again I'm no programmer but I did a bit of research the last few weeks into this issue and those are basically my notes :) -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.