FireMaster - The Firefox Master Password Cracking Tool


FireMaster is the First ever tool to recover the lost Master Password of Firefox.

Master password is used by Firefox to protect the stored loign/password information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lose all the passwords stored in it.

However you can now use FireMaster to recover the forgotten master password and get back all the stored Login/Passwords.

FireMaster supports Dictionary, Hybrid, Brute-force and advanced Pattern based Brute-force password cracking techniques to recover from simple to complex password. Advanced pattern based password recovery mechanism reduces cracking time significantly especially when the password is complex.

FireMaster is successfully tested with all versions of Firefox starting from 1.0 to latest version v13.0.1.

It works on wide range of platforms starting from Windows XP to Windows 8.

Firefox Password Manager and Master Password

Firefox comes with built-in password manager tool which remembers username and passwords for all the websites you visit. This login/password information is stored in the encrypted form in Firefox database files residing in user's profile directory.
However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword.

Hence to protect from such threats, Firefox uses master password to provide enhanced security. By default Firefox does not set the master password. However once you have set the master password, you need to provide it every time to view login credentials. So if you lose the master password then that means you have lost all the stored passwords as well.

So far there was no way to recover these credentials once you have lost the master password. Now the FireMaster can help you to recover the master password and get back all the sign-on information.

Internals of FireMaster

Once you have lost master password, there is no way to recover it as it is not stored at all.
Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string. If the decrypted data matches this known string then the entered password is correct. FireMaster uses the similar technique to check for the master password, but in more optimized way.
The entire operation goes like this.
  • FireMaster generates passwords on the fly through various methods.
  • Then it computes the hash of the password using known algorithm.
  • Next this password hash is used to decrypt the encrypted data for known plain text (i.e. "password-check").
  • Now if the decrypted string matches with the known plain text (i.e. "password-check") then the generated password is the master password.

Firefox stores the details about encrypted string, salt, algorithm and version information in key database file key3.db in the user's profile directory. You can just copy this key3.db file to different directory and specify the corresponding path to FireMaster. You can also copy this key3.db to any other high end machine for faster recovery operation.

FireMaster supports following password recovery methods

1) Dictionary Cracking Method
In this mode, FireMaster uses dictionary file having each word on separate line to perform the operation. You can find lot of online dictionary with different sizes and pass it on to Firemaster. This method is more quicker and can find out common passwords.

2) Hybrid Cracking Method
This is advanced dictionary method, in which each word in the dictionary file is prefixed or suffixed with generated word from known character list. This can find out password like pass123, 12test, test34 etc. From the specified character list (such as 123), all combinations of strings are generated and appended or prefixed to the dictionary word based on user settings.

3) Brute-force Cracking Method
In this method, all possible combinations of words from given character list is generated and then subjected to cracking process. This may take long time depending upon the number of characters and position count specified. 

4) Pattern based Brute-force Cracking Method
Pattern based cracking method significantly reduces the password recovery time especially when password is complex. This method can be used when you know the exact password length and remember few characters.

How to use FireMaster?

First you need to copy the key3.db file to temporary directory. Later you have to specify this directory path for FireMaster as a last argument.

Here is the general usage information

Firemaster [-q]
           [-d -f ]
           [-h -f  -n  -g "charlist" [ -s | -p ] ]
           [-b -m  -l  -c "charlist" -p "pattern" ]
           

Note: With v5.0 onwards, you can specify 'auto' (without quotes) in place of "" to automatically detect default profile path.
 
Dictionary Crack Options:
   -d  Perform dictionary crack
   -f  Dictionary file with words on each line
    
Hybrid Crack Options:
   -h  Perform hybrid crack operation using dictionary passwords.
Hybrid crack can find passwords like pass123, 123pass etc
   -f  Dictionary file with words on each line
   -g  Group of characters used for generating the strings
   -n  Maximum length of strings to be generated using above character list
These strings are added to the dictionary word to form the password
   -s  Suffix the generated characters to the dictionary word(pass123)
   -p  Prefix the generated characters to the dictionary word(123pass)
    
Brute Force Crack Options:
   -b  Perform brute force crack
   -c  Character list used for brute force cracking process
   -m  [Optional] Specify the minimum length of password
   -l  Specify the maximum length of password
   -p   [Optional] Specify the pattern for the password

Examples of FireMaster
// Dictionary Crack
FireMaster.exe -d -f c:\dictfile.txt auto
 
// Hybrid Crack
FireMaster.exe -h -f c:\dictfile.txt -n 3 -g "123" -s auto
 
 // Brute-force Crack
FireMaster.exe -q -b -m 3 -l 10 -c "abcdetps123" "c:\my test\firefox"
 
 // Brute-force Crack with Pattern
FireMaster.exe -q -b -m 3 -c "abyz126" -l 10 -p "pa??f??123" auto


FireMaster - The Firefox Master Password Cracking Tool FireMaster - The Firefox Master Password Cracking Tool Reviewed by Zion3R on 6:48 PM Rating: 5