FireMaster - The Firefox Master Password Cracking Tool
FireMaster is the First ever tool to recover the lost Master Password of Firefox.
Master password is used by
Firefox to protect the stored loign/password information for all
visited websites. If the master password is forgotten, then there
is no way to recover the master password and user will lose all
the passwords stored in it.
However you can now use FireMaster to recover the forgotten master password and get back all the stored Login/Passwords.
FireMaster
supports Dictionary, Hybrid,
Brute-force and advanced
Pattern based Brute-force password
cracking techniques to recover from simple to complex password.
Advanced pattern based password
recovery mechanism reduces cracking time significantly especially when the
password is complex.
FireMaster is successfully tested with all versions of Firefox starting from 1.0 to latest version v13.0.1.
It works on wide range of
platforms starting from Windows XP to Windows 8.
Firefox comes with
built-in password manager tool which remembers username and passwords
for all the websites you visit. This login/password information is stored in the encrypted
form in Firefox database files residing in user's profile directory.
However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword.
However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword.
Hence to protect from
such threats, Firefox uses master password to provide enhanced security. By
default Firefox does not set the master password. However once you have set the
master password, you need to provide it every time to view login credentials. So if you lose
the master password then that means you have lost all the stored passwords as well.
So far there was no way to recover these credentials once you have lost the master password. Now the FireMaster can
help you to recover the master password and get back all the sign-on
information.
Once you have lost master password, there is no way to
recover it as it is not stored at all.
Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string. If the decrypted data matches this known string then the entered password is correct. FireMaster uses the similar technique to check for the master password, but in more optimized way.
The entire operation goes like this.
Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string. If the decrypted data matches this known string then the entered password is correct. FireMaster uses the similar technique to check for the master password, but in more optimized way.
The entire operation goes like this.
- FireMaster generates passwords on the fly through various methods.
- Then it computes the hash of the password using known algorithm.
- Next this password hash is used to decrypt the encrypted data for known plain text (i.e. "password-check").
- Now if the decrypted string matches with the known plain text (i.e. "password-check") then the generated password is the master password.
Firefox stores the
details about encrypted string, salt, algorithm and version information
in key database file key3.db in the user's profile directory. You can
just copy this key3.db file to different directory and specify the
corresponding path to FireMaster. You can also copy this key3.db to any
other high end machine for faster recovery operation.
FireMaster supports
following password recovery methods
In this mode,
FireMaster uses dictionary file having each word on separate line to
perform the operation. You can find lot of online dictionary with
different sizes and pass it on to Firemaster. This method is more
quicker and can find out common passwords.
This is advanced
dictionary method, in which each word in the dictionary file is prefixed
or suffixed with generated word from known character list. This can find
out password like pass123, 12test, test34 etc. From the specified
character list (such as 123), all combinations of strings are generated
and appended or prefixed to the dictionary word based on user settings.
In this method, all
possible combinations of words from given character list is generated
and then subjected to cracking process. This may take long time
depending upon the number of characters and position count specified.
4) Pattern based Brute-force Cracking
Method
Pattern based cracking method significantly reduces the password
recovery time especially when password is complex. This method can
be used when you know the exact password length and remember few
characters.
How to use FireMaster?
First you need to copy
the key3.db file to temporary directory. Later you have to specify this directory path for FireMaster as a last argument.
Here is the general usage information
Firemaster [-q]
[-d -f ]
[-h -f -n -g "charlist" [ -s | -p ] ]
[-b -m -l -c "charlist" -p "pattern" ]
Note: With v5.0 onwards, you can specify 'auto' (without quotes) in place of "" to automatically detect default profile path.
Dictionary Crack Options:
-d Perform dictionary crack
-f Dictionary file with words on each line
Hybrid Crack Options:
-h Perform hybrid crack operation using dictionary passwords.
Hybrid crack can find passwords like pass123, 123pass etc
-f Dictionary file with words on each line
-g Group of characters used for generating the strings
-n Maximum length of strings to be generated using above character list
These strings are added to the dictionary word to form the password
-s Suffix the generated characters to the dictionary word(pass123)
-p Prefix the generated characters to the dictionary word(123pass)
Brute Force Crack Options:
-b Perform brute force crack
-c Character list used for brute force cracking process
-m [Optional] Specify the minimum length of password
-l Specify the maximum length of password
-p [Optional] Specify the pattern for the password
Examples of FireMaster
// Dictionary Crack
FireMaster.exe -d -f c:\dictfile.txt auto
// Hybrid Crack
FireMaster.exe -h -f c:\dictfile.txt -n 3 -g "123" -s auto
// Brute-force Crack
FireMaster.exe -q -b -m 3 -l 10 -c "abcdetps123" "c:\my test\firefox"
// Brute-force Crack with Pattern
FireMaster.exe -q -b -m 3 -c "abyz126" -l 10 -p "pa??f??123" auto
FireMaster - The Firefox Master Password Cracking Tool
Reviewed by Zion3R
on
6:48 PM
Rating: