Ingin mengintip password google, mulai gmail, google talk, coba tools ini.
dalam bahasa asli:
Password Secrets of GTalk
GTalk is the Google's instant messenger application integrated with voice and video chat feature. Like any of the Google application it uses the same Google account password and stores it for subsequent logins in an encrypted format.
It stores the account information at following location in the registry
For each account, it creates seperate key with the account name under this registry location as shown below.
GTalk Password Store
For each stored account, the encrypted password stored in the registry value 'pw'.
GTalk encrypts the Google account password using Windows Cryptography functions. Here are the step by step instructions to decrypt this password.
* Enumerate through the GTalk accounts registry key and get the stored account name & encrypted password.
* Now get the currently logged on username & domain name of the system.
* Create the hash of the username and then hash the domain name on top of it to create entropy data of 16 bytes.
* Next hash the encrypted password with magic numbers.
* Finally pass this modified password and entropy data to CryptUnprotectData function to decrypt the password.
Deciphering the Password from Picasa Store
Picasa is the free photo editing software from Google. It facilitates managing and uploading of photo albums to online Google picasa store for sharing with the community. It uses the same Google account for transfering pictures to online web account and stores this password in encrypted format for subsequent logins.
Picasa stores the Google account login details at one of the following location in the registry. However latest version of Picasa (3.6) still uses picasa 2 registry location for storing the settings
The Google account name & encrypted password is stored in the registry values 'GaiaUser' & 'GaiaPass' respectively as shown below.
Google Picassa Registry Store
Like Google Talk it also uses Windows Cryptography mechanism to protect the password. Here are the different methods used by various versions of Picasa to decrypt the password
Decrypting Picasa 2 (or earlier versions) Password
Here are the basic steps to decrypt the Picasa stored password for previous versions
* Retrieve the stored username & encrypted password from above registry location.
* Convert the account name to format 'gaia::
* Modify the encrypted password with crypto magical operations.
* Next derive the crypto key using the modified account name as password.
* Finally decrypt the password using CryptDecrypt function by passing the derived 'crypto key' and modified password.
Decrypting Picasa 3 Password
Here are simple steps to recover the Google password from latest version of Picasa (Version 3.6)
* Retrieve the stored username & encrypted password from above registry location
* Convert the encrypted password from hex-string to hex-binary format.
* Use the CryptUnprotectData function to decrypt the password in clear text.
Gmail Notifier & Google Password
Gmail Notifier is the standalone systray plugin which notifies user about incoming mails in currently configured gmail account.
Based on Internet Explorer version, Gmail Notifier uses different method to store the google account password. For IE version 7 or later, it uses 'Windows Credential Provider' for securely storing the password. Here are simple steps to recover the password...
* Enumerate through all the stored password in 'Windows Credentail Provider' using CredEnumerate function.
* Select the entries which are associated with Google account by checking if TargetName begins with text 'Microsoft_WinInet_www.google.com:443'
* For each of these discovered Google accounts, decrypt the password using CryptUnprotectData function.
Here is the sample code illustrating this method.
Credits : Thanks to SapporoWorks for original work
//Create the entropy/salt required for decryption...
for(int i=0; i< 37; i++)
tmpSalt[i] = (short int)(strSalt[i] * 4);
OptionalEntropy.pbData = (BYTE *)&tmpSalt;
OptionalEntropy.cbData = 74;
//Now enumerate all http stored credentials....
if( (Credential[i]->Type == 1) &&
_strnicmp(Credential[i]->TargetName, "Microsoft_WinInet_www.google.com", strlen("Microsoft_WinInet_www.google.com")) == 0 )
DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob;
DataIn.cbData = Credential[i]->CredentialBlobSize;
if(CryptUnprotectData(&DataIn, NULL, &OptionalEntropy, NULL,NULL,0,&DataOut))
//Extract username & password from credentails (username:password)
sprintf_s(strCredentials, 1024, "%S", DataOut.pbData);
char *ptr = strchr(strCredentials, ':');
*ptr = '\0';
strcpy_s(strUsername, 1024, strCredentials);
strcpy_s(strPassword, 1024, ptr);
printf("Gmail Notifier Stored account details are, Username=%s, Password=%s", strUsername, strPassword);
} // End of FOR loop
} //End of function
Gmail Notifier uses the 'Protected Storage' to store the Google account password for IE version below 7. Here are simple steps to recover such a password.
* Use the 'Protected Storage' API functions to enumerate through the stored website entries.
* Select the entries which are associated with Google by checking if name contains text 'www.google.com'
* Then read the credentials fot this account using PStore functions and parse them out.
This decryption method is clearly illustrated with code example at below location,
'Exposing the Secrets of Internet Explorer'
Gmail notifier is no longer available as standalone application and its now integrated with GTalk.
Revealing Gmail Password from Google Desktop Search
'Desktop Search' is Google's solution to searching on the local system. Additionally you can configure it to index & search your Gmail account by setting up the options as shown below.
Google Desktop Options
Any such configured Google account is stored in the following registry location.
The 'POP3_name' & 'POP3_credentials' registry values hold the account name & encrypted password as shown below
Google Desktop Registry
Here are steps to recover this password
* Retrieve the Google account name & encrypted password from the above mentioned registry location
* Next use the CryptUnprotectData function to uncover the password in plain text.
Recover the Google Password from Internet Explorer
Internet Explorer stores the sign-on login information for all visited websites which will be used to automatically login to that site thus preventing user from entering password everytime. Like other sites, for Google account password information will also be saved.
Before version 7, Internet Explorer used 'Protected Storage' to store these sign-on passwords. Since this is less secure and easy to decipher, with version 7 onwards it uses 'Credential Provider' store & 'Windows Cryptography' functions to securely store the passwords.
Here is the detailed research article which explains how to recover the passwords from any IE version.
'Exposing the Secrets of Internet Explorer'
Recover the Google Password from Chrome
Like Internet Explorer and other browsers, Google Chrome also stores the login passwords for all visited websites based on user consent. Chrome uses Sqlite database to store the account information in encrypted format.
For more information on deciphering the website login passwords from Chrome database read the below article...
'Exposing the Secrets of Google Chrome'
Decrypting the Google Password using GooglePasswordDecryptor
GooglePasswordDecryptor is the FREE tool to instantly recover stored Google account passwords by various Google applications as well as popular web browsers. Most of the Google's desktop applications such as GTalk, Picassa etc store the Google account passwords to prevent hassale of entering the password everytime for the user. Even the web browsers store the sign-on passwords including Google account passwords in an encrypted format. GooglePasswordDecryptor automatically crawls through each of these applications and recovers the encrypted Google account password..
Softwarenya download disini bos: