Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Mar 2012 21:32:37 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking Thunderbirds password database.

On Tue, Mar 20, 2012 at 4:59 PM, a <fromthestormofshadows@...il.com> wrote:
> I have managed to extract the encrypted user names and passwords from my
> Thunderbird database file, signons.sqlite and saved the data to a plain
> text file. I have eight lines, each with the user name and password, yet
> I have four email accounts. There is also the file, key3.db, which
> contains information about encryption for the passwords in signons.sqlite.
>
> However John states there are "No password hashes loaded (see FAQ)" for
> all files.
>
> Apparently the passwords in signons.sqlite are encoded by using base64
> and encrypted with 3DES and key3.db provides the decryption.
A PKCS-12 PBE With Sha1 and 3Des in CBC mode :)
http://www.sei.cmu.edu/reports/99tn010.pdf

> I am not sure how to tackle this problem.
This has been approached before here, but nothing came of it. These files
are encrypted with NSS found in the Mozilla Dev kit and in FF source.
I've been compiling information that pertains to this very task, but with focus
on FF as opposed to TB.
The previous thread about FF/signons.sqlite:
http://www.openwall.com/lists/john-users/2008/10/09/2 (old version)
http://www.openwall.com/lists/john-users/2009/07/18/2
Firemaster does provide source:
http://securityxploded.net/getfile.php?file=FiremasterLinux.zip
Some additional code I've found:
https://gist.github.com/1208808
http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html
https://wiki.mozilla.org/NSS_Shared_DB
"global salt" is important (naturally)
I've created a number of example files I'll post a link to in the morning.

Again I'm no programmer but I did a bit of research the last few weeks
into this issue and those are basically my notes :)
-rich

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ