Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - rafX

Pages: [1]
1
Tutorials / Re: How Mozilla saves passwords
« on: May 08, 2013, 01:03:09 pm »
I've googled a lot but I can't find these information... Probably the only way to find out is to analyzing Mozilla source code . Anyway, thanks for answering :)

2
Tutorials / Re: How Mozilla saves passwords
« on: May 07, 2013, 04:50:27 pm »
Yes, I've read this section before, but it doesn't explain me derivation key process well. My basic problem is to discover where should I started to read key's bytes from. In your case you had plain-text strings like ''password-check” or „global-salt”. In my case there is no information like that. Description provided on: drh.consultancy.demon.co.uk doesn't provide this guidance.

I've generated a few key3.db files and I noticed that starting from 0x00002F60 byte there is 16 probably constant bytes (I've no idea what does they means) and after them I obtained different bytes chain for different files – probably it's a key or its part, but I'm still not able to extract it propertly.

3
Tutorials / Re: How Mozilla saves passwords
« on: May 07, 2013, 02:08:53 pm »
Great description and thanks for source code examples. I've been trying to go one step further and try to decode entries in signons.sqlite. I've read these items are encrypted with 3DES ant next encoded to Base64 format but I suppose it a little bit more complicated... So I have a few questions.

1. If you read encrypted values from signons.sqlite and decode them from Base64 you would receive array of bytes with length is undivided by 8... As I know the length of encrypted data by 3DES (CBC) should by multiple of this value, but it's not. Probably something should be omitted, am I right?

2. I'm still wondering where private keys entries are located in key3.db file. I guess it should be from 0x00002F60 byte but it's still hard to me to clarify how the key value (and parameters like salt) should by obtained

Cheers

Pages: [1]