| |
| Exposing the Password Secrets of Beyluxe Messenger |
| Author:
Departure |
|
|
|
|
|
|
|
| |
| |
|
|
| |
|
Beyluxe is the latest instant messenger which is still in early Beta
stage. Along with basic chatting it also offers group video calls,
public/private chat rooms & free video conferencing services.
|
| |
|
Like most of IM clients, Beyluxe
also stores the user account details including passwords in the
registry for subsequent logins so that user do not have to enter the
password every time. Note that the password is stored only if user
has selected 'Save Password' at login time.
Beyluxe saves
your password in the Registry at following location in the registry
under the sub key named after your nickname |
|
| HKEY_CURRENT_USER\Software\Beyluxe Messenger\<nick_name> |
|
|
|
Actual encrypted password is stored under above key with value name
as 'Password'.
For example I could find the
encrypted password for my nickname in the registry at following location
as shown in the screen shot above |
|
|
HKEY_CURRENT_USER\Software\Beyluxe Messenger\Departure\ |
| |
| |
|
Beyluxe uses almost similar
encryption algorithm as that of
PaltalkScene Messenger. For more interesting
details refer to the research article,
'Exposing the
Password Secrets of PaltalkScene'Coming back to Beyluxe,
let us retrieve the encrypted
password from the registry. It may look similar to
'229226264233285234272' which is my encrypted password for
BeyluXe, Just this alone tells us a few info like the length of the
original password. Divide the length of this registry password
string by 3 and you will have the length of the original password.
In my case the length of the encrypted password is 21 characters in
length, so that would make my original password Length 7 characters
long. Lets visualize splitting this encrypted password up
into 3's
|
|
"229226264233285234272"
229 = 1st char
226 = 2nd char
264 = 3th char
233 = 4th char
285 = 5th char
234= 6th char
272=
7th char
|
|
| At the moment it does not tell us much except the length of the
Unencrypted Password, we will discover more in our next section |
| |
| |
|
The decryption process requires a
couple of variables and some small mathematics, The variables
required is the system Hard drive serial number in hex format and
your user name, These two variables get mix by using 1 char of user
name and then 1 char of Hard drive Serial, Then concatenated so the
mixed string is equal or greater than the Unencrypted password
length( in my case 7 characters) For Example My Hard drive serial in
hex format is '8ED93AAE' and my User name is 'Departure' so my mixed
string would look like, [To understand how to get drive
serial number, refer to 'Exposing the
Password Secrets of PaltalkScene']
|
|
| "D8eEpDa9r3tAuArEe" |
|
We wont need to concatenate this string because its already longer
than Unencrypted password length, The next stage is the mathematical
part.
This is where our Encrypted password from the registry
comes in to play, So we know our password is 7 characters long(by
dividing Encrypted password by 3) and we also know the encrypted value
for each character of our password. Now would be a good time to get
familiar with the ASCII chart and understand for each character of the
alphabet there is a decimal and a hex representation, So with that in
mind we do something like this to decrypt (in Delphi) the first char of
the password. |
|
| 1st Unencrypted
Character = Char(229 - (ord('D') xor 4) - 116) => 1 (first char of
original password) |
|
| Here is the detailed step by step explanation of above decryption
process |
-
Each time we took the first 3 Encrypted password characters
(for first step, it is '229' )
-
Then we took the decimal
value(ord) of nth char (for first step, it is 'D') in our earlier formed
serial ( 'D8eEpDa9r3tAuArEe' ) and Xor'ed it with 4
- Finally
subtract 116 from it to get the nth char (for first step, it is '1') of
original password.
|
For the first step, we took the first 3 Encrypted password
characters '229', Then we took the decimal value(ord) of 'D' and Xor'ed
it with 4. Lets break this down a little more, going by the ASCII chart
'D' = 68 in decimal, so we can say that '68 xor 4 then we minuses 116
so the whole sum looks like '229 - (68 xor 4) - 116
68 xor 4 =
64 so we can also say '229 - 64 - 116 which of cause equals 49, So we
convert 49 to its character value which is '1 so the first Character of
our password = '1' |
| |
Keeping the above logic lets decrypt the rest.. |
|
2nd Unencrypted
Character = Char(226- (ord('8') xor 4) - 116) = 2
3rd
Unencrypted Character = Char(264- (ord('e') xor 4) - 116) = 3
4th Unencrypted Character = Char(233- (ord('E') xor 4) - 116) = 4
5th Unencrypted Character = Char(285- (ord('p') xor 4) - 116) = 5
6th Unencrypted Character = Char(234- (ord('D') xor 4) - 116) = 6
7th Unencrypted Character = Char(272- (ord('a') xor 4) - 116) = 7 |
|
| And we have the original Password which is '1234567' |
| |
| |
|
|
MessengerPasswordDecryptor is the FREE software to instantly recover stored
passwords from most of the popular instant messengers. Most of the
messengers have the auto-login feature which requires the user
account information including password to be saved in encrypted
format for subsequent logins. MessengerPasswordDecryptor helps in instantly
recovering such stored passwords for popular instant messengers.
|
|
|
|
| You can use MessengerPasswordDecryptor to automatically recover all stored
passwords by Beyluxe Messenger for all nicknames. It is portable tool
and works across wide range of platforms starting from Windows XP to
Windows 7. |
| |
| |
|
In nutshell, above article explains how Beyluxe messenger encrypts
and stores its account password. In the second part it shows how one can
decrypt such encrypted password to recover the original password.
Note that above decryption process is based on early beta version of
Beyluxe Messsenger and it may change with upcoming versions of the
Messenger. |
|
|
|
|
|
|
|
| |
| |
| |
| |
