| |
| FireMasterLinuxLinux |
| Author: Broseidon |
| |
| |
|
|
|
| |
| |
|
|
| |
|
|
FireMasterLinux is
the Linux port of popular tool
FireMaster. FireMaster is the first ever built tool to
recover the lost master password of Firefox. |
|
In order to protect the
stored login passwords, Firefox uses master password. If the master
password is forgotten, then there is no way to recover the master
password and user will lose all the stored login passwords as well.
In this direction, FireMasterLinux helps in recovering lost
master password to get back all the stored passwords.
FireMasterLinux uses combination of techniques such as dictionary,
hybrid and brute force to recover the master password from the
Firefox key database file.
Often it takes long hours and some
times days together to completely recover the master password based
on its length and complexity. Hence one end up performing recovery
operation for days continuously. However Windows system often goes
slower as the day passes and performance is not optimal when it
comes to continuous processing.
In such a case where it
involves processing for long hours with consistent high-performance,
Linux becomes the ideal platform. To address this exact problem, we
have started the project, FireMasterLinux !!! |
| |
| |
|
Firefox comes with
built-in password manager tool which remembers username and passwords
for all the websites you visit. This sign-on information is stored in the encrypted
form in Firefox database files residing in user's profile directory.
However any body can just launch the password manager from the Firefox
browser and view the credentials. Also one can just copy these database
files to different machine and view it offline using the tools such as
FirePassword. |
|
Hence to protect from
such threats, Firefox uses master password to provide enhanced security. By
default Firefox does not set the master password. However once you have set the
master password, you need to provide it every time to view sign-on credentials. So if you
lose this master password that means you have lost all stored
credentials as well. |
|
So far there was no way to recover
these credentials once you have lost the master password. Now with FireMasterLinux you
can recover your master password and get back all the sign-on
passwords. |
| |
| |
|
FireMasterLinux supports
following password generation methods
|
In this mode,
FireMasterLinux uses dictionary file having each word on separate line to
perform the operation. You can find lot of online dictionary with
different sizes and pass it on to Firemaster. This method is more
quicker and can find out common passwords. |
|
This is advanced
dictionary method, in which each word in the dictionary file is prefixed
or suffixed with generated word from known character list. This can find
out password like pass123, 12test, test34 etc. From the specified
character list (such as 123), all combinations of strings are generated
and appended or prefixed to the dictionary word based on user settings. |
|
In this method, all
possible combinations of words from given character list is generated
and then subjected to cracking process. This may take long time
depending upon the number of characters and position count specified. |
|
| |
| |
|
First you need to copy
the key3.db file to temporary directory. Later you have to specify this directory path for FireMasterLinux as a last argument.
Here is the general usage information
|
| |
FiremasterLinux [-q]
[-d -f <dict_file>]
[-h -f <dict_file> -n <length> -g "charlist" [ -s | -p ] ]
[-b -m <length> -l <length> -c "charlist" -p "pattern" ]
<Firefox_Profile_Path>
|
| -d |
Perform dictionary crack |
| -f |
Dictionary file with words on each line |
| |
|
| -h |
Perform hybrid crack operation using dictionary
passwords.
Hybrid crack can find passwords like pass123, 123pass etc |
| -f |
Dictionary file with words on each line |
| -g |
Group of characters used for generating the strings |
| -n |
Maximum length of strings to be generated using above
character list
These strings are added to the dictionary word to form the
password |
| -s |
Suffix the generated characters to the dictionary
word(pass123) |
| -p |
Prefix the generated characters to the dictionary
word(123pass) |
| |
|
| -b |
Perform brute force crack |
| -c |
Character list used for brute force cracking process |
| -m |
[Optional] Specify the minimum length of password |
| -l |
Specify the maximum length of password |
| -p |
[Optional] Specify the pattern for the password |
| |
|
| |
|
| |
| Sample Usage Information |
|
| FireMasterLinux.exe -d -f c:\dictfile.txt
Firefox_Profile_Path |
| |
| FireMasterLinux.exe -h -f c:\dictfile.txt -n 3 -g "123"
-s Firefox_Profile_Path |
| |
| FireMasterLinux.exe -q -b -m 3 -c "abyz126" -l 10 -p
"pa??f??123" Firefox_Profile_Path |
| |
|
| |
| Note that some of the options mentioned above may not have fully
implemented in FireMasterLinux. Hopefully they will be present in future
version. |
| |
Here Firefox_Profile_Path
refers to the directory where key3.db file is present. However you can also copy key3.db file from
any other machine and specify that path during recovering operation. |
| |
Quiet mode ( -q option
) will disable printing each password while recovery is in progress.
This makes it much faster especially for brute force operation. However during brute force operation if
the password count exceeds 50000 passwords then it automatically enters
the
quiet mode. |
| |
Hybrid method tries normal
dictionary password as well as password created by
appending/prefixing the generated strings to the dictionary word.
For example if the dictionary word is "test" and you have specified
character set as '123' (-c 123 -s) then the new passwords will be
test1, test12, test123, test32 etc. |
| |
Character list (-g
for hybrid and -c
for brute force) specifies the characters to be used for generating
passwords. If you don't specify then the default character list is used.
For brute force -m indicates the minimum length of password to be
generated. This can reduce the generated passwords and hence the
time considerably when large number of character set is specified. Similarly
-l (small 'L') specifies the maximum length of password to be
generated. For example, if you specify -m 6 and -l 8 then only
passwords which are of length at least 6 and above but below 8 will
be generated.
Now you can reduce the password cracking time significantly using
pattern based password recovery mechanism. If you know that password
is of certain length and also remember few characters then you can
specify that pattern for brute force cracking. For example, assume
that you have set the master password of length 12 and it begins
with 'fire' and ends with '123' then command will look like below |
| |
| FireMasterLinux.exe -b -c "abyz" -l 12 -p
"fire?????123" c:\testpath |
| |
| This will reduce the time to seconds which otherwise would have
taken days or hours to crack that password. You can even crack the
impossible looking passwords using the right pattern. |
| |
| |
|
FireMasterLinux is tested with latest Firefox version
3.5.6 and it can recover master password successfully from any
Firefox, starting with version 1.0 or more.
If the FireMasterLinux failed to work with your Firefox version then please send me the key3.db and cert8.db (required
for older versions) files which are present in your Firefox profile
directory. Note that sign-on
credentials are stored in the signons.txt file and key3.db just contains
the master password related information. So even if some one knows your
master password it will be useless unless he/she has access to
signons.txt file. |
| |
| |
|
FireMasterLinux is designed with good
intention to recover the lost master password so that every one keep
enjoying their experience with Firefox. Like any other tool its use
either good or bad, depends upon the user who uses it. However author is
not responsible for damages or impact caused due to misuse of FireMasterLinux.
|
| |
| |
| |
| Fixes minor problems parsing arguments for brute force |
| |
| Now Supports Hybrid Cracking. Last single-threaded version of
firemaster_linux. |
| |
| Added support for -m (minimum pass length) and -c (user defined
character set) for password recovery options. |
| |
| First public version of FireMasterLinux |
|
| |
| |
|
|
|
|
|
Note: You need to download the Gecko SDK from
Mozilla website, if you want to build the FireMasterLinux from the source code.
|
| |
| |
|
|
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
