Password in MSN

[saracen]

Where is the password for MSN Messenger in the registary data?

thanx

[da_silvy]

What do you need to know this for?

It's probably encrypted or something, so that you can't just get into someone's email address.

Do a search thru the registry for your password - mine couldn't be found. Can yours?

[saracen]

Nope, i can't find mine. I know it will be encrypted. I just want to know where it is, ill keep lookin because i know it is there somplace, because there was an old post ages ago where it could be found, but i can't find it now...


It is in Current user, thats all i can remember

[BrianHawley]

I agree, It's probably in the registry in encrypted form.

What you can do is take a copy of the registry files, then change your password, then compare the copy with the original to see what key has changed.

There are some tools that will do this for you automatically, but I can't find a link to one right now. They can take a'picture' of the registry - for instance before and after registering an application - and then tell you what keys have changed.

Of course finding it is only part of the problem. You still have to break the encryption scheme.

[VIsualPenguin]

I think it doesn't stand in the registry. I think you log on at microsoft' servers. there will be a big password list. why should the password stand at your computer??

VIP

[BrianHawley]

Originally posted by VIsualPenguin
I think it doesn't stand in the registry. I think you log on at microsoft' servers. there will be a big password list. why should the password stand at your computer??

VIP

Because you can log on automatically without typing your password each time. Must be stored somewhere. (Maybe a cookie?)

[Xa0z]

Hey, I don't know if any of you guys is a cracker or something 'cause the MSN pass is encrypted with MD5 (256 bits encryption ) before it is saved.

[da_silvy]

How did you know?

[Armatendo]

Im suprised its not encrypted with 1024 bit encryption.

[sam0010]

Someone should crackmsn open and find out the encryption patttern

[filburt1]

Or if you forgot it just get a new Passport. We don't hack here.

[sunburnt]

your password cannot be "encrypted" with MD5 in the registry; MD5 is not an encryption method; it's a one-way hash algorithm. However, MSN messanger does use MD5 when sending your password to the server; the server knows your password, and checks it's MD5 hash of your password against your MD5 hash of the password; if you both hashed the same thing, the result should be the same, and it knows you have entered the correct password.

[da_silvy]

We're just hacks (@ programming )

[saracen]

I never said anything about hacking did i??? i just wanted to know where to find it, and by the way i found it so stop worring, IM NOT A HACKER!!!! and for the reason i want to know, u don't have to worrie about, coz it was for me and nobody else. God am i internet tough guy!!

[da_silvy]

it's australian slang man


it means we try, but we're not good

or something

Where did you find it?

[saracen]

Not to sure where it is, as i am at school, but when i get home ill hav a look, But i think that it is in Current_User | Software | Microsoft | Messenger <<< its someplace in there, and u will know thats it because it is something Password:

[da_silvy]

Ok then.

I will wait until u get home

[saracen]

Right, goit,,, first of all u need to hav the password saved on your computer (or it won't show in registry)

Right... it is in

HKEY_CURRENT_USER\software\Microsoft\MessengerService


And it is named Password.NET Messenger Service



Simple really! (except the de -cryptin part, thats hard!!)

[DRnetman86]

Have you tried going onto Hotmail and creating a new password with your password hint? If all you need is the password, that should do the trick (unless you're cracking). Try a search at one of the many cracking engines at astalavista.com for a MSN decryptor. I saw one there before.

[DaoK]

I do not understand why you need the password...

[da_silvy]

I still think it will be pretty difficult to decode it anyway.

It will only work if they save their password as well

[fbokker]

Actually at least I am not interested in getting to know my password, just due to the fact that microsoft starts to use your hotmail account automatically as personal identification tool in internet, it would be interesting to know, how safe it is (not that I would ever trust microsoft with my personal information, but...)

[da_silvy]

it could probably be decoded.

[saracen]

hey i got all i really wanted to know. And if they do save the password u can see what it is in a normal format wiv a program that i found called Revelation, u put ur mouse icon over the *'s in the password box and it displays the real letters. And let me say again, i am not a hacker (not yet anywayz)

[[Digital-X-Treme]]

Hey, I don't know if any of you guys is a cracker or something 'cause the MSN pass is encrypted with MD5 (256 bits encryption ) before it is saved.

I think the password for MSN is actually just encoded using a variation of Base64 or something. There was a thread not so long ago on this forum, where someone wrote an algorithm to decode the password... You might wanna look for it.

Laterz

[[Digital-X-Treme]]

Here's the thread: http://forums.vb-world.net/showthrea...threadid=99863

Laterz

[DaoK]

it could probably be decoded.

Everything can be decoded...but it can be hard

[da_silvy]

omg cyrillic is a freak

how did he work that out?

oh well.

He must be reasonably smart

[scsa20]

all this nonsince about getting someone's password from MSN....the only way to get it if someone saves there password for there MSN Messager. this is how it all works:

If password saved: it saves's it in the registry all encrypted and all, and once you click on the "OK" button or whatever, it sends it to the server to a db to check to see it's right and if it is, it pings back to and shows you online.

If password isn't saved: it's not in the registry so it's alot harder to get your password, then everything else from above.

[JasonLpz]

Here it is if you dont already have it help you like it

[proff.hacker]

try this code to decode the msn password from your registry

Code:

Private Const HKEY_CURRENT_USER = &H80000001
Private Const REG_BINARY = 3 'Free form binary
Private Const ERROR_SUCCESS = 0&
Private Const REG_SZ = 1
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Private Function Base64Decode(ByVal pStrContents)
    Dim mStrBase64 As String
    Dim lStrResult
    Dim lLngPosition
    Dim lStrGroup64
    Dim lStrGroupBinary
    Dim lStrChar1
    Dim lStrChar2
    Dim lStrChar3
    Dim lStrChar4
    Dim lByt1
    Dim lByt2
    Dim lByt3
    mStrBase64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
    If Len(pStrContents) Mod 4 > 0 Then
        pStrContents = pStrContents & String(4 - (Len(pStrContents) Mod 4), "=")
    End If
    lStrResult = ""
    For lLngPosition = 1 To Len(pStrContents) Step 4
        lStrGroupBinary = ""
        lStrGroup64 = Mid(pStrContents, lLngPosition, 4)
        lStrChar1 = InStr(mStrBase64, Mid(lStrGroup64, 1, 1)) - 1
        lStrChar2 = InStr(mStrBase64, Mid(lStrGroup64, 2, 1)) - 1
        lStrChar3 = InStr(mStrBase64, Mid(lStrGroup64, 3, 1)) - 1
        lStrChar4 = InStr(mStrBase64, Mid(lStrGroup64, 4, 1)) - 1
        lByt1 = Chr(((lStrChar2 And 48) \ 16) Or (lStrChar1 * 4) And &HFF)
        lByt2 = lStrGroupBinary & Chr(((lStrChar3 And 60) \ 4) Or (lStrChar2 * 16) And &HFF)
        lByt3 = Chr((((lStrChar3 And 3) * 64) And &HFF) Or (lStrChar4 And 63))
        lStrGroupBinary = lByt1 & lByt2 & lByt3
        lStrResult = lStrResult + lStrGroupBinary
    Next
    Base64Decode = lStrResult
End Function
Private Function GetSettingByte(ByVal hKey As Long, ByVal strPath As String, ByVal strValueName As String) As Variant
Dim lValueType As Long
Dim byBuffer() As Byte
Dim lDataBufferSize As Long
Dim lRegResult As Long
Dim hCurKey As Long
GetSettingByte = 0
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, ByVal 0&, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
    If lValueType = REG_BINARY Then
        ReDim byBuffer(lDataBufferSize - 1) As Byte
        lRegResult = RegQueryValueEx(hCurKey, strValueName, 0&, lValueType, byBuffer(0), lDataBufferSize)
        GetSettingByte = byBuffer
    End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Public Function GetSettingString(hKey As Long, strPath As String, strValue As String) As String
Dim hCurKey As Long
Dim lResult As Long
Dim lValueType As Long
Dim strBuffer As String
Dim lDataBufferSize As Long
Dim intZeroPos As Integer
Dim lRegResult As Long
GetSettingString = ""
lRegResult = RegOpenKey(hKey, strPath, hCurKey)
lRegResult = RegQueryValueEx(hCurKey, strValue, 0&, lValueType, ByVal 0&, lDataBufferSize)
If lRegResult = ERROR_SUCCESS Then
    If lValueType = REG_SZ Then
        strBuffer = String(lDataBufferSize, " ")
        lResult = RegQueryValueEx(hCurKey, strValue, 0&, 0&, ByVal strBuffer, lDataBufferSize)
        intZeroPos = InStr(strBuffer, Chr$(0))
        If intZeroPos > 0 Then
            GetSettingString = Left$(strBuffer, intZeroPos - 1)
        Else
            GetSettingString = strBuffer
        End If
    End If
Else
'there is a problem
End If
lRegResult = RegCloseKey(hCurKey)
End Function
Private Sub Form_Load()
Dim MyBytes As Variant
Dim Loopy As Integer
Dim EncodedPass As String
Dim DecodedPass As String
Dim Username As String
'if you have msn 3.6 >>>> "PasswordMSN Messenger Service"
MyBytes = GetSettingByte(HKEY_CURRENT_USER, "Software\Microsoft\MessengerService", "Password.NET Messenger Service")
If VarType(MyBytes) = vbArray + vbByte Then
    For Loopy = 0 To UBound(MyBytes)
        EncodedPass = EncodedPass & Chr(MyBytes(Loopy))
    Next
End If
DecodedPass = Base64Decode(EncodedPass)
'if you have msn 3.6 >>>> "UserMSN Messenger Service"
Username = GetSettingString(HKEY_CURRENT_USER, "Software\Microsoft\MessengerService", "User.NET Messenger Service")
If Username <> "" Then Label2.Caption = Username
If DecodedPass <> "" Then Label3.Caption = Left(DecodedPass, Len(DecodedPass) - 4)
End Sub

[saracen]

Right thanx ppl, u hav helped me alot. For some reason I created a program thet i can send to ppl and it diplays there password as their nickname if they hav it saved. Don't worrie those who moan about hacking, i AINT gonna use it (hahah evil laugh), and i cant really coz i speak to friends on MSn and thats what its all about, so i ain't gonna hack them... BUT!

If that guy who email bomb me eva comes online!!, WATCH IT FELLA!!!

[JasonLpz]

budyy you have a problem in the form load event it goes like this

Code:

Private Sub Form_Load()
Dim MyBytes As Variant
Dim Loopy As Integer
Dim EncodedPass As String
Dim DecodedPass As String
Dim Username As String
'if you have msn 3.6 >>>> "PasswordMSN Messenger Service"
MyBytes = GetSettingByte(HKEY_CURRENT_USER, "Software\Microsoft\MessengerService", "Password.NET Messenger Service")
If VarType(MyBytes) = vbArray + vbByte Then
    For Loopy = 0 To UBound(MyBytes)
        EncodedPass = EncodedPass & Chr(MyBytes(Loopy))
    Next
End If
DecodedPass = Base64Decode(EncodedPass)
'if you have msn 3.6 >>>> "UserMSN Messenger Service"
Username = GetSettingString(HKEY_CURRENT_USER, "Software\Microsoft\MessengerService", "User.NET Messenger Service")
If Username <> "" Then Label2.Caption = Username
If DecodedPass <> "" Then Label3.Caption = Left(DecodedPass, Len(DecodedPass) - 0)
End Sub

ok not like

Code:

Private Sub Form_Load()
Dim MyBytes As Variant
Dim Loopy As Integer
Dim EncodedPass As String
Dim DecodedPass As String
Dim Username As String
'if you have msn 3.6 >>>> "PasswordMSN Messenger Service"
MyBytes = GetSettingByte(HKEY_CURRENT_USER, "Software\Microsoft\MessengerService", "Password.NET Messenger Service")
If VarType(MyBytes) = vbArray + vbByte Then
    For Loopy = 0 To UBound(MyBytes)
        EncodedPass = EncodedPass & Chr(MyBytes(Loopy))
    Next
End If
DecodedPass = Base64Decode(EncodedPass)
'if you have msn 3.6 >>>> "UserMSN Messenger Service"
Username = GetSettingString(HKEY_CURRENT_USER, "Software\Microsoft\MessengerService", "User.NET Messenger Service")
If Username <> "" Then Label2.Caption = Username
If DecodedPass <> "" Then Label3.Caption = Left(DecodedPass, Len(DecodedPass) - 4)
End Sub

in other words you have to put a - 0 instead of a - 4
cuz the decryption is longer in .net version. You can use - 4
but what if you have a long pass or it changes. If the encrypt it more you would have to change the code all over again so keeping it on 0 would be best

[DaoK]

I do not see how people can make code to decode something like that...How do you start to "decrypt" a code than you do not know how it was crypted ?

[proff.hacker]

to do like that you should get the source code of MSN messenger from Micorosoft by any way you like

[chrisjk]

Originally posted by JasonLpz
budyy you have a problem in the form load event it goes like this

That appends extra characters onto the end, the code he posted originally works.

[DaoK]

lol

[JasonLpz]

you didnt read my comment at the end then

You can use - 4 but what if you have a long pass or it
changes. If the encrypt it more you would have to change the code all over again so keeping it on 0 would be best

If they decide to make the encryption more (longer) than you are ok if you stick with 0 .

[chrisjk]

You said the encryption is longer in the Net version, except it isn't because 4 works

[JasonLpz]

no i meant when you first got this code i bet it was on - 5 you brang it to -4. Im saying that if they change it you have to keep on lowering it am i right. So might as well leave it on 0 i say