FireMaster with Pattern based Password Recovery Technique

Pattern based password recovery is not new concept. However it has been used very rarely in the present day programs besides its importance and improvement it brings on the performance.

It relies on the fact that each of us remembers some part of the password even though we have forgotten the password. This can be any parameters such as length, first few letters, end letters or middle part of the password.Also many of us have habits of choosing all of our passwords of particular pattern. When the person possess certain information about the password, it greatly reduces the time required to recover such a password.

Now the new FireMaster 2.5 introduces this technique which aims to recover the most complex or impossible looking passwords in very realistic time frame and also brings down the recovery time significantly.

To demonstrate this practically, lets take a example of password with 12 letters containing only lower case alphabets and numbers. Recovering such a password with brute force approach will take months together even on high end machines.

Now assume that certain information about this lost password is available, say for example password is of length 12, begins with ‘fire’ and ends with ’12’.

FireMaster with Pattern Based Recovery Technique

In this case, running FireMaster using brute force method coupled with new pattern based recovery technique, this impossible looking password can be recovered in just 6 hours….!!!

Isn’t that cool ???

Best result comes when both the tool and the person’s brain are running at their top potential…!

– Nagareshwar





Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]


1 Ping/Trackback

  1. November 15, 2008    

    thanks for your information …but i have some question to you,what you mean about firefox_profile_path??i hope you explaint to me,,thanks before..( will be wait your email

  2. December 11, 2008    

    i have recieve your email and i want thanks for you before.
    in my firefox,C:\Documents and Settings\\Application
    Data\(in here i dont see any file)…
    by theway,,i read from magazine about fire password will delete by microsoft,didnt he??.
    —– physickers—
    peace be with you

  3. andy andy
    December 31, 2009    

    um, it didn’t work for me. I set my master password as “password” and tried brute force w/ either character set or pattern matching switches & neither worked on firefox version 3.5.6 on Windows 7 64 bit:

    C:\FireMaster_bin>firemaster -b -p “passwo?d” -l 8 “C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\asdfasdf.default”

    Firef0x Master Password Recovery Version 3.5
    by Nagareshwar Y Talekar
    For latest version visit
    Performing Firefox Master Password Recovery operation ……

    Firefox profile path : [C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\asdfadsf.default]

    Password Recovery Method : Bruteforce
    Maximum Password Length : 8
    Minimum Password Length : 8
    Bruteforce Character Set : [abcdefghijklmnopqrstuvwxyz*@#!$123]
    Password Pattern : [passwo?d]

    Press any key to start the Master Password recovery operation..
    Performing bruteforce crack …
    Total password count = 34
    Total Bruteforce Time = 00d 00h 00m 01s (Assuming 100000 cracks per second)

    Press any key to continue the BruteCr@cK…

    1 = Attempting passwoad
    2 = Attempting passwobd
    3 = Attempting passwocd
    4 = Attempting passwodd
    5 = Attempting passwoed
    6 = Attempting passwofd
    7 = Attempting passwogd
    8 = Attempting passwohd
    9 = Attempting passwoid
    10 = Attempting passwojd
    11 = Attempting passwokd
    12 = Attempting passwold
    13 = Attempting passwomd
    14 = Attempting passwond
    15 = Attempting passwood
    16 = Attempting passwopd
    17 = Attempting passwoqd
    18 = Attempting password
    19 = Attempting passwosd
    20 = Attempting passwotd
    21 = Attempting passwoud
    22 = Attempting passwovd
    23 = Attempting passwowd
    24 = Attempting passwoxd
    25 = Attempting passwoyd
    26 = Attempting passwozd
    27 = Attempting passwo*d
    28 = Attempting passwo@d
    29 = Attempting passwo#d
    30 = Attempting passwo!d
    31 = Attempting passwo$d
    32 = Attempting passwo1d
    33 = Attempting passwo2d
    34 = Attempting passwo3d
    Password not found 🙁 , try better options

  4. January 6, 2010    

    Just now I have tried with Firefox latest version 3.5.7 and FireMaster 3.5 and it is working great…!

    I guess you have set the wrong password, may be you have set it like passw0rd (number 0 instead of letter o) and you are trying to get it right for “password” (note the letter o instead of number 0).

    use the -c option to override the default character set (abcdefghijklmnopqrstuvwxyz*@#!$123) which does not include number 0 .

    Good luck

  5. […] Brute force to recover the master password from the Firefox key database file. Now it also supports “patten based password recovery mechanism” which significantly reduces the time taken to recover the […]

  1. Security Blog by Nagareshwar » Blog Archive » FireMaster Video Tutorial Showing Hybrid & Bruteforce Method on September 17, 2010 at 1:23 pm

Leave a Reply

Our Company

Follow us on Facebook

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list