Digsby is popular multiprotocol IM client that lets you chat with all your friends on AIM, MSN, Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list. It also has social networking feature that lets you keep connected with your friends through popular social network sites such as Facebook, Twitter, LinkedIn, Myspace etc. All these features together with ease of use made it one of the popular IM client around the world in short duration of time.
Update (21th Oct 2010) : Published the First ever Digsby Password Decryption Research Article, “Exposing the Password Secrets of Digsby”
Update (21st Oct 2010) : Released new dedicated Password Recovery Tool for Digsby, DigsbyPasswordDecryptor
Update (15th Oct 2010) : Released IMPasswordDecryptor 1.5 with the support for ‘DigsbyIM’ Password Recovery.
Digsby stores only main account password locally and all other IM account passwords (such as Yahoo, Gmail, AIM) are stored in the servers. The main account password is stored in the ‘logininfo.yaml’ file at following location,
C:\Documents and Settings\<user_name>\Local Settings\Application Data\Digsby
[Windows Vista & Windows 7]
It is always challenging to reverse and discover how a certain application encrypts the password as most apps uses their own unique methods and different algorithms. I was onto the same challenge, when I set to decrypt the Digsby password as I already knew it uses some kind of encryption algorithm with derived key.
It took me around 16 hours of reversing spanned across several days and nights to get to the final password. As usual drive was very interesting and pleasure of cracking it down successfully was immense.
Newer version of Digsby uses better key generation mechanism than the previous one which used just static string as the key for encryption algorithm.Here are the interesting stuffs on how Digsby encrypts the password and how to decrypt it.
Overall it was very interesting experience reversing the algorithm and getting the right on the target. This will come as part of our new tool, IMPasswordDecryptor which will help you to instantly recover passwords stored by popular IM clients.
Watch out this space for release announcements or follow our twitter.
Here is first ever disclosure on Password Decryption of “Digsby IM” + Code Samples = “Exposing the Password Secrets of Digsby”
For our other interesting exposure refer to research article, ‘Password Secrets of Popular Windows Applications’