Digsby is popular multiprotocol IM client that lets you chat with all your friends on AIM, MSN, Yahoo, ICQ, Google Talk, and Jabber with one simple to manage buddy list. It also has social networking feature that lets you keep connected with your friends through popular social network sites such as Facebook, Twitter, LinkedIn, Myspace etc. All these features together with ease of use made it one of the popular IM client around the world in short duration of time.
.
Update (21th Oct 2010) : Published the First ever Digsby Password Decryption Research Article, “Exposing the Password Secrets of Digsby”
Update (21st Oct 2010) : Released new dedicated Password Recovery Tool for Digsby, DigsbyPasswordDecryptor
Update (15th Oct 2010) : Released IMPasswordDecryptor 1.5 with the support for ‘DigsbyIM’ Password Recovery.
.
Digsby stores only main account password locally and all other IM account passwords (such as Yahoo, Gmail, AIM) are stored in the servers. The main account password is stored in the ‘logininfo.yaml’ file at following location,
[Windows XP]
C:\Documents and Settings\<user_name>\Local Settings\Application Data\Digsby
[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Local\Digsby
It is always challenging to reverse and discover how a certain application encrypts the password as most apps uses their own unique methods and different algorithms. I was onto the same challenge, when I set to decrypt the Digsby password as I already knew it uses some kind of encryption algorithm with derived key.
It took me around 16 hours of reversing spanned across several days and nights to get to the final password. As usual drive was very interesting and pleasure of cracking it down successfully was immense.
Newer version of Digsby uses better key generation mechanism than the previous one which used just static string as the key for encryption algorithm.Here are the interesting stuffs on how Digsby encrypts the password and how to decrypt it.
.
Overall it was very interesting experience reversing the algorithm and getting the right on the target. This will come as part of our new tool, IMPasswordDecryptor which will help you to instantly recover passwords stored by popular IM clients.
Watch out this space for release announcements or follow our twitter.
.
Here is first ever disclosure on Password Decryption of “Digsby IM” + Code Samples = “Exposing the Password Secrets of Digsby”
.
For our other interesting exposure refer to research article,
‘Password Secrets of Popular Windows Applications’
Tweet
[...] the previous post ‘Art of Decrypting Digsby Password’ , I have exposed on decrypting the Digsby password. Today I am going to write about internal [...]
Hash cracker is a web-service that allows you to encrypt your passwords
or crack your hashed passwords with MD5, SHA1 or NTLM algorithms.
You can also encode or decode texts with Base64 system.
http://www.hash-cracker.com
Video tutorial:
http://www.youtube.com/watch?v=JVxdQPdGXec
decryption process is very good….still there is a problem that is i do i know about sequencing of “Product Id, Install Date and Digs by user name”and how do i get all the things…n still i don’t have RC4 source code
[...] decryption of both Digsby & PaltalkScene few months back itself. Then I had written about Digsby Password Decryption and Paltalk Password Decryption in a short & sweet form. Soon I am going to write much [...]
very nice post, i certainly love this website, keep on it