WLM Password Decryption

Did you ever have forgotten your Windows Live Messenger password? Once forgotten you are completely logged out of all services like: Hotmail, Messenger and other services because they are all sharing the same ID.

In this article I will l explain you what kind of storage/encryption mechanism is used by the Windows Live Messenger and how you can recover such stored passwords with Delphi in conjunction with JWA.

Well, you might asked why I wrote such a tool when there are masses out in the wild which will recover the Live Messenger password and the passwords of most if not all other messenger applications.

The answer is simple because a lot of tools aren’t freeware which I hardly noticed as I really was in need to find one quickly due to a problem at my brother’s pc.

The next problem is if you really found a freeware tool which would do the task can you trust it?

WLM Decrypter Image

Screenshot of WLM Decrypter

Well, and then there were a lot of tools which are marked as freeware but contains Trojans or adware. So I decided to write my because I was curious to know if I could do it and how Windows Live Messenger works while encrypting stored passwords.

On the left you can see a screenshot  of my WLM Decrypter tool.

By the way let me please say the following since I received some mails asking me for a project file. Well,  the code is right in front of this article so everyone can compile it themselves.

Encryption Mechanism

MSN and Windows Live Messenger both using the same storage the “Credential Store” like Windows does for network authentication passwords but  also application like RDP, or Outlook to name a few of them. You can access this storage using the Credential Management API Functions.

Windows ‘Credential Store’ supports different type of password storage mechanisms. Each type uses different kind of encryption and requires different level of privileges for decryption.

Here are the main types

  • Generic Password
  • Domain Password
  • Domain Visible Password / .NET Passport
  • Certificates

Recovering Password from Windows Live Messenger

All versions of Live Messenger including latest 2011 edition uses same storage and encryption mechanism “Generic Password” to store the credentials. ‘Generic Password’ types are user specific and can be decrypted only in the security context of corresponding user.

procedure DecryptWLPassword();
var
  dwCount: DWORD;
  CredArray: PCredentialsArray;
  I: Integer;
  Pwd: string;
begin
  dwCount := 0;
  CredArray := nil;
  Memo1.Lines.Clear;

  try
   Win32Check(CredEnumerate('WindowsLive:name=*', 0, dwCount,
      PCREDENTIALW(CredArray)));

  for I := 0 to dwCount - 1 do
  begin
    with Memo1.Lines, CredArray^[I]^ do
    begin
      if CredentialBlobSize > 0 then
      begin
        SetLength(pwd, CredentialBlobSize div sizeof(Char));
        CopyMemory(@pwd[1], CredentialBlob, CredentialBlobSize);
      end
      else
      begin
        SetLength(pwd, 0);
      end;
        Add(Format('Username: %s Password: %s', [Username, pwd]));
    end;
  end;
  except
    ShowMessage('Sorry no accounts found maybe the user doesn''t saved the password');
  end;
  if dwCount > 0 then
    SecureZeroMemory(@pwd[1], Length(pwd));
    CredFree(CredArray);
end;

The Main decrypting routine above uses JwaWindows which gives us a simply access to the Credential Management API Functions.

  • onoffwy

    hello
    thank you very much bat i have same error !
    i add JwaWindows to uses and i use delphi7
    ————————–
    Build
    [Error] Unit1.pas(31): Undeclared identifier: ‘PCredentialsArray’
    [Warning] Unit1.pas(40): Symbol ‘Win32Check’ is specific to a platform
    [Error] Unit1.pas(41): Types of actual and formal var parameters must be identical
    [Error] Unit1.pas(45): Pointer type required
    [Error] Unit1.pas(47): Undeclared identifier: ‘CredentialBlobSize’
    [Warning] Unit1.pas(47): Comparing signed and unsigned types – widened both operands
    [Warning] Unit1.pas(50): Unsafe code ‘@ operator’
    [Error] Unit1.pas(56): Undeclared identifier: ‘Username’
    [Warning] Unit1.pas(63): Unsafe code ‘@ operator’
    [Fatal Error] Project1.dpr(5): Could not compile used unit ‘Unit1.pas’
    ———————————-
    please send this project to my e-mail

    • http://private-storm.de stOrM!

      Hi,
      it will not help you (I’m using D2010!) since from the errors you have it looks like you did not follow the instructions correctly on how to compile JwaWindows for Delphi 7. So I suggest do it again and dont mix JwaWindows and the Windows unit.

      About the PCredentialsArray it looks like this:

      const
      ANYSIZE_ARRAY = 1;

      type
      TPCredentialsArray = array [0 .. ANYSIZE_ARRAY – 1] of PCREDENTIALW;
      PCredentialsArray = ^TPCredentialsArray;

      How to setup Jwa Library:
      http://blog.delphi-jedi.net/2007/12/27/how-to-setup-the-library/

      Jwscl goes here:
      http://blog.delphi-jedi.net/2008/03/03/how-to-setup-jwscl/

  • onoffwy

    it is work after install d2010
    ———————————
    for i:=0 to (9999999999999999999) do
    write(‘thank you ‘);
    ———————————