200 OK SwatantrAI

Many people ask about the location in the Registry or file system that applications store the passwords. Here is a list of password storage locations for popular applications.

Be aware that even if you know the location of the saved password, it doesn’t mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile.

Internet Explorer 4.00 – 6.00 : The passwords are stored in a secret location in the Registry known as the “Protected Storage”.

The base key of the Protected Storage is located under the following key :

HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider

You can browse the above key in the Registry Editor (RegEdit), but you won’t be able to watch the passwords, because they are encrypted.
Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.

Internet Explorer 7.00 – 8.00 : The new versions of Internet Explorer stores the passwords in 2 different locations.

AutoComplete passwords are stored in the Registry under

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2

HTTP Authentication passwords are stored in the Credentials file under

Documents and Settings\Application Data\Microsoft\Credentials

together with login passwords of LAN computers and other passwords.

IE PassView can be used to recover these passwords.

Firefox: The passwords are stored in one of the following filenames:

signons.txt, signons2.txt, and signons3.txt (depends on Firefox version)

These password files are located inside the profile folder of Firefox, in

[Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name]

Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.

Google Chrome Web browser: The passwords are stored in

[Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data

(This filename is SQLite database which contains encrypted passwords and other stuff)

Opera: The passwords are stored in wand.dat filename, located under

[Windows Profile]\Application Data\Opera\Opera\profile

Outlook Express (All Versions): The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer.

Outlook 98/2000: Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.

Both Mail PassView and Protected Storage PassView utilities can recover these passwords.

Outlook 2002-2008: All new versions of Outlook store the passwords in the same Registry key of the account settings.

The accounts are stored in the Registry under

HKEY_CURRENT_USER\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index]

If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.
Windows Live Mail: All account settings, including the encrypted passwords, are stored in

[Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name]

The account filename is an xml file with .oeaccount extension.

ThunderBird: The password file is located under

[Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name]

You should search a filename with .s extension.

Google Talk: All account settings, including the encrypted passwords, are stored in the Registry under

HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]

Google Desktop: Email passwords are stored in the Registry under

HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[Account Name]

MSN/Windows Messenger version 6.x and below: The passwords are stored in one of the following locations:

1.    Registry Key:     HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
2.    Registry Key:     HKEY_CURRENT_USER\Software\Microsoft\MessengerService
3.    In the Credentials file, with entry named as     “Passport.Net\\*”. (Only when the OS is XP or more)

MSN Messenger version 7.x: The passwords are stored under

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[Account Name]

Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with “WindowsLive:name=”.

Yahoo Messenger 6.x: The password is stored in the Registry, under

HKEY_CURRENT_USER\Software\Yahoo\Pager

(”EOptions string” value)

Yahoo Messenger 7.5 or later: The password is stored in the Registry, under

HKEY_CURRENT_USER\Software\Yahoo\Pager – “ETS” value.

The value stored in “ETS” value cannot be recovered back to the original password.

AIM Pro: The passwords are stored in the Registry, under

HKEY_CURRENT_USER\Software\AIM\AIMPRO\[Account Name]

AIM 6.x: The passwords are stored in the Registry, under

HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

ICQ Lite 4.x/5.x/2003: The passwords are stored in the Registry, under

HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number]

(MainLocation value)

ICQ 6.x: The password hash is stored in

[Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb

(Access Database)

(The password hash cannot be recovered back to the original password)

Digsby: The main password of Digsby is stored in

[Windows Profile]\Application Data\Digsby\digsby.dat

All other passwords are stored in Digsby servers.

PaltalkScene: The passwords are stored in the Registry, under

HKEY_CURRENT_USER\Software\Paltalk\[Account Name].

'Coz sharing is caring

BIOS passwords can add extra layer of security for desktop and laptop computers, and are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. BIOS passwords can also be a liability if a user forgot their passwords, or if a malicious user changes the password. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in a typical warranty. However, there are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS password on most systems.

To enter the BIOS Setup try these keystrokes:

AMI BIOS: Del key during the POST
DTK BIOS: Esc key during the POST
Award BIOS: Ctrl-Alt-Esc
misc BIOS: Ctrl-Esc
Phoenix BIOS: Ctrl-Alt-Esc or Ctrl-Alt-S
IBM PS/2 BIOS: Ctrl-Alt-Ins after Ctrl-Alt-Del

Backdoor Passwords

Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password. These passwords are case sensitive, so you may wish to try a variety of combinations.

WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords.

Award BIOS backdoor passwords:

ALFAROME	BIOSTAR	KDD	ZAAADA
ALLy	CONCAT	Lkwpeter	ZBAAACA
aLLy	CONDO	LKWPETER	ZJAAADC
aLLY	Condo	PINT	01322222
ALLY	d8on	pint	589589
aPAf	djonet	SER	589721
_award	HLT	SKY_FOX	595595
AWARD_SW	J64	SYXZ	598598
AWARD?SW	J256	syxz
AWARD SW	J262	shift + syxz
AWARD PW	j332	TTPTHA
AWKWARD	j322
awkward

AMI BIOS Backdoor Passwords:

AMI		BIOS		PASSWORD		HEWITT RAND
AMI?SW		AMI_SW		LKWPETER		CONDO

Phoenix BIOS Backdoor Passwords:

phoenix

PHOENIX

CMOS

BIOS

Misc. Common Passwords

ALFAROME	BIOSTAR	biostar	biosstar
CMOS	cmos	LKWPETER	lkwpeter
setup	SETUP	Syxz	Wodj

Other BIOS Passwords by Manufacturer

Manufacturer	Password

VOBIS & IBM	Merlin
Dell	Dell
Biostar	Biostar
Compaq	Compaq
Enox	xo11nE
Epox	Central
Freetech	Posterie
IWill	Iwill
Jetway	Spooml
Packard Bell	bell9
QDI	QDI
Siemens	SKY_FOX
TMC	BIGO
Toshiba	Toshiba

Toshiba BIOS

Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot

IBM Aptiva BIOS

Press both mouse buttons repeatedly during the boot

Motherboard “Clear CMOS” Jumper or Dipswitch settings

Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS passwords. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturers documentation. If the documentation is unavailable, the jumpers/dipswitches can sometimes be found along the edge of the motherboard, next to the CMOS battery, or near the processor. Some manufacturers may label the jumper / dipswitch CLEAR – CLEAR CMOS – CLR – CLRPWD – PASSWD – PASSWORD – PWD. On laptop computers, the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop.

Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. Once you locate and rest the jumper switches, turn the computer on and check if the password has been cleared. If it has, turn the computer off and return the jumpers or dipswitches to its original position.

Removing the CMOS Battery

The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. (It looks like a small watch battery). If you unplug the PC and remove the battery for 10-15 minutes, the CMOS may reset itself and the password should be blank. (Along with any other machine specific settings, so be sure you are familiar with manually reconfiguring the BIOS settings before you do this.) Some manufacturers backup the power to the CMOS chipset by using a capacitor, so if your first attempt fails, leave the battery out (with the system unplugged) for at least 24 hours. Some batteries are actually soldered onto the motherboard making this task more difficult. Unsoldering the battery incorrectly may damage your motherboard and other components, so please don’t attempt this if you are inexperienced. Another option may be to remove the CMOS chip from the motherboard for a period of time.
Note: Removing the battery to reset the CMOS will not work for all PC’s, and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power, so removing the CMOS battery may not work at all. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. If you reset the BIOS password, but cannot reset the hard drive password, you may not be able to access the drive and it will remain locked, even if you place it in a new laptop. IBM Thinkpads have special jumper switches on the motherboard, and these should be used to reset the system.

Use the Debug command

Boot to MS- DOS prompt, run through the below example, this example is perfectly fine to run on any PC Computer running MS-DOS / Windows and will not harm anything.

DEBUG script that will just reset the password only
Type debug and press enter.   (ex. A:\>debug )
After typing debug you will get “-” as a prompt ,type these exactly how they are written.
o 70 10
o 71 20
quit
Explanation of code:
DEBUG    ; Run DEBUG, “-” will appear on each line then type:
o 70 20     ; Send 70 to address 18
o 71 21     ; Send 71 to address FF
q              ; Quit DEBUG
or you can use this alternate DEBUG script that will just reset the the BIOS
A
MOV AX,0
MOV AX,CX
OUT 70,AL
MOV AX,0
OUT 71,AL
INC CX
CMP CX,100
JB 103
INT 20
Note: Nothing is typed on this line
G By pressing G this will execute the above script
Q

Then reboot and you will get a Setup Checksum Error. Go into setup, correct all the incorrect values, time, date…

Alternatively you can use the program WipeCMOS from a boot floppy

Use the Decoding software

CmosPwd by CGSecurity – This is probably the most up to date and popular CMOS decryption tool. CmosPwd decrypts password stored in cmos used to access BIOS SETUP, you can also backup, restore and erase/kill cmos.You will have to be logged in as administrator, run ioperm -i command and then run cmospwd_win.exe
PC CMOS Cleaner – PC CMOS Cleaner is an easy-to-use tool to recover, delete, decode and display the superior passwords stored in BIOS whatever the brand is. It’s an bootable CD that runs on x86 and x86_64 computers. It can display the superior passwords of the BIOS, remove BIOS password(will set the BIOS to default status, need reset date).

'Coz sharing is caring