Where are email passwords stored in Android? What to do if you forgot your Android phone password or code? How to recover passwords for all applications

Where are email passwords stored in Android? What to do if you forgot your Android phone password or code? How to recover passwords for all applications

Hello Habr! I am a young developer specializing in Android development and information security. Not long ago I wondered: how Google Chrome stores saved user passwords? Analyzing information from the network and the files of Chrome itself (the article was especially informative), I discovered certain similarities and differences in the implementation of saving passwords on different platforms, and for demonstration I wrote applications for retrieving passwords from Android versions browser.

How it works?

As we can know from various online publications on this topic, Google Chrome on PC stores the passwords of its users in the following directory:
"C:\Users\SomeUser\AppData\Local\Google\Chrome\User Data\Default\" in file " Login Data".

This file is a SQLite database, and it is quite possible to open and view it. In the table logins we can see the following fields of interest to us: origin_url(Website address), username_value(login), password_value(password). The password is represented as a byte array, and is encrypted using a machine key, individual for each system. More details can be found in the article. Thus, there is some kind of protection in the Windows client.

Android

But since I’m more into Android, my attention was drawn to the Android browser client.

“Picking open” the package Google Chrome (com.android.chrome), I found that its structure is very similar to the structure of the PC client, and it was not difficult to find exactly the same database responsible for storing user passwords. Full path to the database is the following: "/data/data/com.android.chrome/app_chrome/Default/Login Data". In general, this database is very similar to its “big sister” from the PC version, with only one, but very significant difference - passwords are stored here in clear text. The question arises: is it possible to programmatically extract passwords from the database? The answer turned out to be quite obvious - yes, if your application has root rights.

Implementation

For greater clarity, it was decided to make our own tool for retrieving passwords from the browser database.

To describe its work in a nutshell, it works like this:

  • Gets root.
  • Copies the Chrome database to its own directory.
  • Using chmod, accesses a copy of the database.
  • Opens the database and retrieves information about logins and passwords.
The application was posted on Google Play.

Conclusion

As a conclusion from the work done, we can say that if you have root rights, pulling out the password database from the browser and sending it to your server is a completely solvable task, and this fact should make you think about whether you should trust any application with superuser rights .

I hope this article was informative. Thank you for your attention!

Hello Habr! I am a young developer specializing in Android development and information security. Not long ago I wondered: how does Google Chrome store saved user passwords? Analyzing information from the network and the files of Chrome itself (this article was especially informative), I discovered certain similarities and differences in the implementation of saving passwords on different platforms, and for demonstration I wrote applications for retrieving passwords from the Android version of the browser.

How it works?

As we can know from various online publications on this topic, Google Chrome on PC stores the passwords of its users in the following directory:
"C:\Users\SomeUser\AppData\Local\Google\Chrome\User Data\Default\" in file " Login Data".

This file is a SQLite database, and it is quite possible to open and view it. In the table logins we can see the following fields of interest to us: origin_url(Website address), username_value(login), password_value(password). The password is represented as a byte array, and is encrypted using a machine key, individual for each system. You can learn more from this article. Thus, there is some kind of protection in the Windows client.

Android

But since I’m more into Android, my attention was drawn to the Android browser client.

“Picking open” the package Google Chrome (com.android.chrome), I found that its structure is very similar to the structure of the PC client, and it was not difficult to find exactly the same database responsible for storing user passwords. The full path to the database is as follows: "/data/data/com.android.chrome/app_chrome/Default/Login Data". In general, this database is very similar to its “big sister” from the PC version, with only one, but very significant difference - passwords are stored here in clear text. The question arises: is it possible to programmatically extract passwords from the database? The answer turned out to be quite obvious - yes, if your application has root rights.

Implementation

For greater clarity, it was decided to make our own tool for retrieving passwords from the browser database.

To describe its work in a nutshell, it works like this:

  • Gets root.
  • Copies the Chrome database to its own directory.
  • Using chmod, accesses a copy of the database.
  • Opens the database and retrieves information about logins and passwords.
The application was posted on Google Play.

Conclusion

As a conclusion from the work done, we can say that if you have root rights, pulling out the password database from the browser and sending it to your server is a completely solvable task, and this fact should make you think about whether you should trust any application with superuser rights .

I hope this article was informative. Thank you for your attention!

There are times when you forgot your VKontakte password, you need to log in on another device, for example from a mobile phone, and you forgot the password, but sometimes you can look at your password.

Quick navigation:

How can you find out your VK password from an Android phone?

Practice viewing your password on devices running the operating system Android systems, does not at all work out in favor of the forgetful VKontakte user. The fact is that it is very difficult to look up the password from VK if you previously logged in from a mobile application or through a browser. Just think about how much different software you need to install, and there are no guarantees; on the contrary, you can waste time and catch some kind of infection. If you have the opportunity, then better take advantage.

Of course, you can dig up tips on how to do this using programs, but most likely such attempts will end in failure. After all, the speed of getting into the index search engines, leaves much to be desired, the most that can be found is programs that are a month old, or even a year old. Naturally, everything is already outdated. Of course, you can play Hacker, but then don’t say that we didn’t warn you when you catch a virus on your device.

Find out the password in the VK mobile application for iPhone.

Here, do not think that you will be able to go into the settings and find out your password. Even information about email and phone number is hidden, just a few characters are open to remember possibly forgotten information.


A working way to find out the password from VKontakte.

In my opinion, the best way to find out your password from VKontakte, and not only from any site. You can use the auto-save password features.

A page with saved passwords will open, in the search window, start typing the site vk.com and in the search results, you can see your password.

Where are passwords stored in phones based onAndroid?

Almost every owner of an account on a social network or a well-known Email, forgot my password. In most cases, find out forgotten password quite simple, since many social networks offer the ability to recover a password by sending an instant message to the subscriber number or email specified during registration. Some sites likemail. ru, they offer to recover the password using a code question, the answer to which the user indicated during registration.But there are often times when password recovery seems impossible. This happens when data such as email address and phone numbers are lost. For example, a user has forgotten his password for his VKontakte account, but cannot send the code by message, since the number is already linked to another page, and the email account has long been abandoned. In this case, you have to fill out a large form for recovery, starting with specifying your passport data up to sending a photo of the monitor with a completed page (to prove that you are not a robot).But, as it turned out, the owner of the phonesAndroid, it is much easier to recover a password if you know where passwords are stored in Android. To do this, just follow the instructions below.

How to find passwords for applications and browsers in Android

- LoadingonPlay MarketapplicationRoot Manager.This application is necessary so that the database search program, which you will need to download later, works without failures. It takes up little memory, so anyone can download it. If the app is not compatible with your phone, you must search for it using your device model. Enter in the search bar “RootManager( phone model name)".

- Then we download another SQLite Editor application, the work of which will be interconnected with the previously installed oneRoot. This application is really very useful for every userAndroid. The application instantly scans the device for the presence of a database and shows a list of all applications that contain the database. To find the required password, first we search the databases, and then select the required one from the listbrowser or application (depending on the case). After selecting, a menu appears where you need to click “webview. Db". Finally, a table is shown indicating passwords and other stored data in the application, that is, what we were looking for.

As our lives rapidly digitize, we are literally surrounded by a variety of passwords. And when the number of services goes up into dozens, remembering passwords for them is simply unrealistic. You can, of course, use the same password everywhere, but this is very insecure. Lost it - and all the details of your life may go to someone not very friendly. Therefore, it is more correct to invent everywhere different passwords, and then write them down in a secluded place.

But how to choose this place? So that it’s both convenient and reliable? There are hundreds of options. I won't tell you about all the password storage apps. It will take too much time because I have tried a lot of things. I’ll tell you better about the two that I eventually settled on.

I've been using Android for many years with pleasure. free application B-Folders. It, unlike many analogues, is truly free - there are no restrictions on the number of fields in records, or on the number of records themselves. The database is stored in encrypted form; by default, access to it is opened after entering a password or PIN code (your choice). For an additional amount, you can enable fingerprint unlocking (299 rubles).

The developer has been working on the application since 2009 and seems to have thought of everything. In the settings, you can change the appearance of the application and cards, set the time for forced clearing of the clipboard after you have copied the password into it, enable the database to self-destruct after a certain number of incorrectly entered passwords, etc. and so on. The paranoia of the authors has reached the point that you can’t even take a screenshot in the application - and this, by the way, is absolutely correct.

You can find fault with two things. Firstly, the interface is not localized - everything is in English. There are no problems with Russian names and passwords, and all important inscriptions are duplicated with clear icons. But for some it may be a nuisance.

Secondly, there is no option to automatically synchronize the database with cloud storages. Perhaps this was also done for additional security of the password database. But the latter can be saved as an encrypted file, sent to any cloud (Dropbox, OneDrive, etc.), and downloaded from there to another phone. The procedure takes literally a minute, and all your favorite settings are moved along with the database.

So, I probably would have only used B-Folders, but life forced me to look for a multi-platform solution. So that you can also spy on particularly tricky passwords on Android, iOS, and your computer. I tried everything and finally settled on... Kaspersky Password Manager. The application is also free by default, but if you don’t add money, you can only store 15 passwords. If you want more, please pay extra. You cannot buy the application forever; the license is valid for a year. But, unfortunately, this is the case with all decent multi-platform games with online synchronization. The only question is the price.

And, strange as it may sound, in the case of Kaspersky Password Manager it can be very different. I was stupid to buy a license directly through App Store, where they cheated me out of 1000 rubles. And on the Kaspersky Lab website the same thing costs only 450 rubles. If you purchased a license for Kaspersky Total Security (1,990 rubles per year for two computers), then Password Manager will be a free bonus.

Since Password Manager has Russian roots, localization is fully present. There are different card formats for websites, apps, and personal data, plus there's a separate section for notes. Of course, also encrypted. I liked that when you enter a password for a site, its icon is automatically updated in the menu - this makes it easier not to get lost when there are a lot of passwords. Also, if you open the site directly from the application, it will try to insert the password into the form. It doesn’t always work out, because the forms are written in so many different ways. But sometimes it really saves time.

Passwords entered once are stored in the Kaspersky Lab cloud and are accessible from any authorized devices. Additional protection is provided by the presence of a master password: that is, it is not enough to enter your account information, you need another one on top. Login to the application using a PIN code, fingerprint, or - in the case of the iPhone X - by facial expression. There are versions for PC and Mac, but it’s probably easier to access it through a browser.

The only disadvantage of the product is the lack of the opportunity to buy a lifetime license, it’s somehow safer with it. But it seems that the time for such licenses is running out.

Take care of your passwords! There is too much to lose with them. Suffice it to remember the hundreds of sufferers who forgot the details of their Bitcoin wallets :)

Views: 4,604



Popular in the category:
How to create a karaoke clip on a computer?
How to create a karaoke clip on a computer?
read
The Origin app is required for the game, but it is not installed. FIFA 16 requires Origin.
The Origin app is required to play, but it is not installed FIFA...
read
Registering a personal page on the social network Facebook
Registering a personal page on the social network Facebook
read
How to Run a Simple Nmap Nmap Scan
How to Run a Simple Nmap Nmap Scan
read

Latest Articles
How to rotate an image a few degrees...
read
Disabling advertising in Yandex browser Where...
read
Troubleshooting Wi-Fi connection problems on...
read
Change password on Windows 10 profile
read
Instructions for setting up wireless routers...
read
How to choose a hard drive and which one is better to buy...
read
Meizu for dummies. Calls and address book....
read
Download PDFMaster program
read
Top