AIM (AOL Instant Messenger)

AIM version 6.x (till v7.2) onwards stores the password at the following registry location,

HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

AIM PRO version uses the different registry location to store the passwords,



HKEY_CURRENT_USER\Software\AIM\AIMPRO\<Account_Name>



Latest version of AIM (v7.5 since v7.3) stores the encrypted username/password in the file 'aimx.bin' at following location

[Windows XP]

C:\Documents and Settings\<user_name>\Local Settings\Application Data\AIM



[Windows Vista/Windows 7/Windows 8]

C:\Users\<user_name>\AppData\Local\AIM

AIM uses Blowfish encryption algorithm along with Base64 encoding to securely store the login passwords. You can use our FREE tool, AIM Password Decryptor to recover the password saved by all versions of AIM (including latest version v7.5).

Related Tools: Messenger Password Decryptor

Beyluxe Messenger

Beyluxe Messenger stores main account password at following registry location



HKEY_CURRENT_USER\Software\Beyluxe Messenger\<nick_name>

Password for each user is encrypted and stored in the registry value 'password' under this key.

"Exposing the Password Secrets of Beyluxe Messenger" For more technical details on how these passwords are encrypted and decrypted check out, You can recover all such stored account passwords by Beyluxe Messenger using Messenger Password Decryptor

Related Tools: Messenger Password Decryptor

BigAnt Messenger

BigAnt Messenger (version 2.82) stores the login name and password at following registry location,



HKEY_CURRENT_USER\Software\BigAntSoft\BigAntMessenger\Setting

Login name is stored in the registry value "LoginName" and encrypted password is stored in the registry value 'Password' under this key. We will update more details about its encryption method once we crack it down.

Related Tools: Messenger Password Decryptor

Camfrog Video Messenger

Camfrog Video Messenger (version 6.2) stores the login password at following registry location,



HKEY_CURRENT_USER\Software\Camfrog\Client\<user_name>\ProfileInfo

Here <user_name> refers to nick name or login name of the user. Hashed password is stored in registry value "Hash1" under this key.

Related Tools: Messenger Password Decryptor

Digsby

Newer versions of Digsby ( Build 83 - r27225 as of this writing) stores main account password in the 'logininfo.yaml' file at following location,



[Windows XP]

C:\Documents and Settings\<user_name>\Local Settings\Application Data\Digsby



[Windows Vista/Windows 7/Windows 8]

C:\Users\<user_name>\AppData\Local\Digsby



Digsby stores only main account password locally and all other IM account passwords (such as Yahoo, Gmail, AIM) are stored in the servers. Main Digsby password is encrypted using special algorithm with username, windows product id, install date as key and resulting password is then encoded with BASE64 before storing into the above password file.



Earlier versions of Digsby used to save the password in the 'Digsby.dat' file at following location,



[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\Digsby



[Windows Vista & Windows 7]

C:\Users\<user_name>\AppData\Roaming\Digsby



Earlier Digsby versions used hardcoded string 'foo' as key without BASE64 encoding.

'Exposing the Password Secrets of Digsby' For more interesting details on how Digsby encrypts & decrypts these passwords check out, You can use Digsby Password Decryptor to instantly recover Digsby password for all versions.

Google Talk (GTalk)

Google Talk (GTalk) stores all remembered gmail account information at following registry location.

HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts



For each Google account separate registry key is created with the account email id as name under this key. Account password is encrypted and stored in the registry string value named 'pw' within this account registry key.

'Exposing Google Password Secrets' To know more inside secrets of how GTalk encrypts the passwords and how to decrypt it check out, You can use Google Password Decryptor to instantly recover all stored Google account passwords by Gtalk.

IMVU Messenger

IMVU Messenger (version 450.2) stores the login account information at following registry location,

HKEY_CURRENT_USER\Software\IMVU\username

HKEY_CURRENT_USER\Software\IMVU\password

Username is stored in clear text and password is stored in hex format as a default registry value. You can use Messenger Password Decryptor ttool to automatically & quickly recover the login account password stored by IMVU messenger.

Related Tools: Messenger Password Decryptor

Meebo Notifier

Meebo Notifier (beta version) stores the login messenger account passwords in the 'MeeboAccounts.txt' file at below mentioned location depending on your platform.

[Windows XP]

C:\Documents and Settings\Application Data\Meebo\MeeboAccounts.txt



[Windows Vista/Windows 7/Windows 8]

C:\Users\AppData\Roaming\Meebo\MeeboAccounts.txt

This "MeeboAccounts.txt" file contains username in clear text and login password encoded with magic bytes.

Exposing the Password Secrets of Meebo To know these real magic bytes along with sample decoding program read our research article You can use our Meebo Password Decryptor or Online Meebo Password Decoder to automatically and instantly recover all the messenger passwords stored by Meebo Notifier.

Miranda IM

Miranda is open source based popular messenger of recent times. Like most instant messengers, Miranda also stores the all user account information including passwords in the profile location. This is to prevent the user from entering the passwords each time. Latest version of Miranda (v0.9.10) stores the user account & password in the profile file at following location

[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\Miranda\%profile_name%\%profile_name%.dat



[Windows Vista & Windows 7]

C:\Users\<username>\AppData\Roaming\Miranda\%profile_name%\%profile_name%.dat

User can have multiple profiles specific to office or home environment and corresponding account information is stored in the respective profile file.



Initial versions of Miranda stored all account information in .dat file directly within the base location as shown below,

[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\Miranda\<profile_name>.dat



[Windows Vista/Windows 7/Windows 8]

C:\Users\<user_name>\AppData\Roaming\Miranda\<profile_name>.dat



Miranda uses its own proprietary mechanism to encrypt the password before storing into the profile file.

"Exposing the Password Secrets of Miranda" To know inside secrets on how how Miranda encrypts & decrypts the password check out, You can use Miranda Password Decryptor to instantly recover all stored account passwords by Miranda.

MSN Messneger

MSN Messenger also uses 'Credential Store' to securely store the remembered passwords. These passwords are stored as type 'Domain Visible Network' aka '.Net Passport' using the target name as '.Net passport' within the 'Credential Store'.

'Exposing the Password Secrets of MSN/Windows Live Messenger' For more details on how MSN Messengers stores the passwords and how to decrypt it check out You can recover all MSN messenger stored passwords using MSNLive Password Decryptor.

MySpace IM

MySpaceIM is one of the upcoming instant messenger which stores the user account & password details at following location.

[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\MySpace\IM\users.txt



[Windows Vista/Windows 7/Windows 8]

C:\Users\<user_name>\AppData\Roaming\MySpace\IM\users.txt



The user login email id is stored in clear text where as the password is in encrypted format. The password is encrypted using 'Windows Crypto API' functions and then encoded using BASE64 algorithm beforing storing into this file. So in order to decrypt it successfully one has to decode the password using BASE64 and then decrypt it using CryptUnprotectData function. You can use IM Password Decryptor to instantly recover stored account passwords by MySpaceIM.

Related Tools: Messenger Password Decryptor

Nimbuzz Messenger

Nimbuzz Messenger (version 1.6) stores the login account information at following registry location,

HKEY_CURRENT_USER\Software\Nimbuzz\PCClient\Application

It stores all the account details including login username & password (stored in hex format) in registry values "username" & "password" respectively.



You can use Messenger Password Decryptor to automatically & quickly recover the login account password stored by Nimbuzz.

Related Tools: Messenger Password Decryptor

PaltalkScene

PaltalkScene stores main account password at following registry location



HKEY_CURRENT_USER\Software\Paltalk\<nick_name>

Password is encrypted and stored in the registry value 'pwd' under this key. All other IM passwords such as Gmail, Yahoo, AIM etc are saved under separate sub keys under this registry key. For example Gmail accounts are stored under following registry key,

HKEY_CURRENT_USER\Software\Paltalk\<nick_name>\GGL\<gmail_address>



All these IM passwords are encoded with BASE64 and stored in 'pwd' registry value.

Exposing the Password Secrets of PaltalkScene For more technical details on how Paltalk encrypts the password and how to decrypt it check out, You can recover main password as well as all the IM passwords stored by Paltalk using Paltalk Password Decryptor.

Pidgin (Formerly Gaim)

Pidgin stores all configured account passwords in the "Accounts.xml" file located at following directory



[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\.purple



[Windows Vista & Windows 7]

C:\Users\<username>\AppData\Roaming\.purple

Older versions (Gaim) used .gaim folder instead of .purple to store the account details. For each stored account, 'Accounts.xml' file contains the <account> tag, which has sub tags <name> & <password> containing the account email address and password in plain text respectively. You can recover Pidgin passwords using Messenger Password Decryptor

Related Tools: Messenger Password Decryptor

Skype

Skype does not store password directly. Instead it stores the encrypted hash of the password in the 'config.xml' located in Skype's user profile directory. Typical user profile directory for Skype will be as follows,

[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\Skype\<account_name>



[Windows Vista/Windows 7/Windows 8]

C:\Users\<username>\AppData\Roaming\Skype\<account_name>

This config.xml contains <Credentials2> tag which contains encrypted hash of the password. As per the research paper 'Vanilla Skype' written by Fabrice Desclaux and Kostya Kortchinsky, Skype uses the MD5 hash of string "username

skyper

password" for authentication. If user has set the 'Remember password' option then this MD5 hash is encrypted using AES-256 & SHA-1 algorithms and finally saved into the 'Config.xml' file. Since the HASH of the password is saved, it is not possible to directly get the password. Instead one has to use dictionary or brute force approach to find out the right password from the hash. This approach may take days or months together based on the length & complexity of the password. You can use our 'Skype Password Recovery' to recover your lost or forgotten Skype password.

Related Tools: Skype Password Recovery

Tencent QQ

Tencent QQ is one of the popular instant messenger which stores the user's login information in the file "Registry.db" at following location

C:\Users\<user_name>\Documents\Tencent Files\<qq_login_id\QQ

This "Registry.db" file is in the OLE storage format which can be viewed using DocFile Viewer. However internal login information is encrypted using Blowfish algorithm.

Related Tools: Messenger Password Decryptor

Trillian

[Version 4.21 build 24] - [Version 5.0.0.26]

Trillian Astra stores only main account passwords (called as Identity or Astra password) in the 'accounts.ini' file at below mentioned location. But all other IM account passwords (such as Yahoo, Gtalk, AIM, MSN etc) are stored on the servers.



[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\Trillian\users\global\



[Windows Vista/Windows 7/Windows 8]

C:\Users\<username>\AppData\Roaming\Trillian\users\global\



For each account it contains section named '[Account<number>]" under which all information for that account is stored. Username is stored in the field named 'Account=' and password is stored in the field 'Password='. Trillian first performs XOR encoding of the password with standard pattern and then encodes it with BASE64 before storing it.

Exposing the Password Secrets of Trillian To know more stuff on how Trillian encodes and decodes the password on the fly, check out You can use Trillian Password Decryptor to automatically recover passwords stored by all versions of Trillian.

Windows Live Messenger

Windows Live Messenger stores the account password at 'Credential Store' which provides different mechanisms such as 'Generic', 'Domain Network', 'Domain Visible Network' etc which applications can use to store and retrieve their private credentials. Each such method requires different technique and privilege level to enumerate and decrypt the passwords. Windows Live Messenger uses 'Generic Password'mechanism of 'Credential Store' to store the passwords under the target name 'WindowsLive:name=<email_id>'.

'Exposing the Password Secrets of MSN/Windows Live Messenger' To know more about how to recover stored passwords by Live Messenger, read on, You can use MSNLive Password Decryptor to instantly recover all such passwords stored by Live Messenger.

Xfire

Xfire is a free tool that automatically keeps track of when and where gamers are playing games online with more than million members. Xfire stores the user settings including login username & password in a file "XfireUser.ini" at following location,

[Windows XP]

C:\Documents and Settings\<user_name>\Application Data\Xfire



[Windows Vista/Windows 7/Windows 8]

C:\Users\<username>\AppData\Roaming\Xfire\



Xfire uses blowfish encryption algorithm for both username & password. Each encrypted Username is stored with the label "EncryptedUser1" and password is stored as "EPW1". However Xfire does not store the original password directly. Instead it generates the SHA1 hash of username+password+"UltimateArena" and then store the encrypted data of this SHA1 hash. You can use Xfire Password Decryptor to instantly recover the login passwords from Xfire.

Yahoo Messenger

Yahoo Messenger prior to version 7 used to store the password in the registry value 'EOptions String' at following registry location,

HKEY_CURRENT_USER\Software\Yahoo\Pager

This password is encrypted and then encoded using Yahoo64 (similar to Base64) algorithm and stored at above location. The actual algorithm and encoding functionality is present in ycrwin32.dll (can be found in installed location of Yahoo Messenger). For version 7 onwards, Yahoo stores the encrypted token derived from username & password in registry value 'ETS' at same registry location. Though you cannot decrypt this token back to the password but you can copy it to another machine and continue to login to Yahoo Messenger

In Depth Analysis of Yahoo Authentication Schemes For more interesting details on this password token & authentication mechanism refer to