How to Recover Login Password of Skype Messenger

How to Recover Login Password of Skype Messenger
November 14, 2019
in Password Recovery, Password Secrets
No Comments
2234

This research article exposes the password secrets of Skype including where your login password is stored, how it is stored and how to recover it automatically.

Skype Password Secrets

Skype saves login password in file called “config.xml” at following location

[Windows Vista/7/8/10]
C:\Users\[user_name]\AppData\Roaming\Skype\[account]\config.xml

[Windows XP/2003] 
C:\Documents and Settings\[user_name]\Application Data\Skype\[account]\config.xml

Here are the important password related entries from this “config.xml” file

 <config version="1.0" serial="2737" timestamp="1431444935.11">
   <Account>
      <Credentials3>277D7A10073..............A5401A6</Credentials3>
      <LastUsed>1431444925</LastUsed>
      <LocalData>4215</LocalData>
  </Account>
</config>

Here “Credentials3” (“Credentials2” in old versions) value refers to encrypted password hash. Skype password hash is derived by performing MD5 hash of “username\nskyper\npassword”.

Above password hash value is encrypted using AES-256 algorithm with the static 256-bit key. This Key value is stored at below registry location in encrypted format,

HKEY_CURRENT_USER\Software\Skype\ProtectedStorage\

Here value “0” or “1” refers to Key value that is encrypted using Windows DPAPI functions (CryptProtectData).

How to Recover Skype Password

Since Skype stores only password hash (not the actual password) only way to recover password is using dictionary or brute-force method.

Here are technical steps involved in recovering Skype password

  1. Find the “config.xml” file for the given user
  2. Now get the encrypted password hash from config.xml (“Credentials3” section)
  3. Next find the Key data from Registry and decrypt it using CryptUnprotectData
  4. Then decrypt the password hash using the AES-256 algorithm with SHA-256 hash of Key data.
  5. Now for every test password, create MD5 hash of (username\nskyper\npassword)
  6. Finally compare this generated hash with decrypted password hash. If it matches then that means we have found the password.

How to Recover Skype Passwords Automatically

Here is simple way to recover your forgotten or lost Skype password automatically without worrying about where it is stored and how to decrypt it.

You can use the free tool “Skype Password Recovery” to recover your Skype password automatically using dictionary based password recovery method as shown below,

For more details and download please visit Skype Password Recovery website

 

Hope this article has helped you to understand password secrets of Skype Messenger.

Let us know what do you think. Please comment below if you have any queries or suggestions.

 

 


Recommended Posts

Leave a Reply

Your email address will not be published. Required fields are marked *