How to Recover Saved Passwords in Apple Safari Browser

How to Recover Saved Passwords in Apple Safari Browser

This research article exposes the password secrets of Apple Safari browser including where all your website passwords are stored, how it is stored and how to recover it automatically.

Safari Browser Password Secrets

Safari browser saves all your website login passwords in file called “keychain.plist” at following location

[Windows Vista/7/8/10]
C:\Users\[user_name]\AppData\Roaming\Apple Computer\Preferences\keychain.plist

[Windows XP/2003] 
C:\Documents and Settings\[user_name]\Application Data\Apple Computer\Preferences\keychain.plist

Safari browser stores this “keychain.plist” file using Property List format. Upon conversion, you will get original file in XML format.

Here is the one of the site login entry from this XML file,

    <dict>
	<key>Account</key>
	<string>xenuser</string>
	<key>Data</key>
	<data>
	AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAASYKymQaC1EK4WHRr83bF
	PgAAAAACAAAAAAAQZgAAAAEAACAAAACVNIT8v7HufW2NgYLPt7hI
	R7DbIz0wXI7eWbHrK6SlUwAAAAAOgAAAAAIAACAAAADNAk196AHY
	aK/OAwC8+gScOyrMwVyI3NhAAAAAns/zd6fLldu7n/RZ9iksCnN/
	pBiVyaDAUIyQnuPmA8F/Lp1sgRlg91ehbrDloeAU3pJuGQpC7TNl
	QAa/MTFE8A==
	</data>
	<key>Description</key>
	<string>Web form password</string>
	<key>Label</key>
	<string>www.google.com (xenuser)</string>
	<key>Server</key>
	<string>www.google.com</string>
    </dict>

Here website, username & encrypted passwords stored in values Server, Account, Data respectively.

Safari browser encrypts the password using Windows DPAPI (Data Protection API) functions. Finally encrypted password is converted to Base64 format and stored in in above mentioned file.

How to Decrypt Safari Browser Passwords

Safari uses Windows DPAPI function, CryptProtectData to encrypt the website password using the static salt data. We can decrypt this password using the function called CryptUnprotectData.

Here is the sample C++ program to decrypt the website password.

void DecryptPassword(char *passData, int passLen, char *password, int length, BYTE *salt, DWORD saltLength)
{
	DATA_BLOB DataPassword;
	DATA_BLOB DataOutput;
	DATA_BLOB OptionalEntropy;
	
	DataPassword.cbData = passLen;
	DataPassword.pbData = (BYTE *) passData;

	OptionalEntropy.pbData = (unsigned char*) salt;
	OptionalEntropy.cbData = saltLength;
	
	if (CryptUnprotectData(&DataIn, 0, &OptionalEntropy, NULL, NULL, 0, &DataOut) == FALSE)
	{
		printf("CryptUnprotectData failed with error 0x%.8x", GetLastError());
		return;
	}

	memcpy(password, DataOutput.pbData, DataOutput.cbData);
	password[DataOutput.cbData] = 0;
	
	
	printf("Successfully Decrypted Password is %s ", password);

}

How to Recover Safari Browser Passwords Automatically

Here is simple way to recover all the Safari website passwords without worrying about where it is stored and how to decrypt it.

You can use our XenArmor Browser Password Recovery Pro software to instantly & easily recover all your saved  website login passwords from Safari browser as shown in video below,

Here are the simple steps to recover all your saved passwords,

  • Step 1: Download & Install Browser Password Pro from here
  • Step 2: Next launch the software on your computer
  • Step 3: It will automatically discover, decrypt and display all the saved Apple Safari passwords as shown below
It can also help you to delete your saved website passwords to protect from other users, hackers or ransomwares on your computer.

For more details, please refer to Online User Guide

Hope this article has helped you to understand the password secrets of Apple Safari browser.

Let us know what do you think. Please comment below if you have any queries or suggestions.

 


Leave a Reply

Your email address will not be published.