One of the most frustrating things I find in managing a number of websites is that I’m always forgetting passwords. The version of Filezilla I’m running however makes it easy to remember them again through its use of weak XOR encryption and a the key being hard coded into the software. I’ve used a program previously called the Filezilla Password Recover, but it turns out that this is also extremely easy to extract them using a simple PHP script. The following code makes use of the nice XML parsing in PHP5 and a decryption function I found over here. I’ve added some comments to roughly describe what is going on.
Note: Apparently this encryption has been dropped from version 3 with absolutely no encryption featured at all, that’ll make my job easier now.
$filezilla_password_file = "FileZilla.xml";
$xml = file_get_contents($filezilla_password_file);
$simple_xml = simplexml_load_string($xml);
foreach($simple_xml->Sites->Site as $site)
{
$attributes = $site->attributes();
print "Site: ".$attributes->Name."\n";
print "User: ".$attributes->User."\n";
print "Encrypted Pass: ".$attributes->Pass."\n";
print "Unencrypted Pass:".decryptPass((string)$attributes->Pass)."\n\n";
}
function decryptPass($pass)
{
// Encryption Key for FileZilla 2 Passwords
$key = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
// Find the offset position in the key for this pass
$pos=(strlen($pass)/3) % strlen($key);
$decrypt = '';
$t=0;
//Loop through each 3rd of the password
for($i=0;$i < strlen($pass) / 3;$i++) {
//Get 3 characters, remove the 0 at the
//front to get ASCII code to represent the character
$num = substr($pass,$i * 3,3);
if (substr($num,0,1) == 0) {
$num = substr($num,1,2);
}
//Get the ascii code of the unencrypted character
//by performing XOR against current ASCII and key
//before converting back and adding to decrypted pass
$t = $num ^ ord($key[($i + $pos) % strlen($pass)]);
$decrypt .= chr($t);
}
// Return the decrypted pass
return $decrypt;
}
Great idea, but I get incorrect password strings, which all start with “.
Ah, fixed it… problem with the “”‘s!
Yeah, I’d imagine that may be due to the lovely automatic formatting of wordpress.
Where is the code/sample/idea. I am unable to find anything. Is this fake?
No, not fake – just a funny 5 minutes (or more like 1 day) after activating a bad plugin, sorry!
Thanks.
A great help.
Just follwed your instructions and used Excel (not a php’er)
Saved me the $17 registration for the recovery program
Hey that’s awesome. Glad you like it. People might be interested to know a password recovery program also exists – its over at devpro.it/filezilla_pr.
Hi Ian, thanks for that. I’ve just written a post on my new blog about this issue and the new FileZilla 3. I have translated your code into python at the bottom of it…
http://movingtoubuntu.technicalbloke.co.uk/filezilla_ftp
@Roger – Hey thats great, glad it helped you.
Thanks, Ian. Big help. Here’s a simple java re-write that I created to recover my own lost login.
public class SimpleDecryptor {
public static void main(String[] args) {
// Encryption Key for FileZilla 2.x Passwords
final String key = “FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ”;
// encoded ascii character length
final int bytesize = 3;
// init with FileZilla encoded password
String pswd = “”;
// Find the offset position in the key for this pass
int offset = (pswd.length() / bytesize) % key.length();
String decode = “”;
//parse encrypted password in three character ascii-encoded chunks
for (int i = 0; i ” + decode);
}
}
Hey Martin, thanks for that, I’m sure others will find it useful.
That did the trick! Thanks Ian!
Here’s a C# equivalent:
string pass = “”;
string decrypt = “”;
string key = “FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ”;
int pos = (pass.Length / 3) % key.Length;
string num = “”;
char tmpChar;
for (int i = 0; i < (pass.Length / 3); i++)
{
num = pass.Substring(i * 3, 3);
if (num.Substring(0, 1) == “0″)
{
num = num.Substring(1, 2);
}
tmpChar = key[(i + pos) % pass.Length];
decrypt += (char)(int.Parse(num) ^ (int)tmpChar);
}
Console.WriteLine(decrypt);
thanks for the post.
Hi,
I´m really neew wit some thing, coul you explain wht should I do to run this code, and find my passwords please?
Thank you!
Hi orlando,
You just need tho run it at the command line, given you’ve got PHP installed obviously, just run it with:
php what_ever_you_named_the_above_code.php
Replacing Filezilla.xml with the path to where ever your filezilla.xml is located.
i see that you have found my script and modified it a little bit, great job
I was the owner of sourceshock.com, an international coding site. But now i have only one dutch coding site with this script. Might be useful to update your link
So sourceshock.com is no more.
http://www.thinksheep.nl/php-filezilla-passwords-ophalen
Thanks Willem – I’ve updated the link to your new site.
Thanks, I just used this code and recovered my passwords, saved a lot of my time. Thanks a lot.
Cheers!!!