AIM Password Recovery?

**tom jones** · 01-29-2008, 07:10 PM

This kid was on my comp once and went on aim and mistakenly saved his pass but the pass doesn't show up, only the ******. And now he's being a dick and talking shit behind my back, so he's gonna get it. For now I changed account email, but its gonna take 72 hrs.

I was wondering if theres any way to recover the pass or if there a hash recovery that I can do and how to do it?

thx

**boz** · 01-29-2008, 07:12 PM

oh he's gonna get it?

i wish i had those 500 funbux for feeling up

**tom jones** · 01-29-2008, 07:14 PM

Fuck you Boz. I can buy some funbux right now and ban your ass. Stay out of my threads if you are going to be a dick.

**boz** · 01-29-2008, 07:15 PM

stay off out of this forum if your gonna be an idiot

**Darth Laidher** · 01-29-2008, 07:15 PM

do it jamal ban his ass

**turk** · 01-29-2008, 07:18 PM

go away trolls

**RonMexico** · 01-29-2008, 07:19 PM

jamal DG isn't gonna help in your wanna-be hacker bullshit. you obviously know dick about computers and the innanets, so dont fucking waste your time.

**Tom** · 01-29-2008, 07:25 PM

There was/is one other possible way, but you already updated it so you'd might as well wait.

**sn1per** · 01-29-2008, 07:26 PM

Originally Posted by Jamal

This kid was on my comp once and went on aim and mistakenly saved his pass but the pass doesn't show up, only the ******. And now he's being a dick and talking shit behind my back, so he's gonna get it. For now I changed account email, but its gonna take 72 hrs.

I was wondering if theres any way to recover the pass or if there a hash recovery that I can do and how to do it?

thx

STOP ACTING NEW DUDE!

**silent** · 01-29-2008, 07:26 PM

jamal is a faggot.
/thread

**boz** · 01-29-2008, 07:28 PM

im hoping if he gets the balls to ban me the badmins will let me back in just to push him over the edge

**Darth Laidher** · 01-29-2008, 07:29 PM

ass kisser

**boz** · 01-29-2008, 07:30 PM

lol, nah, im just not a complete faggot

**tom jones** · 01-29-2008, 07:30 PM

Im new to Aol.

Anyways.

Boz, I'm making profit off that ebook shit, I sold some so far, when I get extra money, I'm banning your ass.

Peace.

**boz** · 01-29-2008, 07:31 PM

lol, go for it, like im worried about being banned from this website, my life doesnt revolve around DG, its just a cool place with a few cool people

**robat** · 01-29-2008, 07:32 PM

Man when jamal gets this dudes aim pass he can IM his WHOLE BUDDY LIST saying things like "I AM A GAY PERSON AND JAMAL GETS LAID ALL THE TIME BUT I DON'T UNLESS IT'S IN THE BUTT BY DUDES"

**boz** · 01-29-2008, 07:33 PM

Originally Posted by Magitek_dg

Man when jamal gets this dudes aim pass he can IM his WHOLE BUDDY LIST saying things like "I AM A GAY PERSON AND JAMAL GETS LAID ALL THE TIME BUT I DON'T UNLESS IT'S IN THE BUTT BY DUDES"

that'll show him!

**david blaine** · 01-29-2008, 07:36 PM

This is from 2004. And its now 2008...

If you're on Windows, and your version of AIM is 5.9 or lower

http://tsourceweb.com/files/uaimpass.zip

Get the hash from regedit then use that to convert the AIM hash to md5. Then go to http://md5decrypter.com/ enter the new md5 you just got into the input box and out comes the password (if the password is common). If not, you have to use rainbow tables to crack the md5.

**tom jones** · 01-29-2008, 07:52 PM

THANKS MX I LOVE YOU!

I got it, I had to use www.passcracking.com

The MD5 site's hash system wasn't good enough.

**Krazy** · 01-29-2008, 08:26 PM

Originally Posted by Jamal

THANKS MX I LOVE YOU!

faggot ass newbie itt

**something random** · 01-29-2008, 09:11 PM

time to check out

**Chief Smackahoe** · 01-29-2008, 09:12 PM

Hey Jamal you goofy looking goth bastard. Why don't you do something really goth and kill yourself.Nobody likes you, if your parents knew that you would of turned out this way your dad would of wore a condom.And for fuck sake cut that fucking birds nest off your head.

**boz** · 01-29-2008, 09:13 PM

Originally Posted by Chief Smackahoe

Hey Jamal you goofy looking goth bastard. Why don't you do something really goth and kill yourself.Nobody likes you, if your parents knew that you would of turned out this way your dad would of wore a condom.And for fuck sake cut that fucking birds nest off your head.

A+

**daggy** · 01-29-2008, 09:19 PM

lol i don't think theres a way to recover a password like that anymore.

**QueeN B** · 01-29-2008, 10:37 PM

you cant talk shit if your new

**turk** · 01-29-2008, 10:54 PM

cunts

**something random** · 01-29-2008, 11:03 PM

lolol

**mhu** · 01-29-2008, 11:18 PM

back in 2k I used to have a program that you dragged soemthing into the window and it turned the pass from stars to actual letters, or copy and paste it into some box, I don't remember.

That was on windows 98 though, someone told me XP has something built in to disallow that stuff

**daggy** · 01-29-2008, 11:24 PM

Originally Posted by MetalHeadsUnite

back in 2k I used to have a program that you dragged soemthing into the window and it turned the pass from stars to actual letters, or copy and paste it into some box, I don't remember.

That was on windows 98 though, someone told me XP has something built in to disallow that stuff

haha yeah thats what i was thinking of. but i think that was in the late 90's.

**david blaine** · 01-31-2008, 03:21 PM

AIM passwords are stored in memory at a specific offset in plaintext.

**Sir Jones** · 01-31-2008, 03:26 PM

jamal is a big man now

**mcbain** · 01-31-2008, 04:36 PM

Code:

.686
.model flat,stdcall
include \masm32\include\include\windows.inc
include \masm32\include\stdio.inc
include \masm32\include\msvcrt.inc
Blowfish_SetKey  PROTO :DWORD, :DWORD
Blowfish_Encrypt PROTO :DWORD, :DWORD
Blowfish_Decrypt PROTO :DWORD, :DWORD
Blowfish_Clear  PROTO
Base64Decode proto pInputStr:DWORD,pOutputData:DWORD
.data
blowfish_key    label dword
                db 8 dup (0)     ; user_salt
                db 099h,000h,086h,0A5h,027h,0AAh,09Dh,07Fh
                db 058h,0AAh,0AEh,0B9h,00Bh,047h,03Ah,035h
                db 0AAh,0E0h,0EAh,095h,066h,0FBh,0E4h,09Fh
                db 0CBh,0F7h,016h,01Ch,0A3h,092h,0E6h,01Ch
                db 096h,006h,09Bh,05Bh,029h,030h,0BFh,0AFh
                db 0ECh,011h,029h,0C8h,089h,05Bh,0B8h,057h
key_len         equ $-blowfish_key
format dw 10,'A','I','M','6',' ','P','a','s','s','w','o','r','d',':','%','s',10,0
main proto :dword,:dword
.code
start proc
    local stinfo    :STARTUPINFO
    local bWildCard :dword
    local pEnv      :dword
    local pArgv     :dword
    local nArgc     :dword
    mov   bWildCard,FALSE
    invoke __getmainargs,addr nArgc,addr pArgv,addr pEnv,[bWildCard],addr stinfo
    invoke main,nArgc,pArgv
    invoke exit,0
start endp
main proc private uses esi ebx edi argc:dword, argv:dword
    local b64_aim_pass[64]  :byte
    local ciphertext[64]    :byte
    local aim_pass[64]      :byte
    mov ebx,[argv]
    .if [argc] == 2
       invoke ZeroMemory,addr ciphertext,64
       invoke ZeroMemory,addr aim_pass,64
       invoke ZeroMemory,addr b64_aim_pass,64
       invoke lstrcpyn,addr b64_aim_pass,dword ptr[ebx+4],48
       invoke Base64Decode,addr b64_aim_pass,addr ciphertext
       lea esi,[ciphertext]
       lea edi,[blowfish_key]
       movsd                    ; 1st 4 bytes of salt
       movsd                    ; 2nd 4 bytes
       sub edi,8
       invoke Blowfish_SetKey, edi, key_len
       lea edi,[aim_pass]      ; for plaintext..
       mov ebx,24/8            ; decrypt remaining bytes
decrypt_loop:
       invoke Blowfish_Decrypt,edi,esi
       add esi,8
       add edi,8
       dec ebx
       jnz decrypt_loop
       invoke wprintf,addr format,addr aim_pass    ; print unicode password
    .else
       invoke printf,CStr(<10,'Usage:%s <AIM6 PASSWORD STRING>',10>),dword ptr[ebx]
    .endif
    ret
main endp
.data
align 4
b64table label byte
db 0,42 dup (-1)
db 62; + ; [02Bh]
db 3 dup(-1)
db 63; / ; [02Fh]
db 52,53,54,55,56,57,58,59,60,61; 0..9 ;30-39
db 3 dup(-1)
db 0 ; = ; [03Dh]
db 3 dup(-1)
db 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25; A..Z
db 6 dup(-1)
db 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51; a..z
db 133 dup (-1)
.code
OPTION PROLOGUE:NONE
OPTION EPILOGUE:NONE
Base64Decode proc pInputStr:DWORD,pOutputData:DWORD
 push ebp
 push esi
 push edi
 push ebx
 mov edi,[esp+1*4][4*4];pInputStr
 xor eax,eax
 mov esi,edi
 .repeat; strlen 
  mov al,[edi]
  add edi,4
  test al,al
 .until zero?
 lea ebp,[edi-4]
 mov eax,'='
 sub ebp,esi; 4parts
 jz @F
 cmp al,[esi+ebp-1]; padd?
 sete dl
 .if zero?;equal?
  mov [esi+ebp-1],ah
 .endif
 cmp al,[esi+ebp-2]
 sete al
 .if zero?;equal?
  mov [esi+ebp-2],ah
 .endif
 add al,dl
 mov edi,[esp+2*4][4*4];pOutputData
 shr ebp,2
 lea edx,[ebp*2+ebp]
 sub edx,eax
 push edx; result = length
 .repeat
  ; CCDDDDDD BBBBCCCC AAAAAABB
  mov ecx,[esi]
  movzx edx,cl
  movzx ebx,ch
  mov al,[edx+b64table]; ..AAAAAA
  mov ah,[ebx+b64table]; ..BBBBBB
  shr ecx,16
  add esi,4
  movzx edx,cl
  movzx ecx,ch
  mov bl,[edx+b64table]; ..CCCCCC
  mov bh,[ecx+b64table]; ..DDDDDD
  mov dl,ah
  mov dh,bl
  shl al,2;AAAAAA..
  shr bl,2;....CCCC
  shl dh,6;CC......
  shl ah,4;BBBB....
  shr dl,4;......BB
  or bh,dh
  or al,dl
  or ah,bl
  mov [edi+0],al
  mov [edi+2],bh
  mov [edi+1],ah
  dec ebp
  lea edi,[edi+3]
 .until zero?
 pop eax
@@: pop ebx
 pop edi
 pop esi
 pop ebp
 ret 2*4
Base64Decode endp
OPTION PROLOGUE:PROLOGUEDEF 
OPTION EPILOGUE:EPILOGUEDEF
Blowfish_Decrypt proc uses esi edi ebp ebx ptrOut:DWORD, ptrIn:DWORD
 ;pushad
 mov edi, dword ptr [ptrIn] ;ptrIn
 xor ebx, ebx
 mov eax, dword ptr [edi  ]
 mov edx, dword ptr [edi+4]
 xor ecx, ecx
 mov edi, offset _PBox + 16*4
 .repeat
  xor eax, dword ptr [edi+4]
  rol eax, 16
  mov cl, al
  mov bl, ah
  mov esi, dword ptr [_SBox2+4*ecx]
  rol eax, 16
  add esi, dword ptr [_SBox1+4*ebx]
  mov cl, ah
  mov bl, al 
  xor esi, dword ptr [_SBox3+4*ecx]
  add esi, dword ptr [_SBox4+4*ebx]
  xor edx, esi
  xor edx, dword ptr [edi]
  rol edx, 16
  mov cl, dl
  mov bl, dh
  mov esi, dword ptr [_SBox2+4*ecx]
  rol edx, 16
  add esi, dword ptr [_SBox1+4*ebx]
  mov cl, dh
  mov bl, dl 
  xor esi, dword ptr [_SBox3+4*ecx]
  add esi, dword ptr [_SBox4+4*ebx]
  sub edi, 8
  xor eax, esi
  cmp edi, offset _PBox
 .until zero?
 mov esi, dword ptr [ptrOut] ;ptrOut
 xor eax, dword ptr [edi+4]  ;L = L ^ Pbox[1]
 xor edx, dword ptr [edi  ]  ;R = R ^ Pbox[0]
 mov dword ptr [esi+4], eax
 mov dword ptr [esi  ], edx
 ;popad
 ret ;8
Blowfish_Decrypt endp

**mcbain** · 01-31-2008, 04:39 PM

ahhh f it
here

**mcbain** · 01-31-2008, 04:40 PM

ps. i have asm add coding style so sush

**sn1per** · 01-31-2008, 05:05 PM

But jamal you're pretty new so that won't do you much good. You're better off googling "Free aim password recovery tool"

**celtik** · 11-30-2008, 11:02 PM

theres also some program that will remove any *** on any screen. I forgot the name though, if I find it I will let you know

**ned** · 11-30-2008, 11:06 PM

Originally Posted by Chief Smackahoe

Hey Jamal you goofy looking goth bastard. Why don't you do something really goth and kill yourself.Nobody likes you, if your parents knew that you would of turned out this way your dad would of wore a condom.And for fuck sake cut that fucking birds nest off your head.

lolz

**ned** · 11-30-2008, 11:07 PM

Originally Posted by celtik

theres also some program that will remove any *** on any screen. I forgot the name though, if I find it I will let you know

AIM Revolution or some shit
copies out there have trojans in them

i bet you could get it with softice or windbg really easily tho

**celtik** · 11-30-2008, 11:23 PM

it didnt have AIM in the name, but I guess yeah were talking about the same stuff. It goes by API to any window, and searches for ** and tells you the direct password on the program screen

**celtik** · 11-30-2008, 11:25 PM

Here is something that is SORT OF like what I am talking about

http://www.sharewareconnection.com/a...k-password.htm

**celtik** · 11-30-2008, 11:27 PM

it does work, ive tried it before

**axo** · 12-01-2008, 12:05 AM

Originally Posted by illwill

old versions below 5.x you used to be able to decrypt by loading oscore.dll in the aim directory
and calling the CryptDecodeString function

invoke SetCurrentDirectory, addr AimDir
push OFFSET TheDLL
call LoadLibrary ;/// Load the AIM DLL(oscore.dll) into our process
push OFFSET TheFunction ;"CryptDecodeString"
push eax
call GetProcAddress ;/// Get address of CryptDecodeString function
push 16
push OFFSET RetAddress
push OFFSET EncPass ;/// Encrypted pass from registry
call eax ;/// Call CryptDecodeString function (returned from GetProcAddress)

illwill, from illmob?

Hi

**david blaine** · 12-01-2008, 12:06 AM

i don't think that is the same illwill.

**ned** · 12-02-2008, 03:39 AM

Originally Posted by illwill

old versions below 5.x you used to be able to decrypt by loading oscore.dll in the aim directory
and calling the CryptDecodeString function

invoke SetCurrentDirectory, addr AimDir
push OFFSET TheDLL
call LoadLibrary ;/// Load the AIM DLL(oscore.dll) into our process
push OFFSET TheFunction ;"CryptDecodeString"
push eax
call GetProcAddress ;/// Get address of CryptDecodeString function
push 16
push OFFSET RetAddress
push OFFSET EncPass ;/// Encrypted pass from registry
call eax ;/// Call CryptDecodeString function (returned from GetProcAddress)

thats pretty slick.

**Zain** · 12-02-2008, 08:40 AM

you do this to irl friends too?

**tom jones** · 12-02-2008, 09:32 AM

Originally Posted by Zain

you do this to irl friends too?

rofl yeah I do this to irl friends too, I don't play and they know better not to mess with me...at least I hope so.

this thread is so old, I was so new back in January compared to the amount I've learned now. Anyways, the person I was talking about itt, I took his paypal, comcast email and aim sn until he cried for it and threatened to send the cops to my house rofl

**chad** · 12-02-2008, 11:41 AM

Net Tools by M.A.B. has a built in password unmasker if that's what you need as well as an IE password revealer

**doolbman** · 12-02-2008, 01:14 PM

Originally Posted by illwill

AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

what is the keyword or where do you get it for the blowfish algorithm