{"id":16604452,"url":"https://github.com/vzhd1701/evertoken","last_synced_at":"2025-10-29T15:31:36.074Z","repository":{"id":104031423,"uuid":"366475930","full_name":"vzhd1701/evertoken","owner":"vzhd1701","description":"Extract authentication token from Evernote and exb database","archived":false,"fork":false,"pushed_at":"2021-05-11T18:25:03.000Z","size":16,"stargazers_count":6,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-02T02:22:42.553Z","etag":null,"topics":["authentication","decryption","evernote","reverse-engineering","token"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vzhd1701.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-11T18:18:42.000Z","updated_at":"2024-09-03T15:25:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"8d2dc960-7207-466b-803e-231c442bd8ef","html_url":"https://github.com/vzhd1701/evertoken","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vzhd1701%2Fevertoken","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vzhd1701%2Fevertoken/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vzhd1701%2Fevertoken/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vzhd1701%2Fevertoken/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vzhd1701","download_url":"https://codeload.github.com/vzhd1701/evertoken/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238848137,"owners_count":19540831,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","decryption","evernote","reverse-engineering","token"],"created_at":"2024-10-12T00:57:49.498Z","updated_at":"2025-10-29T15:31:36.068Z","avatar_url":"https://github.com/vzhd1701.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# evertoken\n\nExtract authentication token from Evernote installation and exb database.\n\n## Installation\n\n[**Download the latest release**](https://github.com/vzhd1701/evertoken/releases/latest) for your OS.\n\n## Usage\n\n```console\n$ evertoken -h\nevertoken - Extract authentication token from Evernote.\nhttps://github.com/vzhd1701/evertoken\n\n  Usage:\n    evertoken [new|new-ss|legacy|legacy-exb]\n\n  Subcommands:\n    new          Extract token from modern Evernote app.\n    new-ss       Extract token directly from Evernote's secure storage file authtoken_user_\u003cuserID\u003e.\n    legacy       Extract token from legacy Evernote app.\n    legacy-exb   Extract token from EXB database file.\n\n  Flags:\n       --version   Displays the program version string.\n    -h --help      Displays help with available flag, subcommand, and positional value parameters.\n\n$ evertoken legacy-exb -h\nlegacy-exb - Extract token from EXB database file.\n\n  Usage:\n    legacy-exb [exb]\n\n  Positional Variables:\n    exb   EXB database file path. (Required)\n  Flags:\n       --version    Displays the program version string.\n    -h --help       Displays help with available flag, subcommand, and positional value parameters.\n    -p --password   Password to decrypt token data, numeric volume serial.\n    -b --brute      Brute force password start number, use either this or password option. (default: -1)\n```\n\n## Example output\n\n```console\n$ evertoken new\nC:\\Users\\User\\AppData\\Roaming\\Evernote\\secure-storage\\authtoken_user_111111111\n========================\nUser ID                  111111111\nUsername                 example123\nEmail                    example@mail.com\nToken                    S=s401:U=fffffff:E=fffffffffff:C=fffffffffff:P=1dd:A=en-w32-xauth-new:V=2:H=ffffffffffffffffffffffffffffffff\nToken EXP                2025-04-19 19:24:43 [4 days ago]\nRefresh Token (JWT)      eyJh...WfE\nRefresh Token (JWT) EXP  2026-04-19 23:24:43 [1 year from now]\nAccess Token (JWT)       eyJh...FSA\nAccess Token (JWT) EXP   2025-04-19 18:24:43 [4 days ago]\nShard                    s401\nHost                     www.evernote.com\nClient ID                FFFFFFFF-AAAA-BBBB-1111-CCCCCCCCCCCC\nAccounts URL             https://accounts.evernote.com\nRedirect URL             evernote://www.evernote.com/auth/redirect\n\n$ evertoken legacy\nC:\\Users\\User\\Evernote\\Databases\\example123.exb\n========================\nUser ID   111111111\nUsername  example123\nEmail     example@mail.com\nToken     S=s999:U=fffffff:E=fffffffffff:C=fffffffffff:P=1dd:A=en-w32-xauth-new:V=2:H=ffffffffffffffffffffffffffffffff\nToken Exp 2031-07-23 12:06:35\n```\n\n## How it works\n\nEvernote app uses a few authentication tokens to identify the user when the app communicates with the Evernote\nserver:\n\n1. Token (or monolith token, format S=s401:U=fffffff:E=fffffffffff:...) - main auth token for all communications with Evernote server. Issued for 1 hour.\n1. Access Token (JWT) - new auth token for Evernote's new API. Issued for 1 hour.\n1. Refresh Token (JWT) - main auth token in modern Evernote app. Issued for 1 year after you log in to you account using desktop app and then refreshed each time it's used. The main purpose of this token is to generate access tokens.\n\nAll tokens are stored encrypted in a special file for each user. **evertoken** allows to decrypt \u0026 extract it from the Evernote app.\n\nEvernote used different forms of storage \u0026 encryption of the token throughout its history. Here is a brief\ndescription of the differences between the versions:\n\n### Evernote Legacy (v6.\\*\\*) [Windows]\n\nThe token is stored inside the SQLite database file with `*.exb` extension located in\n`C:\\Users\\\u003cUsername\u003e\\Evernote\\Databases\\user_name.exb`. The token is encrypted using AES256 CBC encryption. The key\nis derived using the system drive's Volume Serial number. So the database can be decrypted only with the knowledge of\nVolume Serial from the machine it was created on. It can be brute-forced since volume serial is just a 32bit\ninteger with the possible value range of 0 through 4294967295, but it takes quite a bit of time nonetheless (~400hr\nwith i7-4790).\n\n**evertoken** will automatically scan for `*.exb` files in known locations when run with `evertoken legacy` command. It\nalso supports Yinxiang (印象笔记). It will get the system drive Volume Serial to decrypt the token data. If the database\nwas created on another machine, you would have to extract Volume Serial from there to decrypt the token.\n\nYou can point it to a specific `*.exb` file with `evertoken legacy-exb \u003cexb_file\u003e` command. This command also provides\noptions to use a custom password with `-p` option, or try brute-forcing the password with `-b` option.\n\n### Evernote Legacy (v7.\\*\\*) [macOS]\n\nThe token is stored in a Keychain in a macOS-specific format alongside other user information like email and login. The\ntoken is not encrypted or scrambled in any way.\n\n**evertoken** will extract the token from this version of Evernote if you will run `evertoken legacy` command. The\nsystem will prompt you for the password because **evertoken** will attempt to access protected storage.\n\n### Evernote (v10.\\*\\*) [Windows \u0026 macOS]\n\nToken is stored as json encoded string located in\n`C:\\Users\\\u003cUsername\u003e\\AppData\\Roaming\\Evernote\\secure-storage\\authtoken_user_\u003cuser_id\u003e` for Windows and in\n`~/Library/Application Support/Evernote/secure-storage/authtoken_user_\u003cuser_id\u003e` for macOS. The token is\nencrypted using AES256 CBC encryption. The decryption key is stored in Windows Credentials for Windows and in\nKeychain for macOS.\n\n**evertoken** will extract the token from this version of Evernote if you will run `evertoken new` command. The\nsystem will prompt you for the password because **evertoken** will attempt to access protected storage.\n\nYou can also point to the secure storage file directly by using `evertoken new-ss` command.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvzhd1701%2Fevertoken","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvzhd1701%2Fevertoken","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvzhd1701%2Fevertoken/lists"}