https://github.com/b4n/clawsmail-password-decrypter

A tool to decrypt account password stored by ClawsMail
https://github.com/b4n/clawsmail-password-decrypter

Last synced: 26 days ago
JSON representation

A tool to decrypt account password stored by ClawsMail

• Host: GitHub
• URL: https://github.com/b4n/clawsmail-password-decrypter
• Owner: b4n
• Created: 2013-05-30T23:30:21.000Z (over 11 years ago)
• Default Branch: master
• Last Pushed: 2016-07-27T12:29:13.000Z (over 8 years ago)
• Last Synced: 2024-10-02T00:33:40.592Z (about 1 month ago)
• Language: Python
• Size: 15.6 KB
• Stars: 20
• Watchers: 5
• Forks: 3
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
ClawsMail account password decryption

=====================================

If you ever need to "recover" a mailbox account password ClawsMail stored but

that you (or probably rather the user) don't remember, you'll quickly discover

they are stored in `~/.claws-mail/accountrc`.  However, you'll also see that

they aren't stored in plain text -- and that's the least they could do, you

probably wouldn't know your password stored without any kind of protection on

your hard drive.

How to decrypt this password?  At first it kinda look like Base64 (for those

who know about it) with a strange `!` ahead.  That's right, what you see is

Base64.  But you'll quickly see it isn't that naive if you try to decrypt it.

At this point, you'll probably either give up (if you can afford it), or do

what I did: read ClawsMail's sources.  Fortunately it's open source (well, this

probably was part of the reasons why you chose this client after all), so you

can get it and read it -- but I hope you read C.  You'll then dig a little in

the source, and finally find the interesting file: `passcrypt.c`.  This is

where the magic happens after the Base64: DES-CFB (or DES-ECB on FreeBSD,

you'll have to ask the author why there is a separate code path here...).

Maybe at this point you'll attempt to use the `openssl` command-line utility --

indeed, it looks promising --, and I wish you luck.  However I didn't succeed

at it, first guessing I didn't really knew what encryption was used -- but now

I really think I know what ClawsMail uses I'm thinking I either just have no

idea how to use this tool, or it's a bit broken.  Anyway, then, you'd probably

end up writing a tiny C program using the ClawsMail routine to perform the

decryption like I did.

To save you some time and headache browsing unknown code with a user crying,

I'm releasing the little tool I wrote.  I first wrote it in C because I know C

and ClawsMail is written in C so I could reuse their routine without caring

further about what it actually does, but re-did it in Python when thinking

about releasing it because I guess it'll be easier to use for you.

Python tool

-----------

`clawsmail-passdecrypt.py` is the Python (2.x) version of the tool (requires

`python-crypto`).  It can either decrypt arbitrary passwords, or parse a

ClawsMail `accountrc` file and extract the address/password information from

each account in it.

The usage is very simple, use either:

    python clawsmail-passdecrypt.py ~/.claws-mail/accountrc

or:

    python clawsmail-passdecrypt.py 'encryptedpassword'

This will give you something like this:

    $ python clawsmail-passdecrypt.py ~/.claws-mail/accountrc

    password for [email protected] is "mysecretpassword"

    password for [email protected] is "thisissecret"

Note that DES requires a key.  By default ClawsMail uses `passkey0` as the key,

but this can be changed at build time.  The tool uses this as the default, but

supports the `-k ` switch if you need to use another one.

To decrypt passwords from a FreeBSD installation, use the `--freebsd` option,

which is an alias of the `--mode=ECB` option.

C tool

------

The C tool works pretty much like the Python tool, but you need to build it.

For this, you need a C compiler (like `GCC` or `CLang`), the GLib development

files, and most importantly ClawsMail's source code (actually its `passcrypt.c`

and `passcrypt.h` files). I suggest you to use the tool from your distribution

to fetch the source code of a package rather than manually downloading the

ClawsMail source code, because the `passcrypt.h` file is partially generated

and contains the DES key to use, so you should use the version of it that was

used to build the ClawsMail executable you actually use.  Under Debian and

derivates, it'll be ``apt-get source claws-mail``.  You also need `make` if you

want to use the Makefile (otherwise check the source code, there is a little

comment on how to build).

To build the thing, use:

    make CLAWSMAIL_SRC=/path/to/claws-mail/src

If you have a `make`, a C compiler and correctly specified the path to

ClawsMail source code, this should succeed and generate you an executable

called `clawsmail-passdecrypt`.  You can use it the same as the Python tool --

but it doesn't support the `-k` switch, the key is builtin.

If you need to decrypt a password from a FreeBSD version of ClawsMail but you

don't build on FreeBSD, you need to define the `NEED_DES_ECB` C preprocessor

constant.  You can use:

    make CLAWSMAIL_SRC=/path/to/claws-mail/src CFLAGS='-DNEED_DES_ECB'

Note on encryption under FreeBSD (DES-ECB)

------------------------------------------

As mentioned above, for some reason ClawsMail encrypts passwords using DES-ECB

instead of DES-CFB under FreeBSD.

DES-ECB doesn't allow encrypted blocks of sizes not multiple of 8, and

ClawsMail doesn't introduce padding nor checks the encryption actually

succeeded.  This means that password encryption under FreeBSD will fail

silently if the password length (in bytes) is not multiple of 8, leading to the

encryption phase simply being a no-op, meaning the password will only be

transformed through Base64.  This sounds bad, but it's how it is.