Home > News > News details
Windows Password Recovery v15.0

Section menu

28.09.2022
Chinese and Hindi articles
Chinese and Hindi articles
19.09.2022
Reset Windows Password v12.1
USB and Recycle Bin history viewers, Windows Hello PIN dumper, update of the DPAPI recovery module
02.09.2022
New blog post
quite a bit about Windows Hello biometrics
23.08.2022
Windows Password Recovery v15.0
A big update of the DPAPI recovery module, support for Windows cloud accounts and much more

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery v15.0


Windows Password Recovery v15.0 introduces a second generation of the DPAPI offline recovery module. This DPAPI tool incorporates the most important changes ever since the initial release and has a fully scalable support for Windows Hello, Azure AD and Microsoft accounts, supports for password-less accounts, includes some improvements in ARSO sub-module (one that allows decrypting data without logon password or PIN), etc. Here's the full list of changes:
 
 The major improvement is how the DPAPI data is processing now. The standard decryption method assumes the necessity of providing the owner logon password in order to be able to decrypt a DPAPI blob. Now you can use a PIN instead. Furthermore, you can decrypt DPAPI data even without knowing the password/PIN at all. Once the program detects that the user account contains an ARSO entity or if the account was set to require biometrics authentication, you can decrypt any DPAPI blob of this user without knowing his/her password or PIN. Users who set up Windows Hello biometrics are in great danger now because anyone can decrypt their DPAPI-encrypted stuff! Such as passwords for websites, LAN and WAN credentials, email/chat/messenger passwords, remote desktop, private keys, saved cookies, credit cards, etc.
 A full-scale support for Azure AD accounts. When setting up a work or a school account and joining to the Azure Active Directory, all security properties of the newly created account are not saved to the local SAM database but are cached in CloudAPCache instead. Thus, extracting hashes from local cloud cache is the only way to retrieve the password for this account type.
 Support for new cloud password type. Cloud passwords belong to either Microsoft or Azure AD accounts and stored in a cloud cache on the local PC. WPR is the only program at the moment that can extract and decrypt the cloud passwords. Fortunately, the cloud passwords use a powerful protection, unlike the Windows NTLM ones, for example. So breaking the cloud hashes is not that simple, requires powerful GPU(s) and recovery methods other than a common brute-force in most cases. You can load the cloud hashes from both the local and an external OS.
 The master key analysis tool got a couple of new features, including a password-less decryption and decryption using a PIN.
 The Vault Explorer supports data recovery using PIN or biometric information.
 The CREDHIST analysis tool also supports for cloud accounts and blockchain decryption using Windows Hello PIN.
 The new version of the program can retrieve Windows CloudAPCache security information, such as primary refresh tokens, etc.
 A new import option to load Hashcat/Elcomsoft/JtR dump files with Windows Hello PINs. Be careful, this format contains private keys that can compromise the user security.
 Better support for high DPI resolution monitors.
 Some minor changes in Windows Hello credentials recovery module.
 The Hash Import Wizard has got some important improvements.
 New 'Password types' report. Some minor fixes processing password reports.
 The Hash Import Wizard was improperly loading some PIN hash from external Windows directories.
 Critical error enumerating biometric databases using offline registry files.
 A bug ignoring some found DCC passwords and PINs when setting multiple masks in a GPU mask attack.
 
Open Windows Password Recovery homepage >>


RSS RSS channel

Date:
11:23:26 23.08.2022


 

Legend

New product or feature
New program feature, update, improvements
Modification, patch or bug report
Bug or error fix-up