Home > Products > Windows Passwords > Reset Windows Password > Screenshots > SYSKEY password Lookup
search for SYSKEY startup password
11.10.2017
Wireless Password Recovery 4.2.5
Support for NVidia Volta
04.10.2017
Office password recovery tools
Support for new GPU devices, some improvements
22.09.2017
Reset Windows Password v8.0
Support for domain cached credentials, new bootable environment
15.09.2017
Wireless Password Recovery 4.2.2
Support for new GPU devices, some improvements

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Reset Windows Password:
SYSKEY startup password lookup

 

Syskey is the additional layer of security, was introduced first in Windows 2000. It is always on by default and offers 3 types of protection:
1. Default - when the syskey encryption key is stored in Windows registry.
2. Startup disk - syskey encryption key is stored on a diskette.
3. Startup password - syskey encryption key is generated from a user pass-phrase.

Scammers take advantage of the SYSKEY power and often set a syskey startup password on a victim's PC. Usually they contact you with a thick Indian accent identifying themselves as a member of Microsoft support and tells that your PC need to be fixed immediately because it has a critical problem. They will try convincing you to allow them to connect your system remotely and fix the issues. If you do make the mistake, they will set a SYSKEY startup password. Since you do not know the password, after reloading the system you will get the screen like that (see below) and will not be able to logon unless you pay for fix.

syskey startup password

Fortunately, in most cases the passwords they use are pretty trivial and can be decrypted using our SYSKEY password lookup feature. You will have to go through the 3 simple steps to start searching the password.

 

Setting SYSKEY password recovery options

syskey password recovery options

SYSKEY password lookup may take quite some time and consists of the following steps:

  • Searching information in Windows system cache. This method consists of over a dozen of mini sub-attacks, during which the program analyzes all kinds of user passwords: LSA secrets, DSL, VPN, WiFI, FTP, IM, browser passwords, etc.
  • Analyzing simple, short passwords, keyboard combinations, etc.
  • Scan, parse and analyze most recently used files of the target system.
  • Primitive dictionary attack. The application checks all passwords from the built-in dictionary for the Light and Standard editions or from several dictionaries (English.dic, German.dic, French.dic, Russian.dic, Spanish.dic) for the Advanced Edition. If the deep search option is on, simple word mutations will also be taken into account during the search.
  • Primitive brute-force recovery will try to reveal short passwords. The brute-force options are also depend on the mutation level.
  • Artificial Intelligence attack analyzes network activity of a user on the computer. Upon the results of the analysis, the application generates user preferences and generates a semantic dictionary for the attack, which it later uses it for finding and guessing the password.
  • Look for passwords in deleted files.
  • Searching for complicated English passwords (Fingerprint attack).
  • Extract strings and words from huge files: RAM images, hiberfil.sys, pagefile.sys ans so on. When this option is set, the program will try to skip files useless in password analysis like video, archives, audio files, etc.
  • Search passwords by reading and analyzing raw sectors of the selected drive. If the 'Password mutation level' is set to 'Deep search', the program additionally tries to generate different combinations and 'mutate' found passwords, thus walking through all sectors of the target drive may take quite a time. Note that the sector-based scanning algorithm is not effective against drives which have a full-disk encryption set on.
 

Selecting data source

Selecting syskey data source

When searching for the SYSKEY startup password, special attention is to be paid to supplying correct files and folders required for the analysis process.Otherwise, password search will be inefficient or even not available. The application tries to locate the files automatically, but sometimes, e.g., when the computer has several operating systems installed, you may need to use the 'manual control' over it. Please also keep in mind that if the problem PC has 2 or more logical drives, the sequence of the letters for these disks may be set totally different than in the original system.



 

Searching for SYSKEY password

Searching and decrypting SYSKEY startup password


Finding/guessing the password may take some time, which depends on attack settings and type of your system.

Note that not all SYSKEY passwords can be extracted and recovered but only simple and vulnerable ones!


 

Setting back the system

Once you retrieve the SYSKEY plaintext password, all you need is to turn off the SYSKEY startup prompt and set your system back to its original state. Just log in your Windows account, hit 'Win+R' keys, type in 'SYSKEY' and click 'OK' button.

Running syskey options


This should bring up the SYSKEY options dialog. All you need here is to click the 'Update' button and switch the 'Password Startup' option back to 'System Generated Password' by supplying the found plaintext.

Setting syskey options