05.10.2023
Wireless Password Recovery v6.8.5
 Minor update and bug fix
04.10.2023
Reset Windows Password v13.2
 A new feature for removing junk files and cleaning up registry files.
20.09.2023
Windows Password Recovery v15.3.0
 Windows Credentials Explorer
05.06.2023
Reset Windows Password v13.1
 Forensic tools to analyze Remote Desktop activity in Windows

Passcape RSS news feed more news »

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - DPAPI analysis and recovery tools


Starting with Windows 2000, Microsoft began equipping their operating systems with a special data protection interface, Data Protection Application Programming Interface (DPAPI). Currently, DPAPI is very widely spread and used in many Windows applications and subsystems. For example, in the file encryption system, for storing wireless network passwords, in Microsoft Vault and Credential Manager, Internet Explorer, Outlook, Skype, Google Chrome, etc. This system has become popular among programmers first of all for its simplicity of use, as it consists of just a couple of functions for encrypting and decrypting data: CryptProtectData and CryptUnprotectData. However, despite its apparent simplicity, the technical implementation of DPAPI is quite complicated.

Passcape Software first in the world offers a set of 6 tools for comprehensive analysis and decrypting data encrypted with DPAPI. These utilities allow you to:

  • Decrypt DPAPI blobs for any user account
  • Search DPAPI blobs on disk
  • Decrypt DPAPI blobs encrypted under the SYSTEM account (e.g., WiFi passwords)
  • Analyze and decrypt the user's Master Keys
  • Check user's password without dumping hashes from SAM or NTDS.DIT
  • Decrypt history hashes of all passwords entered earlier (without using SAM or NTDS.DIT)

 
 

Decrypt DPAPI blobs

This is a tool for decrypting data that is stored in DPAPI objects (DPAPI blobs)...
More information...
 		 DPAPI decoder

Analyze DPAPI blobs

A DPAPI blob is an opaque binary structure, which contains application's private data encrypted with DPAPI. Many Windows applications and subsystems store passwords, secrets and private data in DPAPI blobs...
More information...
 		 Analyze DPAPI blob

Search DPAPI blobs

Utility to search and extract binary and text blobs from files...
More information...
 		 Search DPAPI blobs

Master Key analysis

Master Key is used as the primary key when decrypting a DPAPI blob. A user's Master Key is encrypted with the user's logon password...
More information...
 		 Analyse DPAPI Master Keys

Dump user credentials history hashes

Due to peculiarities of DPAPI implementation, Windows stores all user's previous passwords in the system. User's password history is located in the CREDHIST file...
More information...
 		 Dump user credentials history hashes

Analyse credential history

CREDHIST is a password history file, made out as a chain, where each link represents the user's previous password hashes. Each time user changes the password, the old password hash is appended to the file and encrypted with a new password...
More information... 		 Analyse CREDHIST



 
Site map | Terms of use | About us | Contacts