27.12.2016
Happy New Year!
New Year greetings and holidays discount
27.12.2016
Windows Password Recovery v11.1
Some minor improvements, changes in DPAPI engine
06.12.2016
New blog post
Hash encryption in Windows 10 Anniversary Update
30.11.2016
WPA password recovery benchmarks
New devices

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - DPAPI analysis and recovery tools


Starting with Windows 2000, Microsoft began equipping their operating systems with a special data protection interface, Data Protection Application Programming Interface (DPAPI). Currently DPAPI is very widely spread and used in many Windows applications and subsystems. For example, in the file encryption system, for storing wireless network passwords, in Microsoft Vault and Credential Manager, Internet Explorer, Outlook, Skype, Google Chrome, etc. This system has become popular among programmers first of all for its simplicity of use, as it consists of just a couple of functions for encrypting and decrypting data: CryptProtectData and CryptUnprotectData. However, despite its apparent simplicity, the technical implementation of DPAPI is quite complicated.

Passcape Software first in the world offers a set of 6 tools for comprehensive analysis and decrypting data encrypted with DPAPI. These utilities allow you to:

  • Decrypt DPAPI blobs for any user account
  • Search DPAPI blobs on disk
  • Decrypt DPAPI blobs encrypted under the SYSTEM account (e.g., WiFi passwords)
  • Analyze and decrypt user's Master Keys
  • Check user's password without dumping hashes from SAM or NTDS.DIT
  • Decrypt history hashes of all passwords entered earlier (without using SAM or NTDS.DIT)

 
 

Decrypt DPAPI blobs

This is a tool for decrypting data that is stored in DPAPI objects (DPAPI blobs)...
More information...
 
DPAPI decoder

Analyze DPAPI blobs

A DPAPI blob is an opaque binary structure, which contains application's private data encrypted with DPAPI. Many Windows applications and subsystems store passwords, secrets and private data in DPAPI blobs...
More information...
 
Analyze DPAPI blob

Search DPAPI blobs

Utility to search and extract binary and text blobs from files...
More information...
 
Search DPAPI blobs

Master Key analysis

Master Key is used as the primary key when decrypting a DPAPI blob. A user's Master Key is encrypted with the user's logon password...
More information...
 
Analyse DPAPI Master Keys

Dump user credentials history hashes

Due to peculiarities of DPAPI implementation, Windows stores all user's previous passwords in the system. User's password history is located in the CREDHIST file...
More information...
 
Dump user credentials history hashes

Analyse credential history

CREDHIST is a password history file, made out as a chain, where each link represents user's previous password hashes. Each time user changes the password, the old password hash is appended to the file and encrypted with a new password...
More information... 
Analyse CREDHIST