01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - DPAPI analysis and recovery tools


Starting with Windows 2000, Microsoft began equipping their operating systems with a special data protection interface, Data Protection Application Programming Interface (DPAPI). Currently, DPAPI is very widely spread and used in many Windows applications and subsystems. For example, in the file encryption system, for storing wireless network passwords, in Microsoft Vault and Credential Manager, Internet Explorer, Outlook, Skype, Google Chrome, etc. This system has become popular among programmers first of all for its simplicity of use, as it consists of just a couple of functions for encrypting and decrypting data: CryptProtectData and CryptUnprotectData. However, despite its apparent simplicity, the technical implementation of DPAPI is quite complicated.

Passcape Software first in the world offers a set of 6 tools for comprehensive analysis and decrypting data encrypted with DPAPI. These utilities allow you to:

  • Decrypt DPAPI blobs for any user account
  • Search DPAPI blobs on disk
  • Decrypt DPAPI blobs encrypted under the SYSTEM account (e.g., WiFi passwords)
  • Analyze and decrypt the user's Master Keys
  • Check user's password without dumping hashes from SAM or NTDS.DIT
  • Decrypt history hashes of all passwords entered earlier (without using SAM or NTDS.DIT)

 
 

Decrypt DPAPI blobs

This is a tool for decrypting data that is stored in DPAPI objects (DPAPI blobs)...
More information...
 
DPAPI decoder

Analyze DPAPI blobs

A DPAPI blob is an opaque binary structure, which contains application's private data encrypted with DPAPI. Many Windows applications and subsystems store passwords, secrets and private data in DPAPI blobs...
More information...
 
Analyze DPAPI blob

Search DPAPI blobs

Utility to search and extract binary and text blobs from files...
More information...
 
Search DPAPI blobs

Master Key analysis

Master Key is used as the primary key when decrypting a DPAPI blob. A user's Master Key is encrypted with the user's logon password...
More information...
 
Analyse DPAPI Master Keys

Dump user credentials history hashes

Due to peculiarities of DPAPI implementation, Windows stores all user's previous passwords in the system. User's password history is located in the CREDHIST file...
More information...
 
Dump user credentials history hashes

Analyse credential history

CREDHIST is a password history file, made out as a chain, where each link represents the user's previous password hashes. Each time user changes the password, the old password hash is appended to the file and encrypted with a new password...
More information... 
Analyse CREDHIST