Which files I need to recover my password?
Hi everybody this will be a long question, and I would be really grateful for any kind of help anyone could give me, this is my case:
I use `firefox-sync` to manage all my logins information and firefox-sync's password is the unique password I save manually.
Currently I has problems with my O.S and I decided reinstall it. But also I have 2FA enable for mostly of my accounts, and firefox-sync is not the exception, and firefox-sync's 2FA is based on my gmail, so when I tried get logged on firefox-sync, firefox asks me for my verification code, but my verification code is in my gmail, and my gmail's password is in firefox-sync.
So I lost access to all my accounts, I lose my gmail, github, gitlab, stackoverflow, discord, etc etc... :'(
From the gmail side, I tried all that gmail let me try but unsuccessfully.
So, the only possibility that I see, is recover the information of the formatted partition and rebuild the previous state of Firefox. I mean:
Reading about firefox loggins, and taking a look to firefox's workdir (`$HOME/.mozilla`), I see firefox saves login's info in a json file located in `$HOME/.mozilla/$profile$/logins.json`.
So the basic idea is with a data recovery tool, try recover `.mozilla`s directory and replace it over the current environment so when I start firefox can get access to my login's info. But I'm not sure how much it is possible to recover the whole directory, and if is not posible, my question is:
What files next to `logins.json` should be my recovery targets to replace inside the `.mozilla` folder in order to reconstruct my accounts login information?
You need to recover a matching logins.json (logins) and key4.db (encryption key) file and place those two files in a profile folder to see if that shows the usernames and passwords in about:logins. You may have to enable login debug via signon.debug = true to check for issues.
I've managed to recover some encryption keys and rebuild my old `logins.json`, but replacing both in the current profile about:logins returns empty.
I tried the 'logins.json' files with all the encryption keys I retrieved, and with the option singon.debug = true, and it always shows empty.
After that leave the profile in the previous state with the original 'logins.json' and 'key4.db' files and try to change only one letter in a password to see if this affected the result.
At first I would think that if I change the encrypted value it should change the output, but what happens is that in about:logins that record just doesn't show up, which gives me an indication that there is another place in firefox that somehow checks for the non corruption of these files.
What I think now is, if I have both the encrypted password and the encryption key, I can manually apply the algorithm firefox uses for encryption. Is this correct? And if so, what algorithm should I use for decryption?
Whatever the outcome, get your data in multiple places. see screenshot
I can't access my data I don't have any other firefox session active, I managed to recover both the encrypted passwords and the decryption key with photorec, but I don't know how to use them, I don't know what algorithm firefox-sync uses for decryption.
I need to manually decrypt them because simply replacing the `logins.json` and `key4.db` files in a profile doesn't work
It is painful for me to lose access to all my accounts, I understand that I should have made sure I had the necessary information before formatting and reinstalling the operating system. And I really want to try everything before I give up.
But as far as I understand, and reading this, the password information and the decryption key are on the computer, and after a data recovery process I think I have this (see sreenshot).
If I'm not mistaken, the 'logins.json' file is the encrypted data and the decryption key is the 'key4.db' file. According to me, with the key and the encrypted information, I can manually apply the algorithm that firefox-sync uses for decryption. but I don't know what it is.
Are there relevant-looking login/signon/password errors in the Browser Console when you open about:logins ? You did confirm that the logins.json file is valid JSON by opening the file in a Firefox tab ?
The console is clear when i open about:logins
But initially the json file did had errors, it had special characters at the beginning of the file, I just deleted them, and after that the file opens fine in a firefox tab and looks something like this. (screenshots)
Of course I clean the file before trying to put it in the profile.
Also, the `logins` file I retrieved through a sqlite file. I got there via a grep, to find the patterns that matched the shape of the logins.json file. (grep is not working for me with json files, I don't know why).
I did the same for the encryption key, I looked for the "nssPrivate" pattern. And I got a few keys, I have tried the json file with all the keys and always about:logins comes out blank.
I understand that the problem may be that the json file is not correct or maybe that simply none of the keys I have are the key. And I understand that at this point it can even be considered as a lottery.
But something that caught my attention, is that the sqlite file from where I extracted the json file. When I open it with the text editor I could search and find the fragment of the json file which I extracted(screenshot). But when I open it with a sqlite tool it asks me for a password(screenshot). And without the password it lets me access the schema, but not the data. So I deduce that the passwords might be there and that the key might be one of the ones I retrieved.
The thing is that the password entry allows me to pass it as "passprhase" or as "raw key". But I don't understand how to get to that key representation nor all the parameters underneath (sql tool screenshot) . I mean, I can see the private key and the scheme, but I find it confusing. If I could know at least what is the specification that the private key uses, to read it and understand what I am seeing when I see the private key, it would be very useful.
The only way to decrypt the logins in by placing logins.json and key4.db in a profile folder. You can't do this via SQLite or otherwise, although there is a Nirsoft utility, but I assume that only works if the files aren't broken.