webOS Nation Forums >  webOS Developers >  webOS Development > Where are account passwords saved?
Where are account passwords saved?
  Reply
Like Tree3Likes
  • 1 Post By GMMan
  • 1 Post By irwinr12
  • 1 Post By greenoyster

 
Thread Tools Display Modes
Old 10/31/2012, 12:40 PM   #1 (permalink)
Member
 
Posts: 194
Does anyone know where account passwords are saved in webOS 3.x?

I can't remember the passwords of some of my accounts and I was hoping I could extract them from my Touchpad.
irwinr12 is offline   Reply With Quote
Old 10/31/2012, 01:37 PM   #2 (permalink)
Homebrew Developer
 
Posts: 144
Usually stored in Key Store (using Key Manager - https://developer.palm.com/content/a...y-manager.html)
artxxork is offline   Reply With Quote
Old 10/31/2012, 02:14 PM   #3 (permalink)
Member
 
Posts: 194
Quote:
Originally Posted by artxxork View Post
Usually stored in Key Store (using Key Manager - https://developer.palm.com/content/a...y-manager.html)
Thanks, that's a start. Any idea how to extract them from the command line?
irwinr12 is offline   Reply With Quote
Old 10/31/2012, 04:24 PM   #4 (permalink)
Homebrew Developer
 
Posts: 144
https://developer.palm.com/content/a....html#fetchKey

note: Key data is returned if the key had been originally stored or generated with nohide = true. Otherwise, the call fails and a "key is not exportable" error message is returned

Code:
luna-send -n 1 luna://com.palm.keymanager/fetchKey '{"keyname":"xx"}'
artxxork is offline   Reply With Quote
Old 10/31/2012, 04:39 PM   #5 (permalink)
Member
 
Remy X's Avatar
 
Posts: 1,587
This has me thinking, if the keys are marked non-exportable, what other way exists to extract them....

Since most log-ins happen over SSL, it should be possible to create a "man-in-the-middle" attack with a Linux router presenting a fake SSL certificate, then decrypting the data.... or even a laptop running as an ad-hoc WiFi hotspot can do the same thing if configured correctly...
Remy X is offline   Reply With Quote
Old 10/31/2012, 04:41 PM   #6 (permalink)
Member
 
Posts: 194
Quote:
Originally Posted by artxxork View Post
https://developer.palm.com/content/a....html#fetchKey

note: Key data is returned if the key had been originally stored or generated with nohide = true. Otherwise, the call fails and a "key is not exportable" error message is returned

Code:
luna-send -n 1 luna://com.palm.keymanager/fetchKey '{"keyname":"xx"}'
Yeah I saw that but the passwords have to be "extractable" if the Touchpad is sending the password over the internet to log into an account, right?

I saw the luna-send example in the docs, but how do I know what the keyname is for a password for a particular account?
irwinr12 is offline   Reply With Quote
Old 10/31/2012, 04:55 PM   #7 (permalink)
Member
 
Remy X's Avatar
 
Posts: 1,587
Quote:
Originally Posted by irwinr12 View Post
Yeah I saw that but the passwords have to be "extractable" if the Touchpad is sending the password over the internet to log into an account, right?
Well, if "nohide = true" refers to passwords being displayed as a plain text vs a string of bullets/asterisks, then if your password isn't visible, it might be "locked"...

I don't now for sure, but in any case the password is being retrieved and sent, so if you run out of options, it can be captured after it leaves the Touchpad....
Remy X is offline   Reply With Quote
Old 10/31/2012, 05:41 PM   #8 (permalink)
Homebrew Developer
 
Posts: 144
Quote:
Originally Posted by irwinr12 View Post
Yeah I saw that but the passwords have to be "extractable" if the Touchpad is sending the password over the internet to log into an account, right?

I saw the luna-send example in the docs, but how do I know what the keyname is for a password for a particular account?
They can be hidden - depends on protocol used for authentification ... in theory you don't need to send password over the internet - you may only need it for 'calculation' and be sending just the result ... in that case password can be hidden in Key Store ...

Maybe the easiest way is to patch existing code.
Code:
/usr/palm/services  # grep -r * -n -e fetchKey                                                        
com.palm.service.accounts/models/credentials-model.js:12:		var future = PalmCall.call(KEYMGR_URI, "fetchKey", {
com.palm.service.accounts/models/credentials-model.js:47:		var future = PalmCall.call(KEYMGR_URI, "fetchKey", {
com.palm.service.boxnet/commands/checkCredentials_command.js:62:    	future = IMPORTS.foundations.Comms.PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.linkedin/serviceassistant.js:117:			future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.linkedin/serviceassistant.js:124:				return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.yahoo/serviceassistant.js:111:			future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.yahoo/serviceassistant.js:118:				return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.dropbox/commands/checkCredentials_command.js:64:    	future = IMPORTS.foundations.Comms.PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.dropbox/commands/checkCredentials_command.js:71:    		return IMPORTS.foundations.Comms.PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.photos.photobucket/account.js:99:		future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.photos.photobucket/account.js:104:			return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.videos.youtube/assistant.js:27:		future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.videos.youtube/assistant.js:32:			return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
Above are some places where fetchKey is being called ... hook console.log there and you will see...

What password are you actually trying to recover?
artxxork is offline   Reply With Quote
Old 10/31/2012, 05:45 PM   #9 (permalink)
Homebrew Developer
 
Posts: 144
Btw. just noticed that Impostah has Key Store Exploration ... you can find keyname there
artxxork is offline   Reply With Quote
Old 10/31/2012, 05:57 PM   #10 (permalink)
Member
 
GMMan's Avatar
 
Posts: 2,136
You might need to add the -a argument to luna-send for it to return something:
Code:
-a com.palm.appname
__________________
Contact: @GMMan_BZFlag (me on Twitter)
webOS Releases: Change your App Catalog country: TouchPad/PC | TouchPad/webOS Resources | Search suggestion patch for browser | Cycling Email Notifications | Don't Doctor! Make a good support request. | How to post logs | webOS Charge Monitor
GMMan is offline   Reply With Quote
Liked by Remy X likes this.
Old 10/31/2012, 06:13 PM   #11 (permalink)
Member
 
Posts: 194
Quote:
Originally Posted by artxxork View Post
They can be hidden - depends on protocol used for authentification ... in theory you don't need to send password over the internet - you may only need it for 'calculation' and be sending just the result ... in that case password can be hidden in Key Store ...

Maybe the easiest way is to patch existing code.
Code:
/usr/palm/services  # grep -r * -n -e fetchKey                                                        
com.palm.service.accounts/models/credentials-model.js:12:		var future = PalmCall.call(KEYMGR_URI, "fetchKey", {
com.palm.service.accounts/models/credentials-model.js:47:		var future = PalmCall.call(KEYMGR_URI, "fetchKey", {
com.palm.service.boxnet/commands/checkCredentials_command.js:62:    	future = IMPORTS.foundations.Comms.PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.linkedin/serviceassistant.js:117:			future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.linkedin/serviceassistant.js:124:				return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.yahoo/serviceassistant.js:111:			future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.contacts.yahoo/serviceassistant.js:118:				return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.dropbox/commands/checkCredentials_command.js:64:    	future = IMPORTS.foundations.Comms.PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.dropbox/commands/checkCredentials_command.js:71:    		return IMPORTS.foundations.Comms.PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.photos.photobucket/account.js:99:		future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.photos.photobucket/account.js:104:			return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.videos.youtube/assistant.js:27:		future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
com.palm.service.videos.youtube/assistant.js:32:			return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
Above are some places where fetchKey is being called ... hook console.log there and you will see...

What password are you actually trying to recover?
Google and Facebook primarily.
irwinr12 is offline   Reply With Quote
Old 10/31/2012, 06:29 PM   #12 (permalink)
Member
 
GMMan's Avatar
 
Posts: 2,136
Quote:
Originally Posted by irwinr12 View Post
Google and Facebook primarily.
Can't you just reset the password and update it on your devices? It's easier (and the most obvious method) to go that route instead of trying to pull them out of supposedly secured containers.
__________________
Contact: @GMMan_BZFlag (me on Twitter)
webOS Releases: Change your App Catalog country: TouchPad/PC | TouchPad/webOS Resources | Search suggestion patch for browser | Cycling Email Notifications | Don't Doctor! Make a good support request. | How to post logs | webOS Charge Monitor
GMMan is offline   Reply With Quote
Old 10/31/2012, 06:52 PM   #13 (permalink)
Member
 
Posts: 194
Quote:
Originally Posted by GMMan View Post
Can't you just reset the password and update it on your devices? It's easier (and the most obvious method) to go that route instead of trying to pull them out of supposedly secured containers.
The password recovery email for the Facebook account is the Google email and I never set up a recovery email for Google and don't remember the password recovery question.

I haven't really used these accounts in a while. Plus it seemed like a fun learning exercise as well.
irwinr12 is offline   Reply With Quote
Liked by Remy X likes this.
Old 11/03/2012, 01:54 AM   #14 (permalink)
Member
 
Posts: 194
So I've been browsing Impostah looking at the keys, I can't figure out what actually makes up the "keyName". Impsotah shows the keyname for all the accounts as "com.palm.service.accounts" but when I run fetchKey with that keyname it says key not found. Which makes sense, it would need to be unique.

I've tied a variety of combinations, not sure what it's expecting.
irwinr12 is offline   Reply With Quote
Old 11/03/2012, 03:08 AM   #15 (permalink)
Member
 
Posts: 315
Use ls-monitor to watch what's being sent across the service bus
greenoyster is offline   Reply With Quote
Liked by Remy X likes this.
Old 11/04/2012, 06:00 AM   #16 (permalink)
Homebrew Developer
 
Posts: 144
trick is to use parameter "-a appId" in luna-send command.

In Impostah's Key Store Exploration you can see KEY KIND list with pairs appid:keyname, for example 'service.accounts:++I4jEc0Qvce+ko4' ... so your magic command would be:
luna-send -n 1 -a com.palm.service.accounts luna://com.palm.keymanager/fetchKey '{"keyname":"yourkeyhere"}'

note: Impostah removed leading com.palm from appId in GUI, but you must use full appid in luna-send.

You should see any non-hidden passwords this way ... tested with Skype and POP mail.
artxxork is offline   Reply With Quote
Old 11/04/2012, 11:22 AM   #17 (permalink)
Member
 
GMMan's Avatar
 
Posts: 2,136
I think services like Google, Facebook, and Dropbox use tokens instead of authenticating each time. I haven't had a full look at how Google Synergy works, but I'd assume that's the case. Maybe Hotmail too.
__________________
Contact: @GMMan_BZFlag (me on Twitter)
webOS Releases: Change your App Catalog country: TouchPad/PC | TouchPad/webOS Resources | Search suggestion patch for browser | Cycling Email Notifications | Don't Doctor! Make a good support request. | How to post logs | webOS Charge Monitor
GMMan is offline   Reply With Quote
Old 11/04/2012, 01:15 PM   #18 (permalink)
Homebrew Developer
 
Posts: 144
You are mixing 2 different things ... how password is stored and how it is used.

In this case we are discussing how passwords from various accounts are stored. For example 'Google' account is stored same way as Skype - in Key Store and can be easily obtained from running device.
artxxork is offline   Reply With Quote
Old 11/12/2012, 09:36 AM   #19 (permalink)
Homebrew Developer
 
Posts: 779
Only if it is not configured to be hidden...
Garfonso is offline   Reply With Quote
Reply

 

Thread Tools
Display Modes



 


Content Relevant URLs by vBSEO 3.6.0