Peter's Blog

Redefining the Impossible

Cracking Filezilla Passwords


Needed to recover a password from my FileZilla settings. It transpires that this is not very difficult. The passwords are not strongly encoded which some regard as a security flaw but the developers seem to acknowledge that if you want security, don't trust a computer.

   1  #
   2  # Dump filezilla site manager, including account name, host, user and password.
   3  #
   4  import _winreg
   5  
   6  def DecodePassword( strPass):
   7      """Decode a filezilla password"""
   8      strKey = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"
   9  
  10      nPassLen = len(strPass) / 3
  11      nOffset = nPassLen % len(strKey)
  12  
  13      strDecodedPass = ""
  14  
  15      for i in range(nPassLen):
  16          c = int(strPass[i * 3:(i * 3) + 3])
  17          c2 = ord(strKey[(i + nOffset) % len(strKey)])
  18          c3 = chr((c ^ c2))
  19  
  20          strDecodedPass += c3
  21  
  22      return strDecodedPass
  23  
  24  #
  25  # Walk through registry, decoding site details.
  26  #
  27  oReg = _winreg.ConnectRegistry( None, _winreg.HKEY_CURRENT_USER)
  28  oLicenceKey = _winreg.OpenKey( oReg, r'SOFTWARE\FileZilla\Site Manager')
  29  
  30  nIndex = 0
  31  while 1:
  32      try:
  33          strSite = _winreg.EnumKey( oLicenceKey, nIndex)
  34      except EnvironmentError:
  35          break
  36  
  37      oSiteKey = _winreg.OpenKey( oLicenceKey, strSite)
  38      strHost = _winreg.QueryValueEx( oSiteKey, u'Host')[0].encode( 'ascii')
  39      strUser = _winreg.QueryValueEx( oSiteKey, u'User')[0].encode( 'ascii')
  40      strPassword = DecodePassword( _winreg.QueryValueEx( oSiteKey, u'Pass')[0].encode( 'ascii'))
  41  
  42      print strSite, strHost, strUser, strPassword
  43  
  44      nIndex += 1

Filed under: filezilla python

Evan Says:

about 1 year ago

Thanks for posting -- this just came in useful for me today

Heinrich Says:

8 months ago

Thanks! It generaly works, but not with subfolders.

Andrew Says:

5 months ago

Thanks for this - I was looking for a way of decrypting the passwords in FileZilla.xml so I've converted your algorithm to VBScript:

   1  Function DecodePassword (Pass)
   2    Key = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"
   3  
   4    PassLen = len (Pass) / 3
   5    Offset = PassLen mod len (Key)
   6  
   7    DecodedPass = ""
   8  
   9    For Count = 1 to PassLen
  10    	c = CInt (Mid (Pass, (Count * 3) - 2, 3))
  11    	c2 = Asc (Mid (Key, (Count + Offset) mod len (Key), 1))
  12    	c3 = Chr (c Xor c2)
  13    	DecodedPass = DecodedPass & c3
  14    Next
  15  
  16    DecodePassword = DecodedPass
  17  End Function
  18  
  19  If Wscript.Arguments.Count > 0 Then
  20    Set XMLDoc = CreateObject ("Microsoft.XMLDOM")
  21    XMLDoc.async = False
  22  
  23    If XMLDoc.Load (Wscript.Arguments.Item(0)) Then
  24    	Set NodeList = XMLDoc.documentElement.selectNodes ("//FileZilla/Sites/Site")
  25  
  26    	For Each Node In NodeList
  27    		WScript.Echo "Name - " & Node.selectSingleNode ("@Name").text
  28    		WScript.Echo "Host - " & Node.selectSingleNode ("@Host").text
  29    		WScript.Echo "User - " & Node.selectSingleNode ("@User").text
  30    		WScript.Echo "Password - " & DecodePassword (Node.selectSingleNode ("@Pass").text)
  31    		WScript.Echo
  32    	Next
  33    Else
  34    	WScript.Echo "Error loading file or file not found"
  35    End If
  36  
  37    Set XMLDoc = Nothing
  38  Else
  39    WScript.Echo "Filename required"
  40  End If

Quintin Says:

3 months ago

Thanks for that one Peter (and Andrew!)... This has just enabled me to decode the passwords from an older version of FileZilla so I can manually (grr) recreate them in the latest build (v.3.1.2).

A couple of comments:

1) Heinrich's correct in that it doesn't cope with Folders.

1a) My work around for now was to manually edit the XML before I passed it in to the VBScript and remove all the Folder nodes so that the tree is as expected (FileZilla to Sites to Site nodes).

1b) The 'proper' work around would be to re-engineer the script so that it has a dedicated function to work on a folder of sites which recursively calls itself if it finds a folder inside a folder... and, sorry, I haven't got the time in my day to 'knock that one out' either! ;)

2) Being more of an applications developer than a sys admin or script kiddie I had to get my head around how to run a VBScript... For those who need help there it's useful to know that if you simply call the VBS file from a cmd line then it will probably execute in 'WScript' mode which means that the Echo commands output to a modal dialog box (LOTS of clicking OK to everything). You can, however, run the script through the 'CScript' WSH Engine by using something like this at your cmd line:

cscript decode.vbs filezilla.xml

I hope that helps someone... and thanks again for the code!

Have Your Say

I welcome constructive comments or questions but I reserve the right to delete any comments that displease me.

Who are you?

(Optional) If you enter an email address here I might email you back. Your email address will not be sold to spammers or shown anywhere

What do you have to say?