How to read key3.db and logins.json in plain-text?
Solution 1
What I did on Linux:
- Grab
nss
source package for your distro. - Unpack, patch and configure.
- Go to nss/cmd/pwdecrypt subdirectory
- Build
pwdecrypt
tool.
I used the following command line to build the tool (CentOS 7.7):
gcc -o pwdecrypt \
-I/usr/include/nspr4 -I/usr/include/nss3 -I../lib \
-lnss3 -lplc4 -lnspr4 -lnssutil3 -lsmime3 \
pwdecrypt.c ../lib/secutil.c ../lib/basicutil.c ../lib/secpwd.c ../lib/pppolicy.c
This may require certain development packages installed (nss-devel in my case).
Once you have the tool go to firefox profile directory and execute:
jq -r -S '.logins[] | .hostname, .encryptedUsername, .encryptedPassword' logins.json | \
pwdecrypt -d .
or (if key4.db is used instead of key3.db):
jq -r -S '.logins[] | .hostname, .encryptedUsername, .encryptedPassword' logins.json | \
pwdecrypt -d sql:.
You may find Reveal saved Mozilla Firefox passwords article helpful.
Solution 2
To list the Firefox or Thunderbird logins with passwords, you can use this firepwd
Python script.
To install it on a Debian/Ubuntu system:
wget https://github.com/lclevy/firepwd/archive/master.zip
unzip master.zip && rm master.zip
apt install python3-pip # add sudo if needed
cd firepwd-master
pip3 install -r requirements.txt
To run it :
python3 firepwd.py -d /path/to/your-profile/
Note that the trailing slash for the path is required.
This will also print the salts from key3.db
. To skip them and only show the logins and passwords, you can add | sed '1,/^decrypting login/d'
. So for example, if your Firefox profile directory is called x.default
in the default folder of your home:
python3 firepwd.py -d ~/.mozilla/firefox/x.default/ | sed '1,/^decrypting login/d'
There is also another Pyhon script, which I have not tried, suggested by this answer on security.stackexchange.com : https://github.com/unode/firefox_decrypt.
Since it's just a Python script, it can certainly also be easily installed on Windows or Mac systems.
Related videos on Youtube
user737988
Updated on September 18, 2022Comments
-
user737988 over 1 year
How do I get
key3.db
and/orlogins.json
to print in plain-text using commandline?$ cat /home/*/.mozilla/firefox/*.default/key3.db $ cat /home/*/.mozilla/firefox/*.default/logins.json
-
gronostaj almost 7 yearsIt's a database, it can't be trivially converted to plain text. What kind of information do you want to extract and which output format do you expect?
-
user737988 almost 7 yearsThanks for your response. I believe it's where the saved usernames:passwords are stored? Any output format is fine, I'd like to view the data in plaintext remotely.
-
gronostaj almost 7 yearsIt seems that the file is named in a misleading way. Quoting from this site: The key3.db file store the encryption key that is used for encrypting and decrypting the passwords. The encrypted names and passwords are stored in the logins.json file..
-
user737988 almost 7 yearsThanks. I also saw stuff about logins.json in my search queries. But there's no such file in my /*-defaults/ directory and I'm positive I have saved passwords there. Do you know how to decrypt the logins.json?
-
gronostaj almost 7 yearsNope, but you can try reading Firefox's source code if you're familiar with programming.
-
gronostaj almost 7 years@eckes Literally the first sentence of that question says that
key3.db
is an encryption key, not DB, and the answer says that Firefox switched from SQLite to JSON (confirmed by my link from previous comments). The script may be useful for OP though. -
Mathew Lionnet almost 7 yearsOk correction, key3.db is in Berkley/BSD-DB Format containing the encryption key. This tool can extract it and decrypt the Json or SQLite files with the user passwords. github.com/lclevy/firepwd
-