Decrypt encrypted passwords in EmailProvider.db
on samsung phones. You can use the tool presented here online.
- Root the phone.
- Extract the sqlite database file
/data/user/0/com.android.email/databases/EmailProvider.db
. - In the database, extract the encrypted password from the
HostAuth
table. - Use one of the tools of this repo to decipher the password.
In stock android versions, the password is stored in plain text in the database. Samsung decided to encrypt this password, but they use the same decryption key on all phones.
The password found in the database is a base64 representation of the original
password encoded with AES 128 CBC, using an empty initialization vector and the
following key: 0ea7923ecc6e979f633d0415a1e20871
.
The key itself is the result of a PBKDF2 key derivation with the following parameters:
- Password:
(qlBxn2qlB!ro@qkf?)
, - Salt:
samsung_sec_salt
, - Number of iterations:
100
, - Key length:
128
bits, - Hash algorithm:
SHA1
.
Under linux and MacOS, you can decode your password with the following command:
echo "frNQWuOXBQGUiGDpIwhRIQ==" | openssl aes-128-cbc -d -a -K 0ea7923ecc6e979f633d0415a1e20871 -iv 0
(where you replace frNQWuOXBQGUiGDpIwhRIQ==
by your actual encoded password).
There is a web application in javascript that allows you to decrypt the passwords without downloading or compiling anything yourself: samsung-password webapp.
- Original implementation by @yajin :
DecryptSamsungEmailPassword.java