Trillian is the most popular universal messenger with 450+
rich features. It supports almost all IM clients including Gtalk, Windows
Live, AIM, Yahoo, ICQ etc.
It also features IMAP/POP3 based
email clients which can help you to manage your inbox while chatting
with friends. It also supports popular social networks such as
Facebook, Twitter which makes it one stop tool for keeping track of
all your IM/Social/Email activities.
Trillian is available for multiple platforms including Desktop, Web
as well as Mobile platforms keeping things up to date no matter where
you go.
Trillian Password Storage Location
Like most instant messengers,
Trillian also stores the main user account (identity) password in
the local disk so that user do not have to enter the password every
time. Note that the password is stored only if user has opted to
'Save Password'.
Earlier version of Trillian
(Version 3.x < 4.x) stored all IM account passwords
in the install location of Trillian,
C:\Program
Files\Trillian\Users\Default
For each IM account, it uses unique files
such as yahoo.ini for Yahoo Messenger, msn.ini for MSN, aim.ini for
AIM etc.
Latest version of Trillian Astra (Version
4.x - Version 5.x) stores only main account passwords
(called as Identity or Astra password) in the 'accounts.ini'
file at below mentioned location. But all other IM account passwords
(such as Yahoo, Gtalk, AIM, MSN etc) are stored on the servers.
[Windows XP]
C:\Documents and Settings\<user_name>\Application
Data\Trillian\users\global\
[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\Trillian\users\global\
Here is the typical example of
accounts.ini file in which user name & encrypted password is stored
for each user account.
[Account000]
Account=security.test Display Name=Security Test
Password=ODc1NEU123g1NUVGQjRGQzAxQzJDQTk45A== Status= Status
Override=0 Status Message= Save Password=1 Last
Login=1287233739
For each account it contains section named
'[Account<number>]' under which all information for that
account is stored. Username is stored in the field named
'Account=' and password is stored in the field
'Password='.
Internals of Trillian Password Encryption
Earlier versions (3.x) of Trillian
store the encrypted password directly where as later versions (4.x -
5.x) encode it using BASE64 algorithm before storing the password.
All versions uses same encryption algorithm for secure
storing of the password. Each character in the password is XORed
with Trillian Magic bytes to yield the final password.
Here are the detailed steps for
decrypting the Trillian account password.
1.Retrieve and Decode the stored Password
As mentioned earlier, Trillian stores the
account password in the local disk. You need to retrieve the Trillian
username & associated password from this file for each stored account.
Then use the BASE64 algorithm to decode it and get the
encrypted password. Note that BASE64 decoding is required for newer
versions only.
2. Decrypt the Trillian Password
Trillian uses magic bytes which is XORed
with encrypted password to get the original password.
Here is
code example which perform the Trillian password decryption operation,
for(i=0; strEncPassword[2*i] && strEncPassword[2*i+1]; i++) {
a = strEncPassword[2*i];
if( a >= '0' && a <= '9' )
c = a - '0'; else c = 0xA + (a - 'A');
a = strEncPassword[2*i+1]; if( a >= '0' && a <= '9'
) a = a - '0'; else
a = 0xA + (a - 'A');
c = (c << 4) + a;
//Xor encrypted password with Magic char strClearPassword[i] =
c ^ bMagicTrillian[i]; }
//null terminate the password
strClearPassword[i]=0;
printf("Final decrypted Trillian password
is %s", strClearPassword);
In each step of the decryption operation,
two characters from encrypted password representing one byte are taken
and XORed with corresponding byte from the Magic array. At the end of
the operation we will get the original Trillian password.
Recovering
Trillian Password Automatically
TrillianPasswordDecryptor is a dedicated tool to
recover Trillian account passwords. It can automatically detect the
currently installed version of Trillian and recover the passwords
accordingly. It supports all Trillian version starting from 3.x to
latest beta version 5.x.
TrillianPasswordDecryptor is a portable tool which does not
require installation and work across wide range of platforms starting
from Windows XP to Windows 10. You can also use our other tool,
IMPasswordDecryptor
to recover the Trillian passwords along with other instant messenger
passwords.
Above article explains how Trillian stores the account password
using its own proprietary encryption algorithm and shows how one can
manually decrypt such password to recover the original password.
Note that it does not mean lapse on Trillian Security as only authorized
user can view and decrypt the stored passwords. But due to nature of its
password storage mechanism, you are advised to exercise caution while
granting others access to your system.
