Lastbit Software recovers lost or forgotten or passwords since 1997. Password Recovery Solutions online since 1997

Password Recovery
  Most Popular:
Access Password Recovery
Excel Password Recovery
Outlook Password Recovery
Word Password Recovery
VBA Password Recovery
Office 2007-2024, 365 Password Recovery Service

Quicken Password
QuickBooks Password


...much more...

 Security
  Multi-User Password Manager
...more...
 Utilities
  Find Password Protected Documents
Online Password Generator
...more...
 Articles

 

Effective Password Recovery Solutions - 27 years online!

 

Pwl Files

Aurora Password Manager Multiuser password management solution for enterprises. Easy web form filler.
My Password Manager Password manager for personal, family and office use.
PWL file contains valuable information like dial-up and network passwords. This is an universal storage for sensitive information. Any program could use PWL files. However Microsoft does not provide technical specification for PWL files and API description (as far as I know), so usually only Microsoft programs use PWL files.

In other words PWL file is a secured database. Each record has three fields:

  1. Resource type (0..255)

  2. Resource name

  3. Resource password

Both resource name and resource password may be binary. Moreover program may interpret these fields as it wants so 'resource name' may be not a name and 'resource password' may be not a password. There is exists a limit of 255 records per single PWL file. All records along with user name and checksum are encrypted with strong cipher algorithm RC4. Encryption key is derived from login password. Windows uses PWL files to verify login password. However login password is not stored in PWL file. Windows decrypts PWL file using specified password and then verify checksum. If checksum is correct then entered password assumed to be valid. So it is possible to get access to PWL file if only both login password and user name are known. If login password is unknown then a search is the only way to get access to PWL file's contents. User name must be known because it is involved into checksum verification. Usually PWL file name is the same as user name. However it is not necessary. PWL file name never exceeds 8 characters. Windows never overwrites PWL files. By default PWL files are located in the Windows directory. Since Windows never overwrites PWL files it's possible that resulting PWL file name will be mangled. For example, if robert.pwl file is already exists then new PWL file for user Robert will have rober000.pwl file name. Next file name is rober001.pwl and so forth.

Both user name and login password are case sensitive for PWL file, however high level Windows functions convert them to uppercase. Nevertheless there is an exception: dial-up network server use rna.pwl file to store connections passwords. User name is *Rna (case sensitive).

Each PWL file must be registered in system. There is [Password Lists] section in system.ini file. Each line in this section looks like this: USERNAME=FullPathToPwlFile

Resource Types

Following resource types are most useful.

6 - this resource type is used by dial-up networking and MS Crypto API. Dial-up networking use PWL as follows. Resource name looks like *Rna\ConnectionName\Username . Resource password is a connection password.

19 - WWW resource (used by Internet Explorer). Resource name has following syntax: DomainName/Page title . Resource password contains login name and password separated by colon. For example John:abc

You can use pwlview program to examine current user's PWL file contents.

Windows Versions

The original Windows version contained a gross error which enabled easy extracting of cached passwords (in fact, this is possible for most (but not all) PWL files). Well-known program called glide do this. However original glide.exe uses an imperfect algorithm so it fails often. In the OSR2 version this error has been corrected, although security problems persist (as you can see). Windows '98 does not seem to differ from OSR2 in the sense of security, but Windows NT is built quite differently (click here for NT recovery). About Windows 3.11. Its PWLs are same with original Windows 95.

PWL Files Reliability Estimation (OSR2 Version)

You should keep in mind that a saved password can be extracted by a malefactor - therefore passwords should only be saved if no unauthorized personnel can access your computer. It has to be mentioned that a PWL file is encrypted and it's not easy to extract passwords from it. The first Windows'95 version encryption algorithm was quite poor, which allowed for a program for PWL files decryption to be created. However, in the OSR2 version this drawback has been fixed - it is now much harder to decrypt a PWL file.

Despite the information which is contained on my site, the password storage system in OSR2 is generally made quite professionally and is reliable from the cryptographer’s point of view. Still, it contains several quite serious drawbacks, namely:

  1. All passwords are converted to uppercase, which significantly reduces the quantity of various possible passwords and allows for a higher password search speed. By the way, the low level password engine uses a password ‘as is’, i.e., does not convert it to uppercase – it’s entirely the fault of the high level part. This drawback is aggravated by #2.

  2. MD5 and RC4 algorithms are professional and decipher-resistant but fast, which allows to implement a very fast password search.

  3. The password caching system is inherently unreliable. If some program is able to get an earlier saved password than any hacker can do the same thing. Microsoft should have explained to its customers that password can be saved only if no unauthorized personnel can access your computer. Yet, it would be inconvenient to abandon saving passwords altogether. The right thing to do would be providing one more working mode for Windows (and make this mode a default one) in which all passwords could be saved but every time they have to be retrieved it took entering one short master password to retrieve them.

PWL-Related Software

PWLView

Yet, having an access to the computer, it will pose no problem to acquire all passwords which had been saved in it. This can be done with a small program. First version of PWLView was released in a hurry without any documentation (I thought it was kind of self-explanatory). As a result I was simply flooded with hundred questions on this program. PWLView has been distributed quite widely. It is available on different sites under different names. First version of PWLView just shows cached passwords using standard (but undocumented) windows API on local machine for current user (user must be logged in) and no more. Now second version is available. PWLView v2.0 has been completely re-written by Eugene Korolev. The key new feature is ability to show current user's name and login password (of course if it was entered at Windows logon). Now it's a shareware. Free demo version shows only first two characters of login password (and all cached passwords). In other words free demo version of PWLView v2.0 provides same functionality as free first version. Registered version has no restrictions and shows full login password. However if login password is unknown or PWL file is copied from another computer you need for PWL Tool. Please note that PWLView is console Win32 application and looks like dos program (as well as all other console applications). As a result it is really small and does not require for huge external DLLs.

PWL Tool

Pwl Tool is much more powerful version of PwlView. It able to obtain information from PWL files when logon password is lost. Pwl Tool uses brute-force attack (fastest!) dictionary search or smart-force technology to recover a password. 

Welcome to PWL Tool page

MakePWL

MakePWL is an extremely useful tool for administrators who need to pre-configure multiple computers. You can specify password information and MakePWL will create PWL file that can be simply copied to another computers.

Welcome to MakePWL page

Some tricks and tips

Q: Are PWL files safe ?
A: They are safe if only login password is long enough (alphanumerical, at least 8 characters long) AND intruder has no physical access to the computer after logon. If user leaves computer unattended after logon intruder can grab passwords from computer's memory.

Q: How to force Windows do not ask login password at startup ?
A: You can enable silent logon as follows

  1. Set empty login password
  2. Select "Windows Logon" as the value in the Primary Network Logon box in the Network option in Control Panel.
  3. Make sure that user profiles are NOT enabled (using the Passwords option in Control Panel or by setting the related system policy).

Q: Tell me more about passwords
A: There are many various guides how to choose right password. One of them is available here

 


Home  ///   Download  ///   Order  ///   Terms of Use  ///   Privacy Policy

Copyright © 1997-2024 LastBit.com All rights reserved.