Meebo is one of the popular online messenger which provides one
point of access for various messenger services such as Gtalk, AIM,
Yahoo, Windows Live etc. Meebo Notifier is thin desktop client which
allows the user to keep track of notifications on any of the
messenger service from their system.
In this article, we will explore where Meebo notifier stores the
account passwords, its encoding algorithm and how to
decode the
password instantly.
Note that information presented in this
article applied to Meebo Notifier beta version, so the
password encoding mechanism presented here may or may not change with
newer versions.
Meebo Password Storage Location
Meebo Notifier supports following
messenger protocols
Meebo Account
AIM
Yahoo Messenger
Windows Live
GTalk
ICQ
Jabber
Myspace
It stores any of the above messenger account passwords in the
'MeeboAccounts.txt' file at below mentioned location,
[Windows XP]
C:\Documents and Settings\Application Data\Meebo\MeeboAccounts.txt
[Windows Vista & Windows 7]
C:\Users\AppData\Roaming\Meebo\MeeboAccounts.txt
Once you find the 'MeeboAccounts.txt'
file, open it in Notepad.You will see all your Meebo login settings
along with the password as shown in the sample
below.
Current login account name is stored as 'username'
and encoded password is saved after 'password' string.
The 'protocol' string refers to Messenger such as AIM,
Yahoo, GTalk etc with 0 refering to 'Meebo Account' itself.
Internals of Meebo Password Encryption
Meebo Notifier uses simple
XOR encoding algorthm with magic bytes to protect the
password from privy eyes.
Here are the exact magic bytes
used by Meebo for XOR encoding algorithm.
As mentioned in previous section
Meebo uses simple XOR encoding algorithm with those
magic bytes. So once you get the encoded password from the
'MeeboAccounts.txt' file it is simple matter of passing it
through the XOR loop to decode the original password.
This function takes the encoded password (stored in
'MeeboAccounts.txt' file ) as input and then simply feeds it through the
decoding loop with magic bytes to get the original password.
Recovering Meebo Password using MeeboPasswordDecryptor
Now you can quickly and instantly recover the password
using our free software - Meebo Password Decryptor. It automatically detects the Meebo password file
and decodes the password.
Alternatively you can also use our
Online Meebo
Password Decoder to recover your Meebo password without
installing any software.
Acknowledgements
Special thanks to Yogesh Khatri for discovering and
sending us the Magic bytes used by Meebo Notifier.
Conclusion
Above article exposes how Meebo stores the account password
using the simple encoding algorithm and presents sample code to decode
the same to recover the original password.
Note that it does not mean lapse on Meebo Security as only authorized
user can view and decrypt the stored passwords. But due to nature of its
password storage and encoding mechanism, you are advised to exercise caution while
granting others access to your system. However Meebo can use user
oriented encryption algorithms (such as
Microsoft Cryptography functions) to prevent it
from being accessed by other logged in users.
