Back to browse
GitHub Repository

Firefox profile decryption tool and master password cracker.

0 starsPython

Mozdmp – Firefox profile decryption tool and master password cracker

by asaix·Jul 15, 2026·3 points·0 comments

AI Analysis

●●SolidNiche GemBig Brain

Fills the gap Hashcat left by supporting Firefox's latest SHA384 salt formats.

Strengths
  • Automatically detects and handles the specific SHA384 PBKDF2 derivation used in recent Firefox versions.
  • Implements true multi-core cracking on Linux, bypassing the single-threaded limits of existing tools.
  • Provides a clear, reproducible CLI workflow for extracting keys from key4.db and logins.json.
Weaknesses
  • Binary distribution is Linux-only, forcing Windows and macOS users to compile from Python source.
  • Relies entirely on wordlists rather than advanced rule-based mutations or mask attacks.
Category
Target Audience

Security researchers, penetration testers, forensic analysts

Similar To

Hashcat · John the Ripper

Post Description

Hi everyone, I've built a tool for decryption of Firefox profile data and multi-core cracking of the master password and would appreciate any feedback or contributions you might have to offer.

The actual decryption process is explained in detail in the README if anyone is curious and would like to learn more about how it works.

Important features:

- Supports the latest versions of Firefox, which use SHA384 to derive the PBKDF2 input. The correct hash type is automatically selected.

- Multi-core cracking of the master password is supported using wordlists. (why is this useful? : hashcat and JTR cannot be used to crack the master password as they do not support the latest hash and global salt formats)

Demo:

≻ ./mozdmp data/psw_1looove/key4.db data/psw_1looove/logins.json [*] Checking Master Password... >> Check Master Password == '' ... NO [*] Attempting to crack master password... [+] Multi-Core Enabled [?] Enter wordlist path: rockyou.txt [?] Workers (default 20): [*] Loading wordlist...

W0: 2407/717220 [00:11<56:18, 211.60pwd/s] W15: 2325/717220 [00:11<56:54, 209.39pwd/s] W8: 2278/717220 [00:11<58:55, 202.20pwd/s] W3: 2608/717220 [00:11<51:47, 229.99pwd/s] ... (workers W0-W19)

[+] FOUND MASTER KEY: 1looove

[*] KDF Parameters: { "salt": "2a24f5f8ec2fc74eccd6fa396f11aa34f1c8d3de269af38ca1324539ec5a4894", "iterations": 10000, "keylen": 32 }

[*] AES Parameters: { "iv": "040ed33681631562b28ee4494725e9bc" }

[*] Global salt: 733f22304895df339a778680cbda652191f0b46fd240f1340b81e79c4997dcac11b25b897bc779cdbad0eb6cbe1696e5 [*] KDF input (SHA384(global_salt + password)): aa5bf320258a8f9c10dc1a23dc415e3143d258c36c3218018672f0df1a6b9edb3174198700bf463201e8017d7f42767e [+] Decrypted AES key: 462f7891ab8e708c1a93122a3b2857a5b016472b9d58cb40b52449db64e4a68a

[*] Decrypting passwords from logins...

Hostname: https://auth.wikimedia.org Username: joog Password: boog Created At: 08 June 2026 11:40

If you find this interesting, you may also like chrdmp - a similar tool used to decrypt chrome profile data offline using the Chrome Safe Storage keyring secret. You can see it at https://github.com/asaix/chrdmp.

Similar Projects