Friday, November 4, 2011

Android Recover Mail password

It's probably necessary that your device is rooted in order to be able to do this. I'm not sure though. This blog post is for people willing to recover there OWN password, do not misuse this information.

Prerequisites


Before you can start, it is necessary that the tools of the Android SDK are installed and ready to be used. How to install these tools is explained here


The story


We want to recover the password of our e-mail account. Because android needs this password to download your e-mail, it will store the password on your phone. The data of applications is stored in /data/data. At that location there are directories for the different applications. The directory for mail is com.android.email. There we have to find the password. The password is located in 1 of the databases that is in the com.android.email folder. The databases are SQLite databases, so the easiest way to recover the password is by browsing the databases using an appropriate tool.


The recovery steps


First you need to get the contents of com.android.email. (You don't need it all but this way you can inspect the other contents also.) This is done by executing the following command in the shell of your ubuntu installation:

adb pull /data/data/com.android.email ~/email_of_phone

This will place the contents in a folder named "email_of_phone" in your home directory.


Next you'll need to install a tool to explore the databasefiles. I have used SQLitebrowser which is in the repositories. Just install it by using the command:

sudo apt-get install sqlitebrowser

When this is done you'll have to launch the SQLitebrowser. Just use shell:

sqlitebrowser

The people who are no shell-enthousiasts can be happy, from now on everything is by GUI. The GUI is very straightforward. Click the Folder icon (with the arrow). This opens up a dialog window where you can select your database. The database will be 1 of the databases in ~/email_of_phone/databases. For me it was the EmailProvider.db so you should try that one first :-).


When the databases is opened you can see that there is a table called HostAuth. This might be interesting to find out our authentication credentials. So we click the + sign to the left of it.



Then we can see that it has indeed a password field!



But we are not interested in the table layout. We want the content of the table. So click the "Browse Data" tab.



The last step is changing the table that is shown to HostAuth.




Finally you can read the content of the table. In the Password field, you can read the password in plaintext.

9 comments:

  1. Thank you for this great tutorial.

    I simplified it so that no terminal commands were necessary: I used the root browser. I went to the data\data com.android.email\databases folder copied the folder to the storage ziped and sent the zip file via email... then dowloaded the sqllite browser (for windows) and browsed for the HostAuth entry... as described above.

    ReplyDelete
  2. I am glad it helped.

    Personally I use the terminal a lot and for a lot of tasks I prefer it but most people don't like it so thanks for providing the 'no-terminal' steps, I am sure it will be helpful to others.

    ReplyDelete
  3. Does this still work? I pulled this info from the rooted tablet of my mother who forgot her password and it seems the tables are zeroed out.
    TF101 with katkiss JB 4.3

    ReplyDelete
    Replies
    1. I can confirm it still works, however the location has changed somewhat:
      /data/user//com.adroid.email/databases/EmailProvider.db, where n is the 1, 10, 11 and so on user in binary.
      Needs root though.

      Delete
    2. C R A P, it /data/user/_n_/com.android.email/databases/EmailProvider.db :)

      Delete
    3. Hi, good that you found the new location. Even better that you share it. Thanks!

      Delete
  4. Thanks for your post! Location for HTC (One S):
    /data/data/com.htc.android.mail/databases/mail.db

    ReplyDelete
  5. thanks a lot it works
    with a rooted phone you can find directly the files in browser.
    Tx again

    ReplyDelete
  6. This comment has been removed by a blog administrator.

    ReplyDelete