DataProtectionDecryptor is a free software to decrypt data encrypted by DPAPI System. Using this free software you can easily find out the passwords and other information on your PC which are available in encrypted form. DataProtectionDecryptor can decrypt registry keys, Windows credentials, Chrome passwords, Outlook passwords, WiFi passwords, and many others. Also, after decryption of files, you can export the final report as an HTML file.
DPAPI system is an important feature of Windows that provides a protection mechanism to user and system processes. It takes simple textual data and encrypts it in in hexadecimal and binary format. And, DataProtectionDecryptor helps to reveal that original data in just a few clicks.
Files which are protected by DPAPI can be found at many locations on your PC. See the following list, showing some file types and their locations on your PC and which are encrypted by DPAPI.
- Registry: There are some keys in the Windows Registry that need to be stored in an encrypted form to protect the information. The information can be credentials, name of a process, or any other sensitive information. For example, you can see the Outlook credentials at HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles key. Internet Explorer also uses a DPAPI protected registry key to store passwords and it can be found at: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2.
- WiFi Passwords: In Windows, WiFi passwords are kept in XML files by encrypting them first using DPAPI. You can find those XML files in C:\ProgramData\Microsoft\Wlansvc folder on your PC.
- Chrome Passwords and Cookies: Another set of files which are encrypted by DPAPI are Chrome’s login credentials and cookies. You can find these files in the Chrome profiles folder. The Chrome profiles are generally stored at C:\Users\{Your user name}\AppData\Local\Google\Chrome\User Data.
At this point, you have a rough idea what this software actually does. So let’s take a deeper dive into it and find out what it takes to decrypt data encrypted by DPAPI system.
How to Decrypt Data Encrypted by DPAPI System?
DataProtectionDecryptor is a simple and a lightweight software that you can use to decrypt data which is encrypted by DPAPI system. The software takes a directory or a single file as input. After that, it starts scanning the files and reveals the data inside it in decrypted form. Not only data, it also shows various other parameters of the source file. You can also see the Decryption result, Key file Guid, KeyFile Crypt Algorithm, Description, hash Algorithm, etc.
Follow these simple steps to decrypt data encrypted by DPAPI System.
Step 1: Download and install DataProtectionDecryptor from this link. After that, open it up and you will see its first pop up window where you have to specify the location of the source files.
Step 2: In the options that open after running the software, you can choose to decrypt data for current logged in user or you can use another user credential to decrypt files. Specify your choice and proceed.
Step 3: Move to the drop down that says whether you want to decrypt data from a file or from a specified string. Choose the option, depending on your data. In my case I will use the option to decrypt DPAPI data from files.
Step 4: Now, specify the source file that you want to decrypt by pasting its path in the box. If you want to use all the files of a directory, then you can use wildcards.
Step 5: Now, all the configuration has been done, hit the OK button to start decrypting files. It will show list of files which are being decrypted by it. It also shows various other stats of the source file that you can see in the various columns.
After the final result has generated, you can export this result to an HTML file. Select the entries from the list whose details you want to export or you can select a single entry also. After that, use HTML Report- All Items right click option to view the report in the default browser.
So, in this way you can easily decrypt data encrypted by DPAPI System using DataProtectionDecryptor. The software works very well and decrypted various registry keys and credential files for me. If you are facing any problems during the decryption process, then you can try the software by running it with administrator rights.
Conclusion
DataProtectionDecryptor is a very nice software to decrypt data encrypted by DPAPI System. You can easily decrypt various files and some encrypted strings through it. Also, you can see various parameters of the encrypted file and after decrypting, you can also export the final result as HTML file. So, if you are looking for ways to decrypt DPAPI data files, then this article will help you.