May
1

As a follow-up to my earlier post, recover a FileZilla password online, it only applies to version 2 of FileZilla. FileZilla 3 now does not obsfucate the passwords you save in the software, and relies on the operating system security to protect the plain text passwords (there's a scary thought).

At the time, I didn't quickly find an online form that decrypted a password nice and quickly, though since then I found at least one online form implemented in JavaScript. I have also found other versions of the decryptor function ported to PHP, so I'm adding mine below. It's a complete rewrite of the function in FileZilla. I think it's more staightforward than other solutions, but maybe that's just because I'm familiar with it because... I wrote it. I'll let you, the reader, be the judge of how readable it is. If you get a reason to use it somewhere, let me know.

function filezillaDecrypt ($password) {
  $key = "FILEZILLA1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  $keyArray = str_split($key, 1);
  $clearText = '';

  // Remove everything but digits from the password
  $password = preg_replace('/\D/', '', $password);
  // Only continue if a password was supplied
  if($password != '')
  {
    // Split the password into groups of three characters
    $passwordArray = str_split($password, 3);
    $passwordLength = count($passwordArray);
    $keyLength =  count($keyArray);

    $i = 0;
    // The fun decryption happens below, using bitwise operator
    foreach($passwordArray as $char)
    {
      $keyIndex = ($passwordLength+$i)%$keyLength;
      $clearText .= chr($char ^ ord($keyArray[$keyIndex]));
      $i++;
    }
  }
  return $clearText;
}
2

2 Comments

This is not working for the current FileZilla version.

Correct Leo, this was for the old FileZilla version 2 and how it stored site manager passwords. FileZilla 3 now stores them in plain text, that do not require decoding. You can also import a version 2 file into version 3, and presumably it will decode all of the passwords automatically to make this happen (http://wiki.filezilla-project.org/Fz2_to_3_convert). If you’re running FileZilla 3 and you need to recover a password, simply locate the site manager file on your computer and the plain text passwords are in there.