A few months ago, during the GLP, I started to play Counter-Strike: Source. In order to do that, I had to create a steam account. That involved a username, a password and a password recovery question/answer. Since I use KeePass to store my passwords, I never really bother with password recovery questions and their answers. You can see where this is going… during the GLP I kind of forgot to store it in KeePass. I’ve read somewhere that lack of sleep isn’t really good for memory. Well that was probably the case because I totally forgot the password I used. Steam, like many other applications can store your password for you. So as long as nothing bad happened to my computer (i.e. as long as i didn’t format the system hard drive or something like that) i would still be able to play CS:S. But that’s no way to live ;). The simple fact that the password is stored by an application that uses it to authenticate with some remote service makes it possible, in theory, to recover that same password. The name that came to mind when I thought about video game security was Luigi Auriemma’s. Well, Luigi actually because I couldn’t remember his last name. I knew the name since the Unreal Engine advisory, but more recently for the Soldier of Fortune II /ignore adisory - I was playing SoFII at the time. Sure enough I found exactly what I was looking for - Steam password decoder 0.1 (steampwd):
experimental tool for decoding the password stored in the local (and ONLY the local) ClientRegistry.blob file (1.0?).
It worked. Now I know the password to the account and I’ve stored it in my KeePass DB.
