The actual decryption process is explained in detail in the README if anyone is curious and would like to learn more about how it works.
Important features:
- Supports the latest versions of Firefox, which use SHA384 to derive the PBKDF2 input. The correct hash type is automatically selected.
- Multi-core cracking of the master password is supported using wordlists. (why is this useful? : hashcat and JTR cannot be used to crack the master password as they do not support the latest hash and global salt formats)
Demo:
≻ ./mozdmp data/psw_1looove/key4.db data/psw_1looove/logins.json
[*] Checking Master Password...
>> Check Master Password == '' ... NO
[*] Attempting to crack master password...
[+] Multi-Core Enabled
[?] Enter wordlist path: rockyou.txt
[?] Workers (default 20):
[*] Loading wordlist...
W0: 2407/717220 [00:11<56:18, 211.60pwd/s]
W15: 2325/717220 [00:11<56:54, 209.39pwd/s]
W8: 2278/717220 [00:11<58:55, 202.20pwd/s]
W3: 2608/717220 [00:11<51:47, 229.99pwd/s]
... (workers W0-W19)
[+] FOUND MASTER KEY: 1looove
[*] KDF Parameters:
{
"salt": "2a24f5f8ec2fc74eccd6fa396f11aa34f1c8d3de269af38ca1324539ec5a4894",
"iterations": 10000,
"keylen": 32
}
[*] AES Parameters:
{
"iv": "040ed33681631562b28ee4494725e9bc"
}
[*] Global salt: 733f22304895df339a778680cbda652191f0b46fd240f1340b81e79c4997dcac11b25b897bc779cdbad0eb6cbe1696e5
[*] KDF input (SHA384(global_salt + password)): aa5bf320258a8f9c10dc1a23dc415e3143d258c36c3218018672f0df1a6b9edb3174198700bf463201e8017d7f42767e
[+] Decrypted AES key: 462f7891ab8e708c1a93122a3b2857a5b016472b9d58cb40b52449db64e4a68a
[*] Decrypting passwords from logins...
Hostname: https://auth.wikimedia.org
Username: joog
Password: boog
Created At: 08 June 2026 11:40
If you find this interesting, you may also like chrdmp - a similar tool used to decrypt chrome profile data offline using the Chrome Safe Storage keyring secret. You can see it at https://github.com/asaix/chrdmp.