How to extract passwords from Core FTP LE

If you are like me and have maintained a copy of Core FTP LE simply because there is no easy way to extract passwords from the application, follow these instructions to set yourself free.

No download or payment required

A lot of the solutions available cost money or require you to install software. This is no longer necessary, and you can thank me in a moment.

Instructions

Find the encrypted passwords in the Windows Registry

  1. Open the Registry Editor
    1. Windows 10: Press the Windows key, type regedit, and press enter
    2. Older Windows: Go to Start, Run, type regedit, and press enter
  2. Find the numbered site profiles saved in HKEY_CURRENT_USER\SOFTWARE\FTPWare\CoreFTP\Sites. Each site holds the label with which you are familiar in the key called Name.
  3. Copy the encrypted password that is saved in a key called PW.

Decrypt the password using a web page

  1. Go to http://aes.online-domain-tools.com/
  2. Choose these settings
    1. Input type: text
    2. Input text: [the encrypted password you found in the registry]
    3. Plaintext or Hex: Hex
    4. Function: AES
    5. Mode: ECB
    6. Key: hdfzpysvpzimorhk
    7. Plaintext or Hex: Plaintext
  3. Press the decrypt button

You will see output that looks like this:

38	30	38	36	37	37	37	31	37	30	00	00	00	00	00	00
 	 	
8	0	8	6	7	7	7	1	7	0	.	.	.	.	.	.

The password in this sample output is 8086777170. Wash, rinse, and repeat for all the site profiles you find in the registry. Profiles that have no saved password will have no content in the PW key.