These types of password and license key recovery tools have been around for quite a while but it’s been some time since a new one was released. “reCALL” comes from developer Maciej Kaczkowski in Poland. The developer’s site is in Polish, naturally enough, but when I asked Google to translate the page into English, I was informed that it was already in English…. huh?
Clearly the page is in Polish but there is more than one way to skin a cat – copying and pasting text from the page into Google Translate correctly identified the language as Polish and presented the following interpretation:
Recall allows you to quickly recover passwords from more than 200 programs ( email , web browsers , instant messengers , FTP clients , wireless , etc. ) and license keys from more than 2,800 applications . Recall is the world’s first program that allows you to recover most passwords and licenses also from damaged operating systems through native support of the registry files from Windows systems . With the unique feature emulation FTP , POP3 and SMTP can recover passwords from any application that supports these protocols , even if the program is not yet supported.
The installable version of reCALL is available direct from the developer and listed for download on MajorGeeks here: http://www.majorgeeks.com/files/details/recall.html but there is also a portable version available on the developer’s site here: http://keit.co/p/recall/
- Make sure to click on the link just below the green button, as indicated in the screenshot.
reCALL Portable – Download & Usage
Download consists of a 2.5 MB zip folder extracting to 5.5 MB. The file is flagged by 2 out of 55 antiviruses through Virus Total as a “Hack Tool” but that is pretty standard for these types of tools because antivirus engines are flagging the potential for malicious use – it is not a concern.
To run the program just double click the extracted executable and you’ll be presented with reCALL’s simple interface:
“Automatic recovery” is enabled by default, just click Next to begin the scan:
The scan does take quite a while, around 20 minutes on my mature Windows 7 operating system. While the scan is certainly very thorough, the bulk of license keys on my system were identified during the initial 3 minutes or so, with the rest of the scan revealing very little additional information.
The software did a pretty good job of identifying licensed installations, including Windows 7 and Microsoft Office license keys as well as some of the more popular (or common) software, but in some cases it incorrectly displayed the product ID rather than the actual license key. It also correctly identified the license key for Snagit 9 but for some reason failed to identify Snagit 11, both of which are installed on my system.
The license key displayed for Acronis TrueImage wasn’t even close to the correct one – I have it written down so could easily make the comparison – no idea what went wrong there. I’ve always found these types of tools to be a tad hit and miss, and reCALL is no exception – of course, your mileage may vary.
Clicking Next at the completion of the scan will present options to save the results in a number of formats:
I found both the CSV and Text options to be disappointingly messy with by far the best organized being HTML There is also an option to scan for email password recovery – if you refer back to the first screenshot you’ll see it under “Sever emulation”. Enabling that option presents the following screen:
Frankly, I couldn’t be bothered going through that rigmarole. The portable MailPassView from Nirsoft is by far the better option for this particular function, all you have to do is just run it.
reCALL Portable – Bottom Line
Personally, I found reCALL to be more capable than most similar free offerings and the availability of a portable version is always a plus. Definitely one for the toolbox.
How do we know that this site isn’t harvesting other information from our computers?
Unlike many other programs, recALL not encrypted or compressed, so you can try to analyze this software using popular debuggers (like OllyDbg). You can always use it offline – just disconnect from the Internet. The only connection to the Internet what the program does is for the purpose of searching databases MD5 and SHA1. Its free but not open source (maybe in future). At this time. I would not want to see viruses based on such a large number of decryption algorithms that I made in the program. If you have other questions, do not hesitate to ask.
Another thing: if you have master password created on some app (Firefox, Total Commander), recALL will not break it. The program was created to analyze the system from possible leaks passwords and passwords are the most important from the very beginning of the program, licenses were added much later. About Snagit 11 and Acronis I will check this in next versions, I not always have access to latest version of applications.
Full changelog is available here: http://keit.co/wiki
Thanks for dropping by Maciej, appreciated.
Snagit is somewhat unusual in that installing a new major version does not overwrite an older installation, so the user is able to keep both versions on the same system. Perhaps this might confuse reCall.
Cheers… Jim
This program is somewhat worrisome …I installed and ran it sandboxed for my protection ,,just in case.
The program revealed my hotmail, gmail and bigpond pass words which could be used by many of those on line “unscrupulous help desks” ,and not so moral techs …. even ‘friends’ can find out your info if so motivated.
I was under the misapprehension that email pass words were only stored on the servers of the provider. …not so it would seem.
Excellent tool for the good guys..a fantastic tool for the bad.
Come to think of it ..any saved pass words can be gleaned directly from the Chrome browser via advanced settings menu …
My Ebay password was also saved and available…fortunately banking and paypal passwords are not saved .
PayPal and banks care more about safety (you can’t save password locally even accidentally). Personally, I use Firefox with master password.
johnpro,
Saving passwords in a browser without any master password protection is asking for trouble. Keeping all passwords contained in one unprotected database is not wise.
When I ran reCall it did not identify or reveal any of my saved passwords because they are all protected by a master password.
Cheers… Jim
How about Facebook password?
Mike – Depends of whether you saved your Facebook password in your browser or not. Why not try it and see – make sure to download the portable version of reCALL (no installation required). If it finds your Facebook password, all good. If it doesn’t, you’re no worse off.