QQ Browser is one of China’s most popular Web browsers. With some 10% of the Chinese market and the numerous Chinese users abroad, QQ Browser is used by the millions. Like many of its competitors, QQ Browser offers the ability to store website passwords. The passwords are securely encrypted, and can be only accessed once the user signs into their Windows account. Learn what you need to do to extract passwords from Tencent QQ Browser.

Tencent QQ Browser

The current version of QQ Browser is based on the Chromium engine. Jut like other Chromium-based browsers, QQ Browser can save users’ passwords.

The passwords are accessible via the user interface. However, while users can view individual passwords, QQ Browser does not offer the ability to export the whole password database.

How QQ Browser stores and protects passwords

QQ Browser keeps passwords in a single SQLite3 database. The database is stored as a file named “EncryptedStorage” saved in the following path:

%localappdata%\Tencent\QQBrowser\User Data\profile_name

Where profile_name is the name of the user’s profile name in QQ Browser.

The passwords are encrypted via DPAPI, and can be decrypted with CryptUnprotectData API on the computer where the QQ Browser was installed. The DPAPI protection used by QQ Browser is similar to the type of protection employed by Microsoft Internet Explorer and the legacy version of Microsoft Edge (the UWP app). Microsoft’s Data Protection API (DPAPI) was introduced way back in Windows 2000. The Windows 10 implementation of DPAPI employs the secure AES-256 encryption to protect the passwords.

Using Windows DPAPI has its strengths and weaknesses. On the one hand, the Data Protection API is secure: the protection is based on the user’s Windows credentials, and the data is exactly as secure as the user’s Windows logon password. On the other hand, other Chromium-based browsers limited their use of DPAPI because of their cross-platform nature, implementing AES 256 GCM encryption of the main password database while protecting the master key with DPAPI. Cross-platform compatibility issues aside, DPAPI-based protection is just as secure as AES 256 GCM encryption used in Google Chrome and Microsoft Edge (Cromium). Consequently, you will have to be able to authenticate into the user’s Windows account in order to extract passwords from QQ Browser.

How secure are QQ Browser passwords? In layman terms, the real-world security of Google Chrome, Microsoft Edge (Chromium), and Tencent QQ Browser is about the same: if one can break the user’s Windows logon password, they can access that user’s Chrome, Edge and QQ Browser passwords. Windows logon passwords are relatively weakly protected, and so the speed of brute-force attacks are very high.

Using Elcomsoft Internet Password Breaker to extract passwords from QQ Browser

Elcomsoft Internet Password Breaker 3.20 can extract stored passwords from QQ Browser as well as a bunch of other popular browsers and email clients. This includes the latest versions of Google Chrome, Mozilla Firefox, both versions of Microsoft Edge (universal and Chromium-based), as well as Microsoft Internet Explorer, Opera. Popular email clients such as Windows Mail (Windows 10), Microsoft Outlook and Thunderbird are also supported. Last but not least, we’ve added support for Yandex Browser, Russia’s second most popular desktop Web browser.

In order to extract passwords from Tencent QQ Browser, you must be able to authenticate into the user’s Windows account by either logging in with proper credentials (e.g. the login and password, Microsoft Account credentials, PIN code or Windows Hello) or hijacking an already authenticated session. Analyzing a forensic disk image without knowing the user’s password will not provide access to any passwords stored in QQ Browser due to DPAPI protection.

To extract passwords from QQ Browser, do the following.

1. Launch Elcomsoft Internet Password Breaker.
2. Select Web Browsers from the menu and choose QQ Browser.
3. In a few seconds, the list of QQ Browser passwords will appear.
4. Alternatively, you may want to create a filtered dictionary to use with one of our password recovery tools. You can do this by clicking the “Export” button. In this mode, all passwords stored in all installed Web browsers will be exported.