Exposing the Password Secrets of Paltalk -
Exposing the Password Secrets of Paltalk
See Also
About Paltalk
Paltalk is one of the emerging instant messenger with more than 4 million members around the world. It features thousands of chat rooms, video conferencing, PC to Phone calls etc.
For latest info on Paltalk Messenger password location, decryption & recovery methods, please visit
How to Recover Forgotten Password of Paltalk Messenger?
It is a universal messenger which supports simultaneous conversation using leading messengers such as GTalk, AIM, MSN, ICQ, Yahoo & Facebook etc.
Paltalk Password Storage Location
Like most of IM clients, Paltalk also stores the user account details including passwords in the registry for subsequent logins so that user do not have to enter the password every time. Note that the password is stored only if user has selected 'Save Password' at login time.

Paltalk saves main Paltalk account password in the Registry at following location under the sub key named after your nickname (login name)
Paltalk Messenger Registry Storage
Actual encrypted password is stored under above key with value name as 'pwd'.
For example, in my case the encrypted password for my nickname ('nagtalk') is stored at following location as shown in the above screen shot.
In addition to main Paltalk account password, it also stores individual messenger (such as Yahoo, Gtalk, MSN etc) passwords under unique keyname for each messenger. For example, AIM messenger account information is stored under following registry key (refer to above screenshot)
Now all the AIM account passwords are stored under this location with the key name as login name of the respective account. For example, my AIM account login ( is stored under following registry key (refer to above screenshot)
The password for each messenger account is encoded with BASE64 algorithm and stored in the registry value named 'pwd' under the respective account key.
Internals of Paltalk Password Encryption
Paltalk uses its own proprietary algorithm to encrypt the main account password which is stored in the registry. In my case, the encrypted password text looks like this, "2890297528213388275533842923294822881697". From this encrypted text we can get the length of original password by dividing it by 4. This leads to the fact that each group of the four characters in encrypted password refers to single character in original password.

All other messenger (such as Gtalk, Yahoo, MSN etc) passwords are encoded with simple BASE64 algorithm and can easily decoded to get the original password.
Paltalk Password Decryption Operation
Here are the detailed steps for decrypting the encrypted Paltalk account password.
1.Get Drive Serial Number
Here you need to first find the Paltalk installation drive letter. Install location is generally present at following registry location
Under this key, there is a registry value named 'InstallerAppDir' which contains complete installed path of Paltalk. We just need the drive letter from this path.

Once you get the drive letter, you can use GetVolumeInformation function as show below to get the serial number for this drive.

DWORD dwSerial;
DWORD dwSize = 256;
char strSerial[256];

if( GetVolumeInformation(strDrive, 0, 0, &dwSerial, 0,0,0,0) == TRUE )
sprintf_s(strSerial, dwSize, "%08X", dwSerial);

Finally we will get 8 character serial number which is later used in actual decryption process.
2. Perform Union of Nickname & Drive Serial Number
Next we perform union of Paltalk nickname (login name) and drive serial number by coupling one character from nickname & serial number alternatively. For example, in my case it will appear like below
Nickname: nagtalk
Drive serial no: 12345678
Union text: n1a2g3t4a5l6k78
Next we will form a bigger string by combining this union string multiple times until it is double the length of the original password. Note that we can get the length of original password by dividing encrypted password by 4. For example, if the original password length is 15 then we need to combine above string 2 times leading to final union string as shown below.
Final Union Text: n1a2g3t4a5l6k78n1a2g3t4a5l6k78
3. Decrypt the Password
In each step of the decryption operation, we take 4 characters from encrypted password. But only first 3 characters are actually used here, the 4th character is ignored. Each time, one character from 'Final union string' is taken and subjected to some magic operations. Finally its added to the integer form of 3 characters taken from encrypted text. The concrete algorithm for each step of decryption operation is shown below.
dwUnionLen = strlen('n1a2g3t4a5l6k78');
strEnc3Char = 3 chars from encrypted text
strFinalUnion = n1a2g3t4a5l6k78n1a2g3t4a5l6k78

p = atol(strEnc3Char);

b = strFinalUnion[dwUnionLen+i-1];
d = 0x86 - b;
d = d - i;

OrgPassChar = p + d;
In each step of the above decryption operation, variable 'OrgPassChar' contains each character from original password. This loop is to be repeated N number of times where N refers to the length of original password.
Recovering Paltalk Password Automatically
PaltalkPasswordDecryptor is a dedicated tool to recover passwords stored by Paltalk. It can instantly recover main Paltalk password as well as other messenger passwords for all accounts stored by Paltalk.
PaltalkPasswordDecryptor is a portable tool which does not require installation and work across wide range of platforms starting from Windows XP to Windows 7. You can also use our other tool, IMPasswordDecryptor to recover the Paltalk passwords along with other instant messenger passwords.
Above article explains in detail how Paltalk stores the account password using its own proprietary encryption algorithm and shows how one can manually decrypt such password to recover the original password.

Note that above decryption process is based on latest version of Paltalk Messenger (Version 9.9 build 367) and it may change with upcoming versions of the Messenger.
See Also