How can I get my password from flickr uploadr
April 15, 2008 4:40 PM   Subscribe

Help me hack into my own flickr account

AskMeFi, this is a hard one. I have a long-dormant flickr account that I desperately need access to. I have tried the usual password-retrieval methods, but naturally, I had given them fake answers to the security questions.

The only method I have to access my account is through flickruploadr (version 2.2) on my venerable iBook G4. I can still use this to upload photos, but when I try to go to the site it asks for my Yahoo login and password which I no longer remember. The password is somewhere on my iBook. There is a file called com.flickr.uploadr.plist that has a string called my account name, but the value is gobbledygook. I am thinking this might be my password? How can I unscramble it? Is there some other way to get this password? I guess I also need my Yahoo ID (I no longer remember it, and it's not the same as my flickr username) - this must be somewhere on my iBook too.

I would really like control of this account back! There are pictures on there that I no longer want the whole world to see.

Any tips you have would be greatly appreciated.
posted by sid to Computers & Internet (11 answers total) 1 user marked this as a favorite
 
Went through this myself a few days ago. E-mail Flickr from the address you think you used to set up your flickr account, or give them that e-mail address in addition to the one you normally use -- by using the "contact us" form. Give them the url of your account. Give them the yahoo address you think might be connected to the flickr account. Give them as much info -- without giving them passwords, of course -- as you can remember. Seriously, sometimes it gets to the point where it's beyond your ability to rescue your account on your own.

They won't be able to give you your passwords, but they may be able to reset them for you if you provide enough info linking yourself to the account.
posted by brina at 4:56 PM on April 15, 2008


Many OS X applications use Keychain to store passwords. I'm not sure if flickruploadr does or not, but you can check by opening the Keychain Access application in /Applications/Utilities/.
posted by scottreynen at 4:57 PM on April 15, 2008


There are ways to decode the password from the file, but since we don't know how they encrypt the passwords, it could be hard. It could be protected using md5 or sha hashes, but that's pretty weak.. You can try it here: http://md5.benramsey.com/ for md5.. I suppose you could also contact the developers of flickruploadr if flickr refuses to help you..
posted by majikstreet at 5:19 PM on April 15, 2008


Email the flickr team, offer to prove your identity by uploading a picture of their choice through flickruploader. This proves you had (presumably) legit access to the account at one time, and that will likely be enough.
posted by phrontist at 5:29 PM on April 15, 2008


Unfortunately for you, the Flickr API doesn't use account passwords. Instead, the app registers a key with your account, and you authorize it through the web page. So the app never sees your password, thus it can't store it.
posted by sbutler at 5:30 PM on April 15, 2008


I don't know anything about flickruploadr, but if it is uploading pictures to your account without asking for your username and password, then it must have stored an authentication "token" on your computer. My guess is that this is what is inside com.flickr.uploadr.plist. If you have the token, and you also have access to the api_key and api_secret for flickruploadr, then you can call any of the methods in the flickr api without your username or password.

This is probably only useful as a last resort, though...
posted by Zach! at 5:41 PM on April 15, 2008


Response by poster: brina - I have begun a campaign on that front too thanks to you. Let's hope it bears fruit.

scottreynen - no dice, but I now know how to use Keychain, which I had previously known nothing about. Thanks!

majikstreet - that's an awesome site! too bad it didn't work for me - thanks for telling me about it.

phrontist - will try this too.

sbutler - thank you, I did not know that!

Zach! - you propose an intriguing solution. I'm tempted to try this just because it sounds kind of cool. Is the token that is generated unique to the application? I can't find any files called api_key and api_secret on my computer
posted by sid at 5:59 PM on April 15, 2008


Here's the API: Flickr Services. As far as libraries go, I'd personally reach for Perl or Obj-C (via F-Script).
posted by sbutler at 6:04 PM on April 15, 2008


I too signed up for a Yahoo account using all bogus info when Flickr did the shift, and then forgot my password. Flickr reset them for me, just as Brina said. I just had my Flickr user name and my Yahoo email, so hopefully they can do the same for you.
posted by oneirodynia at 7:21 PM on April 15, 2008


I've tracked down the api_key and api_secret for your version of FlickrUploadr:

api_key = 0e09f18c11a81f6497b5c5ce5802d84e
api_secret = 89789513393cc711

I'm not sure where the token might be, but it seems that the directory:

~/Library/Application Support/Flickr Uploadr

might be a good place to start looking. It should look like two possibly longish hex numbers separated by a dash. It may even be in an xml formatted file marked with the tag . With these three things you should be all set to access your account with your favorite library, as mentioned by sbutler.
posted by Zach! at 12:26 AM on April 16, 2008


The tag "token" in angle brackets, that is.
posted by Zach! at 12:26 AM on April 16, 2008


« Older Family member immigration concern   |   mobile technology and culture in Tokyo? Newer »
This thread is closed to new comments.


Tags

Share