Recently, I set a new, more secure password on the AlarmLock DL-Windows door lock software that controls our AlarmLock brand door locks. I stored the password in my password manager and moved on. It wasn’t until the next time I fired up the DL-Windows software that I realized that my password for the software would not work. At this point, I started to get pretty nervous because:
- there were no support options available to me, and
- the building manager was new and didn’t know who installed the PIN/Fob door locks on our suite.
Let the cold sweats begin!
How does the DL-Windows application store data?
From the paper documentation that came with the door locks, I read that the system uses a SQL database to store information. Knowing this, I remembered that after changes to users or configurations are made in the DL-Windows software, it will pop up an alert when exiting the software that it is making backups.
I did a search on my computer for the backup files that it creates. The backup files are stored here: C:/Program Files/Microsoft SQL Server/MSSQL10.ALSQLESPRESS/MSSQL/Backup.
After looking at the backup files, I quickly discovered that I was out of luck with those files. This was another dead end in my search to fix my issue.
That was until I found the DATA folder in the MSSQL folder. This folder has several files, one of which was named something like AlarmLock.5.4.2..._data.mdf. The file type shows “SQL Server Database Primary Data File” and I figured this had to be it. Now I had to figure out how to open the file.
What is an .MDF file, and how do I open it?
After some searching on the web, I learned that .MDF is a file extension that stands for Master Data File. I then searched for “how to open .MDF files” and came across a few YouTube videos describing the process.
From these videos, it was apparent that I would need to download and install SQL Server Management Studio (SSMS) from Microsoft in order to open the MDF file.
Using the steps in the videos, I opened the AlarmLock.5.4...._data.mdf file and started to look at the tables in the database. That’s when I spotted it, dbo.User.
I tried not to get my hopes up when I saw this file because I totally expected that this would contain a hashed version of the password. I ran a simple query command on the table by right-clicking on the table and took a look at the result.
There it is, stored in plain text
To my surprise, the password for the user account was stored right there in plain text. When I compared it to what was stored in my password manager, I noticed that it didn’t contain any of the special characters I used.
It appears as though you can type special characters when setting a password, but it does not store those special characters in the database. That, or it only accepts a certain number of characters for a password and truncates the password.
After finding the password, I quickly launched the DL-Windows software and typed the password that was stored in the database. Unsurprisingly, it worked just fine. I reset the password, updated it in the password manager, and then tested it probably four times just to make sure.
Conclusion
The Alarm Lock software, DL-Windows 5.4.2 uses Microsoft SQL Server to store configurations and user accounts in tables. If you forget your password, or like my case, your password isn’t what you saved, you can retrieve it from the .MDF file stored on your computer.
In order to open the .MDF file, you’ll need to download and install Microsoft SQL Server Management Studio. From there, you can open the dbo.User table and retrieve your password that is stored in plain text.
Although I was able to retrieve my password, and I’m back in business again, I feel like it’s very unsecure that passwords are stored in plain text and not stored using the hash of the password.
Your mileage may vary if you’re using a different version of the software, but this was my case with DL-Windows version 5.4.2.
