Author: Felix Schwarz felix DOT schwarz AT web DOT de With help from: - puky, author of Mail Password Viewer (password encryption) Last update: 24.01.2006 License: Feel free to use the information in this document as you like. =========================================== The format of ACCOUNT.CFG =========================================== The Bat! (www.ritlabs.com) stores all information about a mail account (server names, passwords, authentication methods) in a file named ACCOUNT.CFG. =========================================== ACCOUNT.CFG file format specification =========================================== The ACCOUNT.cfg has a very strict structure: It consists of multiple records which are at least 9 bytes long (but length may go up to 65536 bytes). All numbers are little endian. Each record starts with a four byte long number which can be used as an identifier. Note that this identifier is mostly (but not always) unique. The identifier is followed by another four byte number (option number). Records that vary in length because of user inputs contain another four byte number which specifies how long the payload is (in bytes). After that the record is finished and the next one starts. There seems to be no particular order in which the records appear in the file. Initially they seem to be ordered ascending but some identifiers are missing or not in numerical order. ==================================== Identifiers All options have a length number and payload unless otherwise noted. 01 00 00 00 sender name (0x0a), string 02 00 00 00 email address (0x11), string 03 00 00 00 reply to sender name (0x12), string 04 00 00 00 reply to email address (0x13), string 05 00 00 00 character encoding (e.g. "ISO-8859-15") (0x0f), string 06 00 00 00 keep messages on server for x days (0x04), number 07 00 00 00 attachement dir (0x04 when empty, 0x2d when filled), string OR number! 08 00 00 00 organisation name, string 09 00 00 00 maximum log file size is x kB (0x04), number 0a 00 00 00 smtp server name (0x11), string 0b 00 00 00 pop3 server name (0x11), string 0c 00 00 00 smtp port (0x04), number 0d 00 00 00 pop3 port (0x04), number 0e 00 00 00 04 00 00 00 8f 00 00 00 (number) 0f 00 00 00 pop3 username (0x14), encrypted string 10 00 00 00 pop3 password (0x0c), encrypted string 11 00 00 00 04 00 00 00 00 00 00 00 - identity password? 12 00 00 00 04 00 00 00 00 00 00 00 13 00 00 00 04 00 00 00 00 00 00 00 14 00 00 00 "message body lines to download with header" (0x04) 15 00 00 00 mark message as read after x seconds (0x04) 16 00 00 00 new message template (0x69) 17 00 00 00 reading confirmation template (0x11 0x01) 18 00 00 00 reply template (0xb0) 19 00 00 00 forward message template (0x85 0x01) 1a 00 00 00 memo for account (0x0c) 1b 00 00 00 check mail each x minutes (0x04), interprete as signed, values smaller than 0 denote seconds 1c 00 00 00 load only header if message bigger than x kB (0x04) 1d 00 00 00 08 00 00 00 20 19 40 01 (...) much data! 1e 00 00 00 04 00 00 00 00 00 00 00, number 1f 00 00 00 new mail sound file (0x04 when empty, 0x1c when filled), string 20 00 00 00 01 00 00 00 MM 21 00 00 00 time to play new mail sound (format "00:00-24:00"), string 22 00 00 00 04 00 00 00 96 00 00 00 23 00 00 00 04 00 00 00 28 00 00 00 24 00 00 00 04 00 00 00 00 00 00 00 25 00 00 00 04 00 00 00 00 00 00 00 28 00 00 00 04 00 00 00 00 00 00 00 29 00 00 00 04 00 00 00 00 00 00 00 2b 00 00 00 smtp user name (0x0c) 2d 00 00 00 04 00 00 00 00 00 00 00 2e 00 00 00 04 00 00 00 00 00 00 00 2f 00 00 00 14 00 00 00 10 00 00 00 79 44 7a 7a 7a 6e 73 68 38 57 73 65 42 6d 59 2b (password?) 30 00 00 00 04 00 00 00 0a 00 00 00 31 00 00 00 04 00 00 00 00 00 00 00 32 00 00 00 04 00 00 00 00 00 00 00 33 00 00 00 04 00 00 00 00 00 00 00 34 00 00 00 04 00 00 00 78 00 00 00 35 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 36 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 save message template (0x81 0x01) 39 00 00 00 04 00 00 00 00 00 00 EE 3a 00 00 00 04 00 00 00 00 00 00 00 3b 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 3c 00 00 00 01 00 00 00 01 3d 00 00 00 account name (0x04) 3e 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 04 00 00 00 28 00 00 00 42 00 00 00 04 00 00 00 00 00 00 00 43 00 00 00 01 00 00 00 01 44 00 00 00 "suggest split size x kB" (0x04) 46 00 00 00 04 00 00 00 00 00 00 00 47 00 00 00 04 00 00 00 00 00 00 00 48 00 00 00 04 00 00 00 d1 01 00 00 49 00 00 00 04 00 00 00 e3 03 00 00 4a 00 00 00 04 00 00 00 e1 03 00 00 4b 00 00 00 04 00 00 00 GG 00 00 00 4c 00 00 00 04 00 00 00 FF 00 00 00 4d 00 00 00 04 00 00 00 00 00 00 00 ff ff ff ff last record? (04 00 00 00 00 00 00 00) ==================================== currently unknown records: 10 00 00 00 20 00 00 00 1c 00 00 00 76 7a 7a 7a 7a 6c 2d 66 31 6e 4a 64 4f 4b 55 44 33 2d 59 6e 34 6c 4d 64 35 58 45 2b 42 00 00 00 24 00 00 00 20 00 00 00 looks like a md5 sum 36 36 65 36 33 38 30 64 31 31 33 38 34 32 39 38 |66e6380d11384298| 38 39 65 32 61 35 33 39 65 32 37 62 61 34 66 32 |89e2a539e27ba4f3| ==================================== big undecoded block! AA - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "Prompt before the action" (reading confirmation) Bit 1 used for reading confirmation: see bitfield II below Bit 2 "Ignore 'Check All Accounts' request" Bit 3 ??? Bit 4 "UU Encoding" Bit 5 "send later" Bit 6 "this is a ordinary user" (0 = "this is an administrator account") Bit 7 user privilege: changing account transportation properties BB - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 used for quotation style: see below Bit 1 "combined sending (receiving + sending)" Bit 2 ??? Bit 3 "keep attachements in message bodies" (0 = "keep attachements separately in a special directory") Bit 4 "Delete attached files when a message is deleted from Trash folder" Bit 5 used for quotation style: see below Bit 6 used for quotation style: see below Bit 7 used for quotation style: see below Bit 0, 5, 6, 7 are used to combine another number to set "Sender information used for quotation" 0000 none 1000 initials 0110 first name 0101 last name 1010 first initial 0100 full name CC - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 ??? Bit 1 "IMAP Konto" Bit 2 user privilege: options menu Bit 3 NOT "bind attachements only while sending out mail" Bit 4 "pop before smtp" Bit 5 ??? Bit 6 "use smtp authentification RFC 2554" Bit 7 "use same data as for receiving" DD - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "Sign when completed" Bit 1 "Encrypt when completed" Bit 2 ??? Bit 3 ??? Bit 4 ??? (on per default) Bit 5 "use secure MD-5 authentication" Bit 6 "mark message as read when it is being read for ..." Bit 7 "mark message as read only when it is open in a separate window" EE - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "MD-5 APOP" Bit 1 "CRAM/MD-5" Bit 2 "NTLM authentification" for pop3 Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 ??? Bit 7 ??? FF - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "use STARTTLS" Bit 1 "secure on dedicated port (TLS)" - Port 995 will not be stored! Bit 2 ??? Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 ??? Bit 7 ??? GG - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "use STARTTLS" Bit 1 "secure on dedicated port (TLS)" - Port 465 will not be stored! Bit 2 ??? Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 ??? Bit 7 ??? HH - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "Empty trash folder on exit" Bit 1 "check mailbox at start-up" Bit 2 "delete messages from server" Bit 3 "load only header lines" Bit 4 "periodical checking each ..." Bit 5 "8-bit characters are treated without changes" (0 => "as Base64) Bit 6 "8-bit characters are treated as quoted-printable" Bit 7 "Use MIME standard for forwarding" II - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "invoke mail dispatcher at each mail check" Bit 1 "delete from server after ... days"" Bit 2 "delete from server when expurged from trash" Bit 3 "show all messages left on the server" Bit 4 "receipt request" (for new mail) Bit 5 "reading confirmation" (for new mail) Bit 6 used for reading confirmation: see below Bit 7 used for reading confirmation: see below Bits 6, 7, A1 are used to combine another number to set "Action" (for reading confirmation) 000 Ignore 010 send immediately 100 Put in outbox 001 Edit JJ - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 user privilege: folder management Bit 1 user privilege: file attachements Bit 2 user privilege: sorting office configuration Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 "Allow 8-bit characters in message header" Bit 7 "Confirm immediate sending" KK - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "Do not use FROM name for REPLY-TO address" Bit 1 ??? Bit 2 ??? Bit 3 "Compress all folders on exit" Bit 4 "Allow send/fetch without entering the access password (if any)" Bit 5 ??? Bit 6 "disable OpenPGP" (see KK/6) Bit 7 "disable S/MIME" (see LL/7) LL - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 ??? Bit 1 ??? Bit 2 ??? Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 "disable OpenPGP" (see LL/6) Bit 7 "disable S/MIME" (see LL/7) MM - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "Play sound when new mail arrives" Bit 1 ??? Bit 2 "use reply numbering in the subject line" Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 ??? Bit 7 ??? NN - bitfield Bit 7654 3210 0000 0000 1 = yes, 0 = no Bit 0 "By default, split outbund messages larger than this size" Bit 1 ??? Bit 2 ??? Bit 3 ??? Bit 4 ??? Bit 5 ??? Bit 6 ??? Bit 7 ??? 1d 00 00 00 08 00 00 00 HH/20 BB/19 II/40 AA/01 JJ/80 CC/C8 LL/00 DD/50 45 00 00 00 09 00 00 00 HH/20 BB/19 II/40 AA/01 JJ/80 CC/C8 KK/00 DD/50 NN/00 26 00 00 00 09 02 00 00 00 06 00 00 00 1a 00 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 00 00 02 00 64 00 00 00 03 00 96 00 00 00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 04 00 00 00 96 00 00 00 04 00 1a 00 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 00 00 02 00 50 00 00 00 06 00 28 00 00 00 0a 00 28 00 00 00 0b 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 04 00 00 00 96 00 00 00 04 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 1a 00 00 00 01 00 64 00 00 00 02 00 64 00 00 00 03 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 02 00 00 00 64 00 00 00 02 00 1a 00 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 00 00 03 00 96 00 00 00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 03 00 00 00 64 00 00 00 03 00 1a 00 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 00 00 02 00 96 00 00 00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 27 00 00 00 09 02 00 00 00 06 00 00 00 1a 00 00 00 01 00 18 00 |................| 00000940 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 |................| 00000950 64 00 00 00 02 00 64 00 00 00 03 00 96 00 00 00 |d.....d.........| 00000960 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000990 00 00 00 00 00 00 00 00 0a 00 00 00 04 00 00 00 |................| 000009a0 96 00 00 00 04 00 1a 00 00 00 01 00 18 00 00 00 |................| 000009b0 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 |..............d.| 000009c0 00 00 02 00 50 00 00 00 06 00 28 00 00 00 0a 00 |....P.....(.....| 000009d0 28 00 00 00 0b 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000009f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000a00 0b 00 00 00 04 00 00 00 96 00 00 00 04 00 18 00 |................| 00000a10 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 |................| 00000a20 1a 00 00 00 01 00 64 00 00 00 02 00 64 00 00 00 |......d.....d...| 00000a30 03 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000a50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000a60 00 00 00 00 00 00 00 00 0a 00 00 00 02 00 00 00 |................| 00000a70 64 00 00 00 02 00 1a 00 00 00 01 00 18 00 00 00 |d...............| 00000a80 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 |..............d.| 00000a90 00 00 03 00 96 00 00 00 04 00 50 00 00 00 06 00 |..........P.....| 00000aa0 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 |P.....F.........| 00000ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000ad0 0a 00 00 00 03 00 00 00 64 00 00 00 03 00 1a 00 |........d.......| 00000ae0 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 |................| 00000af0 18 00 00 00 0e 00 64 00 00 00 02 00 96 00 00 00 |......d.........| 00000b00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 |..P.....P.....F.| 00000b10 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000b20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000b30 00 00 00 00 00 00 00 00 0a 00 00 00 37 00 00 00 |............7...| 00000b40 09 02 00 00 00 06 00 00 00 1a 00 00 00 01 00 18 |................| 00000b50 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e |................| 00000b60 00 64 00 00 00 02 00 64 00 00 00 03 00 96 00 00 |.d.....d........| 00000b70 00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000b90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000ba0 00 00 00 00 00 00 00 00 00 0a 00 00 00 04 00 00 |................| 00000bb0 00 96 00 00 00 04 00 1a 00 00 00 01 00 18 00 00 |................| 00000bc0 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 |...............d| 00000bd0 00 00 00 02 00 50 00 00 00 06 00 28 00 00 00 0a |.....P.....(....| 00000be0 00 28 00 00 00 0b 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 04 00 00 00 96 00 00 00 04 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 1a 00 00 00 01 00 64 00 00 00 02 00 64 00 00 00 03 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 02 00 00 00 64 00 00 00 02 00 1a 00 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 00 00 03 00 96 00 00 00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 03 00 00 00 64 00 00 00 03 00 1a 00 00 00 01 00 18 00 00 00 07 00 18 00 00 00 08 00 18 00 00 00 0e 00 64 00 00 00 02 00 96 00 00 00 04 00 50 00 00 00 06 00 50 00 00 00 05 00 46 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 ==================================== Revisions: ==================================== 24.01.2006 Felix Schwarz - added some more information (new mail sound, account memo, user privileges) 14.01.2006 Felix Schwarz - initial writing