Hi,
I need some expert advice, on how to recover my gmail password from DC on my phone. The phone is not connected to a Google account.
I have been using DC now for more than 3 years and lost all the credentials for the gmail address I was using for nothing else but DC. Now I don’t want to loose the conversations after switching to a new mobile phone.
Thanks in advance
Hello 
,
there are two options:
Transfer the account to DC-Desktop via backup or QR code. In this version it is possible to display the password.
Create a backup and open the SQLite database and search for the password there with a suitable tool like “DB Browser for SQLite” (https://sqlitebrowser.org).
Thank you for the quick answers! I’ll give it a try, and report back.
I chose method #2, did the back-up, got the file dc_database_backup.sqlite, which I opened in DB Browser.
I find strings like “configured_send_pw4/…, configured_mail_pw4/…, mail_pw4/…” followed by a code, that resembles a password, but it is meaningless to me.
Where is the PW stored? Where do I have to look for?
Method #1 would have been easiest. 
Method #2:
Open database with the “DB Browser for SQLite”
Tab “Browse Data”
Select Table “config”
The table has three columns: id, keyname and value.
You can find the password in row #3:
id: 4
keyname: mail_pw
value: your password
Thanks a lot for the details, Raiden!
I found the string now with method #2 and reconfirmed it with method #1. I had already found the mail_pw string with Notepad++ before, but did not recognize it as a PW. As I usually use much shorter PWs, it looked unfamiliar to me.
Strange enough, the string I found is not accepted by Google when I try to login the account via the web interface.
How can I derive my account PW from that string?
This is the app password. Sorry, I completely forgot that Gmail requires to set up a second password for alternative mail apps. Can’t you just use the forgot password feature on the Gmail page to reset your normal password?
Can you no longer access your messages with DC and the app password?
Everything is fine with DC anyways. I imagined, the PW I derived from the back-up would be related to the OAUTH thing.
Originally, I intended to only use this completely anonymous gmail to play with DC. Now after using DC smoothly for years, I thought I’d stay with it and extend the use of the established G account. Unfortunately, in the meantime I lost the piece of paper where I scribbled down the account credentials like PW and recovery eMail long ago… So far little luck with G recovery.
But at least you have all your messages in DC?
This means you can always reload the backup and read the messages, even without direct access to the mailbox. Maybe it’s worth trying to just let gmail send you an email to reset the password. Perhaps it pops up in an account that you have set up in your mail client?
Yes, right, the back-up is fine and can be re-installed any time, as seen trying method 1# : )
If I knew, how I could have G sending a recovery mail to the gmail address I use for DC, that would be brillant!
Anyway, how is the OAUTH PW generated from the G-account PW? Is that reversible?
I don’t know and I’m not sure if DC even supports OAUTH.
To be precise, it might be a an “app password” instead of an OAuth password (token?). See the instruction for setting up a Google account for Delta Chat.
Either way, I’m pretty sure recovering the “master password” from an “app password” or an OAuth password is impossible (at least that’s how I believe it should be).
Now
If none of the above is satisfactory, consider beginning the a migration to a new account, to reduce the pain of the potential loss of the original account.
Thanks for your constructive answers and help!
On one hand I was impressed, how smooth and easy it was to do a back-up and reinstall it to a second device.
On the other hand it really scares me, how easy it is to get hold of your private information without any hurdles. If your phone gets into the wrong hands or you fall victim of a spyware attack, your done…
In that respect, I can no longer consider DC a secure app.
There need to be significant improvements!
If an attacker gets access to your mobile phone, everything is too late anyway, no matter which messenger you use. Even password protection for the app itself offers little additional security in the real world. In addition, backups should only be stored in safe locations.
Maybe, but that should not be taken as an excuse, not to make it most difficult for attackers, than it is now. FBI-, russian chinese, israelian etc hackers, are laughing their heads off about a clear-text DB.
Certainly true, but I want my messenger app to be that safe place, at least as safe as possible.