‘Revelation’ reveals masked passwords on iOS

By , Jan 24, 2013

Revelation Screenshot

If you find yourself forgetting a saved password in your favorite browser, whether it be Safari, Chrome, or the like, then Revelation may come to your aid. But what if you forget a saved password in something like your Gmail email account saved within iOS? Revelation can help there, too.

As you can probably tell by now, Revelation is a new jailbreak tweak that allows you to see your otherwise hidden passwords in the clear. Not only will it prevent your passwords from being masked as you type, you can also go back and reveal saved passwords in their unmasked form.

Indeed, it’s certainly a security violation, but if you find yourself up a creek without a way to reset your password, then Revelation may be a good last resort. Take a look at our video walkthrough inside, and decide if its something you might benefit from.

As you can see from our video demo, Revelation unmasks hidden passwords in standard HTML password fields. It has the ability to reveal lost or forgotten passwords, and also showcases your passwords as you type them in native fields.

By far, one of the coolest things about Revelation is the recovery feature. With this, you can recover passwords when the field contains a saved password, a field which is normally masked.

By default Revelation plays nice with both Safari and Chrome, and I’m guessing any other Webkit browser that you like to use. It works with Mail accounts, VPN accounts, and iSSH accounts as well.

Some accounts will not work, unfortunately. These include iCloud accounts, iOS Twitter accounts, and iOS Facebook accounts. While these accounts will display the full password on their initially entry, they won’t display a saved password when going back to visit the entry. Instead, you’ll be greeted with the standard masked password.

Revelation is a very simply jailbreak tweak, so with that in mind, there aren’t a lot of bells and whistles involved here. The developer opted for a simple and straightforward toggle switch located in the Settings app.

To enable Revelation, simply turn the toggle switch to the On position, and restart any of the apps or reload any of the web pages containing the passwords that you’d like to display. Obviously, doing the inverse will cause the feature to be disabled.

Revelation is a nice tweak, but I do wish there were some security measures involved for enabling or disabling it. A simple Passcode on the Settings app preference pane would have been nice, as it’s too easy for anyone to just go in and enable the tweak, exposing all of your passwords.

Although the tweak works well and lives up to its claims, it’s hard for me to recommend something like this with such obvious security consequences. If you have anything that you deem secure, and let’s face it, don’t we all, then you’d be better off using a password management app like 1Password or LastPass. Still, if you’re insistent on viewing your passwords in the clear directly on device, Revelation is one of the most convenient ways to go about doing so.

Revelation can be had for $1.99 on Cydia’s Big Boss repo. What do you think? Does the convenience outweigh the potential security risks? Let me know what you think about it in the comment section below.

  • Share:
  • Follow:
  • Liam Mulcahy

    We need that iOS 6 untethered jailbreak first

    • Jeff

      It’s coming. Patience, grasshopper.

      • Liam Mulcahy

        When do you think it will come

  • Jonathan

    you can do something similar on a desktop browser. If you value your security then dont use autofill, because you use the browser’s Inspector to change the field type from password to text and the password in that field becomes visible.

    • jdshorrock

      In addition to not using autofill, you can unmask a password in pretty much any browser by “inspecting” the webpage and password field, and changing the format of the password field, ie, changing it to text.

      • Jonathan

        yes, thats what I said. autofill needs to be on for a password to in there for you to unmask.

  • FlamingOzone

    Such a disappointment, I was hoping for something more “illegal”

  • Jonathan

    You can do this without any app or tweak, and on a non jailbroken phone, by pasting this into the address bar of any browser: javascript:var e=document.getElementsByTagName(“input”);for(x in e){if(e[x].type==”password”){e[x].type = “text”;}}

    and it will make all the password input fields show the text not dots. So if they’ve been autofilled in or something then you get the password.

    • Guest

      Hi Jonathan, I lost pw of my yahoo email and I cannot recover it as I neither remember aswers to security questions. This happened because I had it stored on my iPhone 3GS (email account, not via safari). Do you think I could use your method, could you explain me better how to do? Thanks in advance.

  • Ben

    Lol, now I know you password! JK.

  • http://twitter.com/idrakemiller Drake Miller

    Now i know your password user test!