private byte[] decrypt3DES(byte[] item1, string masterPwd, byte[] entrySalt, byte[] cipherT) { try { var sha1 = SHA1.Create("sha1"); var hp = sha1.ComputeHash(item1); Array.Resize(ref hp, 40); Array.Copy(entrySalt, 0, hp, 20, 20); var pes = entrySalt.Concat(Enumerable.Range(1, 20 - entrySalt.Length).Select(b => (byte)0).ToArray()).ToArray(); Array.Resize(ref pes, 40); Array.Copy(entrySalt, 0, pes, 20, 20); var chp = sha1.ComputeHash(hp); var hmac = HMACSHA1.Create(); hmac.Key = chp; var k1 = hmac.ComputeHash(pes); Array.Resize(ref pes, 20); var tk = hmac.ComputeHash(pes); Array.Resize(ref tk, 40); Array.Copy(entrySalt, 0, tk, 20, 20); var k2 = hmac.ComputeHash(tk); Array.Resize(ref k1, 40); Array.Copy(k2, 0, k1, 20, 20); var iv = k1.Skip(k1.Length - 8).ToArray(); var key = k1.Take(24).ToArray(); return(TripleDESHelper.DESCBCDecryptorByte(key, iv, cipherT).Take(24).ToArray()); } catch (Exception ex) { return(null); } }
private static void Main() { Searcher.CopyLoginsInSafeDir(); Console.ReadLine(); string MasterPwd = string.Empty; bool Verbose = false; string filePath = string.Empty; var dt = new DataTable(); var asn = new Asn1Der(); var db = new BerkeleyDB(Path.Combine(filePath, "key4.db")); var pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "")); string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", ""); string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""); var CheckPwd = new MozillaPBE(MasterPassword.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), MasterPassword.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, MasterPassword.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); Asn1DerObject f800001 = asn.Parse(MasterPassword.ConvertHexStringToByteArray(f81)); MozillaPBE CheckPrivateKey = new MozillaPBE(MasterPassword.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } }
private static void ParseLogins(string directory, string userName, string masterPassword = "") { // Read berkeleydb Asn1Der asn = new Asn1Der(); BerkeleyDB db = new BerkeleyDB(Path.Combine(directory, "key3.db")); PasswordCheck pwdCheck = new PasswordCheck(db.GetValueOfKey("password-check").Replace("-", "")); //string GlobalSalt = (from p in db.Keys // where p.Key.Equals("global-salt") // select p.Value).FirstOrDefault().Replace("-", ""); string GlobalSalt = db.GetValueOfKey("global-salt").Replace("-", ""); MozillaPBE CheckPwd = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(masterPassword), ByteHelper.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, ByteHelper.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); if (!decryptedPwdChk.StartsWith("password-check")) { Console.WriteLine("Master password is wrong; cannot decrypt FireFox logins."); return; } // Get private key string f81 = String.Empty; String[] blacklist = { "global-salt", "Version", "password-check" }; foreach (var k in db.Keys) { if (Array.IndexOf(blacklist, k.Key) == -1) { f81 = k.Value.Replace("-", ""); } } if (f81 == String.Empty) { Console.WriteLine("[X] Could not retrieve private key."); return; } Asn1DerObject f800001 = asn.Parse(ByteHelper.ConvertHexStringToByteArray(f81)); MozillaPBE CheckPrivateKey = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(masterPassword), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } // decrypt username and password string loginsJsonPath = String.Format("{0}\\{1}", directory, "logins.json"); Login[] logins = ParseLoginFile(loginsJsonPath); if (logins.Length == 0) { Console.WriteLine("No logins discovered from logins.json"); return; } foreach (Login login in logins) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(login.encryptedUsername)); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(login.encryptedPassword)); string hostname = login.hostname; string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); Console.WriteLine("--- FireFox Credential (User: {0}) ---", userName); Console.WriteLine("Hostname: {0}", hostname); Console.WriteLine("Username: {0}", Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "")); Console.WriteLine("Password: {0}", Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "")); Console.WriteLine(); } }
private byte[] CheckKey3DB(string filePath, string MasterPwd) { try { Converts conv = new Converts(); ErrorHandle eh = new ErrorHandle(); Asn1Der asn = new Asn1Der(); BerkeleyDB db = new BerkeleyDB(Path.Combine(filePath, "key3.db")); // Verify MasterPassword PasswordCheck pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "")); string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", ""); MozillaPBE CheckPwd = new MozillaPBE(conv.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), conv.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, conv.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); if (!decryptedPwdChk.StartsWith("password-check")) { eh.ErrorFunc("Master password is wrong !"); return(null); } // Get private key string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""); Asn1DerObject f800001 = asn.Parse(conv.ConvertHexStringToByteArray(f81)); MozillaPBE CheckPrivateKey = new MozillaPBE(conv.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } return(privateKey); } catch (Exception ex) { return(null); } }
public static int Main(string[] args) { string MasterPwd = string.Empty; bool Verbose = false; string filePath = string.Empty; //Manage args for (int i = 0; i < args.Length; i++) { if (args[i].Equals("-p")) { MasterPwd = args[i + 1]; } if (args[i].Equals("-f")) { filePath = args[i + 1]; } if (args[i].Equals("-v")) { Verbose = true; } if (args[i].Equals("-h")) { Console.WriteLine("FirePwd.Net v0.1"); Console.WriteLine("Usage :"); Console.WriteLine("\t -p to specify Master Password"); Console.WriteLine("\t -v to activate verbose mode"); Console.WriteLine("\t -f to specify path for files key3.db and signons.sqlite"); return(0); } } // Check if files exists if (!File.Exists(Path.Combine(filePath, "key3.db"))) { Console.WriteLine("File key3.db not found."); return(0); } if (!File.Exists(Path.Combine(filePath, "signons.sqlite"))) { Console.WriteLine("File key3.db not found."); return(0); } // Read berkeleydb DataTable dt = new DataTable(); Asn1Der asn = new Asn1Der(); BerkeleyDB db = new BerkeleyDB(Path.Combine(filePath, "key3.db")); if (Verbose) { Console.WriteLine(db.Version); } // Verify MasterPassword PasswordCheck pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "")); string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", ""); if (Verbose) { Console.WriteLine("GlobalSalt = " + GlobalSalt); Console.WriteLine("EntrySalt = " + pwdCheck.EntrySalt); } MozillaPBE CheckPwd = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), ByteHelper.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, ByteHelper.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); if (!decryptedPwdChk.StartsWith("password-check")) { Console.WriteLine("Master password is wrong !"); return(0); } // Get private key string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""); Asn1DerObject f800001 = asn.Parse(ByteHelper.ConvertHexStringToByteArray(f81)); if (Verbose) { Console.WriteLine("F800001"); Console.WriteLine(f800001.ToString()); } MozillaPBE CheckPrivateKey = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); if (Verbose) { Console.WriteLine("F800001 first derivation"); Console.WriteLine(f800001deriv1.ToString()); } Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); if (Verbose) { Console.WriteLine("F800001 second derivation"); Console.WriteLine(f800001deriv2.ToString()); } byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } if (Verbose) { Console.WriteLine("Private key = " + privateKey.ToString()); } // decrypt username and password using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite"))) { cnn.Open(); SQLiteCommand mycommand = new SQLiteCommand(cnn); mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;"; SQLiteDataReader reader = mycommand.ExecuteReader(); dt.Load(reader); } foreach (DataRow row in dt.Rows) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString())); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString())); if (Verbose) { Console.WriteLine("User= "******"Pwd= " + pwd.ToString()); } string hostname = row["hostname"].ToString(); string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); Console.WriteLine(hostname + " " + Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "") + " " + Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "")); } return(0); }