Пример #1
31
JNIEXPORT jbyteArray JNICALL Java_org_eclipse_equinox_internal_security_win32_WinCrypto_windecrypt
  (JNIEnv *env, jobject obj, jbyteArray value)
{
	jsize size = env->GetArrayLength(value);
	jbyte *body = env->GetByteArrayElements(value, NULL);
	if (body == NULL)
		return NULL;

	DATA_BLOB clearText;
	DATA_BLOB encryptedText;
	encryptedText.pbData = (BYTE*) body;
	encryptedText.cbData = (DWORD) size;

	LPWSTR pDescrOut =  NULL;
	BOOL result = CryptUnprotectData(&encryptedText, &pDescrOut, NULL, NULL, NULL, 0, &clearText);

	if (pDescrOut != NULL)
		LocalFree(pDescrOut);

    // release memory allocated by Java environment
	env->ReleaseByteArrayElements(value, body, 0);

	if (result == FALSE)
		return NULL;

    jbyteArray returnArray = env->NewByteArray(clearText.cbData);
	env->SetByteArrayRegion(returnArray, 0, clearText.cbData, (jbyte*) clearText.pbData);
	LocalFree(clearText.pbData); // no need any more, have Java representation

	return returnArray;
}
Пример #2
29
std::unique_ptr<wchar_t[]> CStringUtils::Decrypt(const wchar_t * text)
{
    DWORD dwLen = 0;
    if (CryptStringToBinaryW(text, (DWORD)wcslen(text), CRYPT_STRING_HEX, NULL, &dwLen, NULL, NULL) == FALSE)
        return NULL;

    std::unique_ptr<BYTE[]> strIn(new BYTE[dwLen + 1]);
    if (CryptStringToBinaryW(text, (DWORD)wcslen(text), CRYPT_STRING_HEX, strIn.get(), &dwLen, NULL, NULL) == FALSE)
        return NULL;

    DATA_BLOB blobin;
    blobin.cbData = dwLen;
    blobin.pbData = strIn.get();
    LPWSTR descr = nullptr;
    DATA_BLOB blobout = { 0 };
    if (CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &blobout) == FALSE)
        return NULL;
    SecureZeroMemory(blobin.pbData, blobin.cbData);

    std::unique_ptr<wchar_t[]> result(new wchar_t[(blobout.cbData) / sizeof(wchar_t) + 1]);
    wcsncpy_s(result.get(), (blobout.cbData) / sizeof(wchar_t) + 1, (const wchar_t*)blobout.pbData, blobout.cbData / sizeof(wchar_t));
    SecureZeroMemory(blobout.pbData, blobout.cbData);
    LocalFree(blobout.pbData);
    LocalFree(descr);
    return result;
}
Пример #3
13
//------------------------------------------------------------------------------
int callback_sqlite_chrome(void *datas, int argc, char **argv, char **azColName)
{
  FORMAT_CALBAK_READ_INFO *type = datas;
  char tmp[MAX_PATH]="";
  char date[DATE_SIZE_MAX]="";
  unsigned int i,size=0;

  if (type->type <= nb_sql_CHROME)
  {
    //special case of password !!!
    if(sql_CHROME[type->type].test_string_id == SPECIAL_CASE_CHROME_PASSWORD)
    {
      char password[MAX_PATH]="", raw_password[MAX_PATH]="";

      //decrypt datas password !!!
      CRYPT_INTEGER_BLOB data_in, data_out;
      data_in.cbData = strlen(argv[3]);
      data_in.pbData = (BYTE*)argv[3];

      snprintf(tmp,MAX_PATH,"%s, %s",argv[1],argv[2]);
      snprintf(raw_password,MAX_PATH,"%s",argv[3]);

      if (CryptUnprotectData(&data_out,NULL,NULL,NULL,NULL,0,&data_in))
      {
        snprintf(password,MAX_PATH,"%s",data_out.pbData);
        LocalFree(data_out.pbData);
      }
      convertStringToSQL(tmp, MAX_PATH);
      convertStringToSQL(password, MAX_PATH);
      convertStringToSQL(raw_password, MAX_PATH);
      addPasswordtoDB(tmp_file_chrome,tmp,password,raw_password,SPECIAL_CASE_CHROME_PASSWORD,current_session_id,db_scan);
    }else
    {
      //copy datas
      for (i=0;i<argc && MAX_PATH-size > 0 && start_scan;i++)
      {
        if (argv[i] == NULL)continue;

        //date or not ?
        if (strlen(argv[i]) == DATE_SIZE_MAX-1)
        {
          if (argv[i][4] == '/' && argv[i][13] == ':')
          {
            if (strcmp("1970/01/01 01:00:00",argv[i])!=0 && strcmp("1601/01/01 01:00:00",argv[i])!=0)strncpy(date,argv[i],DATE_SIZE_MAX);
            continue;
          }
        }
        if (i>0)snprintf(tmp+size,MAX_PATH-size,", %s",convertUTF8toUTF16(argv[i], strlen(argv[i])+1));
        else snprintf(tmp+size,MAX_PATH-size,"%s",convertUTF8toUTF16(argv[i], strlen(argv[i])+1));
        size = strlen(tmp);
      }
      //get datas and write it
      convertStringToSQL(tmp, MAX_PATH);
      addChrometoDB(tmp_file_chrome,sql_CHROME[type->type].params,tmp,date,sql_CHROME[type->type].test_string_id,current_session_id,db_scan);
    }
  }
  return 0;
}
Пример #4
1
char* ProtectedStorage::DecryptData(int nDataLen, BYTE* pData)
{
    DATA_BLOB DataOut;
    DATA_BLOB DataIn;
    char* pReturn = NULL;

    // Set up the input data structure
    DataIn.cbData = nDataLen;
    DataIn.pbData = (BYTE*)malloc(nDataLen);
    memcpy(DataIn.pbData, pData, nDataLen);

    if (CryptUnprotectData(&DataIn,	NULL, NULL, NULL, NULL, 0, &DataOut))
    {
        pReturn = (char*)malloc(DataOut.cbData + 1);
        memset(pReturn, 0, DataOut.cbData + 1);
        _snprintf_s(pReturn, DataOut.cbData, sizeof(DataOut.pbData), "%S", DataOut.pbData);

        //memcpy(pReturn, DataOut.pbData, DataOut.cbData);
        //pReturn[DataOut.cbData + 1] = 0;

        free(DataIn.pbData);
        return pReturn;
    }
    else
    {
        free(DataIn.pbData);
        return NULL;
    }
}
Пример #5
0
void BranchInfo::decodeCDKey(gcString cdkey)
{
	m_szCDKey = "";

	if (cdkey.size() == 0)
		return;
	
#ifdef WIN32
	size_t outLen = 0;
	char* raw = (char*)UTIL::STRING::base64_decode(cdkey, outLen);

	std::string reg = UTIL::OS::getConfigValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid", true);
	gcString key("{0}_{1}", reg, m_ItemId.toInt64());

	DATA_BLOB db;

	db.pbData = (BYTE*)raw;
	db.cbData = outLen;

	DATA_BLOB secret;
	secret.pbData = (BYTE*)key.c_str();
	secret.cbData = key.size();

	DATA_BLOB out;

	if (CryptUnprotectData(&db, NULL, &secret, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &out))
		m_szCDKey.assign((char*)out.pbData, out.cbData);

	safe_delete(raw);
#else // TODO
	m_szCDKey = cdkey;
#endif
}
Пример #6
0
//FIXME resource leak plug.
char *pw_get(const char *filename)
{
	int i;
	char *retval;
	WCHAR *str;
	BOOL ok;
	DWORD len;
	BYTE buffer[BUFFSIZE];
	DATA_BLOB blob;
	DATA_BLOB blob_out;
	DATA_BLOB entropy;
	HANDLE handle;
	entropy.pbData = (void*)"a*5%K!M0jn,(vJ19Kz/.nf9031";
	entropy.cbData = wcslen(((WCHAR*)entropy.pbData));
	handle = CreateFileA(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
	if(handle == INVALID_HANDLE_VALUE)
	{
		fprintf(stderr, "Failed to open password file. %lu\n", GetLastError());
		return NULL;
	}
	ok = ReadFile(handle, buffer, BUFFSIZE, &len, NULL);
	if(!ok)
	{
		fprintf(stderr, "Failed to read password file. %lu\n", GetLastError());
		return NULL;
	}
/*	fprintf(stderr, "Read %lu bytes.\n", len);*/
	blob.cbData = len;
	blob.pbData = (void*)buffer;
	ok = CryptUnprotectData(&blob, NULL, &entropy, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &blob_out);
	if(!ok)
	{
		fprintf(stderr, "Failed to unprotect data. %lu\n", GetLastError());
		return NULL;
	}
/*	fprintf(stderr, "Decrypted %lu bytes.\n", blob_out.cbData);*/
	retval = malloc(blob_out.cbData / sizeof(WCHAR) + 1);
	if(!retval)
	{
		fprintf(stderr, "Failed to malloc.\n");
		return NULL;
	}
	str = (WCHAR*)(blob_out.pbData);
	for(i = 0; i < blob_out.cbData / sizeof(WCHAR); i++)
	{
		retval[i] = (char)(str[i]);
	}
	retval[blob_out.cbData / sizeof(WCHAR)] = '\0';
	return retval;
}
Пример #7
0
QByteArray WindowsPlatform::decrypt(QByteArray data, QByteArray key)
{
    DATA_BLOB dataIn;
    DATA_BLOB dataOut;
    DATA_BLOB entropy;

    dataIn.pbData = (BYTE *)data.constData();
    dataIn.cbData = data.size();
    entropy.pbData = (BYTE *)key.constData();
    entropy.cbData = key.size();

    if (!CryptUnprotectData(&dataIn, NULL, &entropy, NULL, NULL, 0, &dataOut))
        return data;

    QByteArray result((const char *)dataOut.pbData, dataOut.cbData);
    LocalFree(dataOut.pbData);
    return result;
}
Пример #8
0
QString UnprotectPassword(const QString & s)
{
    if (s.isEmpty()) {
        return QString();
    }
    QByteArray ba64 = QByteArray::fromStdString(s.toStdString());
    QByteArray ba = QByteArray::fromBase64(ba64);    
    DATA_BLOB db;
    db.cbData = static_cast<DWORD>(ba.size());
    db.pbData = (BYTE*)(ba.data());
    DATA_BLOB rdb;
    if (!CryptUnprotectData(&db, nullptr, nullptr, nullptr, nullptr, 0, &rdb)) {
        throw adbook::HrError(HRESULT_FROM_WIN32(GetLastError()),
            L"CryptUnprotectData() failed.", __FUNCTIONW__
        );
    }    
    QString ret = QString::fromWCharArray((const wchar_t*)rdb.pbData, rdb.cbData/sizeof(wchar_t));
    LocalFree(rdb.pbData);
    return ret;
}
Пример #9
0
const svn_string_t * SVNAuthData::decrypt_data(const svn_string_t *crypted, apr_pool_t *pool)
{
    crypted = svn_base64_decode_string(crypted, pool);

    DATA_BLOB blobin;
    DATA_BLOB blobout;
    LPWSTR descr;
    const svn_string_t * orig = NULL;

    blobin.cbData = (DWORD)crypted->len;
    blobin.pbData = (BYTE *)crypted->data;
    if (CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &blobout))
    {
        if (0 == lstrcmpW(descr, description))
            orig = svn_string_ncreate((const char *)blobout.pbData, blobout.cbData, pool);
        LocalFree(blobout.pbData);
        LocalFree(descr);
    }
    return orig;
}
Пример #10
0
LPSTR CrackChrome(PBYTE pass) {

	DATA_BLOB data_in, data_out;
	DWORD dwBlobSize;

	CHAR *decrypted;

	data_out.pbData = 0;
	data_out.cbData = 0;
	data_in.pbData = pass;

	for (dwBlobSize = 128; dwBlobSize <= 2048; dwBlobSize += 16)
	{
		data_in.cbData = dwBlobSize;
		if (CryptUnprotectData(&data_in, NULL, NULL, NULL, NULL, 0, &data_out))
			break;
	}

	if (dwBlobSize >= 2048)
		return NULL;

	LPSTR strClearData = (LPSTR)talloc((data_out.cbData + 1)*sizeof(char));
	if (!strClearData)
	{
		LocalFree(data_out.pbData);
		printf("chrome crack failed\n");
		return NULL;
	}

	//FIXFIXFIXFIX

	decrypted = (LPSTR)talloc((data_out.cbData + 1)*sizeof(char));
	memset(decrypted, 0, data_out.cbData);
	memcpy(decrypted, data_out.pbData, data_out.cbData);

	sprintf_s(strClearData, data_out.cbData + 1, "%s", decrypted);

	LocalFree(data_out.pbData);
	tfree(decrypted);
	return strClearData;
}
Пример #11
0
BOOL SavedPasswords::RetrievePassword(LPCWSTR path, LPWSTR password_buf, DWORD password_buf_len)
{
	wstring hash;

	if (!GetPathHash(path, hash))
		return FALSE;

	BYTE *p = NULL;
	UINT len = 0;
	if (!theApp.GetProfileBinary(SAVED_PASSWORDS_SECTION, hash.c_str(), &p, &len))
		return FALSE;

	DATA_BLOB pw_blob;
	DATA_BLOB enc_pw_blob;

	DATA_BLOB optional_entropy;
	const char *entropy = OPTIONAL_ENTROPY;
	optional_entropy.cbData = (DWORD)strlen(entropy);
	optional_entropy.pbData = (BYTE*)entropy;

	enc_pw_blob.cbData = len;
	enc_pw_blob.pbData = p;

	BOOL bResult = CryptUnprotectData(&enc_pw_blob, NULL, &optional_entropy, NULL, NULL, 0, &pw_blob);

	if (!bResult) {
		delete[] p;
		return FALSE;
	}

	wcscpy_s(password_buf, password_buf_len, (WCHAR*)pw_blob.pbData);

	SecureZeroMemory(pw_blob.pbData, pw_blob.cbData);

	LocalFree(pw_blob.pbData);

	delete[] p;

	return TRUE;
}
Пример #12
0
char* CryptPassword(const char* str, int inSize, void** out, int* outSize, int encrypt) {
	DATA_BLOB input, output;
	input.cbData = (DWORD)inSize + 1;
	input.pbData = (BYTE*)str;

	BOOL ok;
	if (encrypt) {
		ok = CryptProtectData(&input, NULL, NULL, NULL, NULL, 0, &output);
		if (!ok) {
			return geterror("CryptProtectData");
		}
	} else {
		ok = CryptUnprotectData(&input, NULL, NULL, NULL, NULL, 0, &output);
		if (!ok) {
			return geterror("CryptUnprotectData");
		}
	}

	*out = output.pbData;
	*outSize = output.cbData;

	return NULL;
}
Пример #13
0
static QString decrypt( const QByteArray& value )
{
    if ( value.isEmpty() )
        return QString();

#if defined( HAVE_WINCRYPT )
    DATA_BLOB input;
    input.pbData = (BYTE*)value.data();
    input.cbData = value.length();

    DATA_BLOB output;

    if ( !CryptUnprotectData( &input, NULL, NULL, NULL, NULL, 0, &output ) )
        return QString();

    QByteArray data( (char*)output.pbData, output.cbData );

    LocalFree( output.pbData );
#else
    QByteArray data = obscure( value );
#endif

    return QString::fromUtf8( data );
}
Пример #14
0
BOOL SearchCredentials(const char *lpszSearchTerm, char *lpszUser, char *lpszPsw)
{
	WORD awEntropy[38];
	WORD *v6 = awEntropy;
	
	WORD *k = awEntropy;
	for (int i = 0; i < 37; i++, k++)
		*v6 = sc_szEntropyString[i] * 4;
	
	DATA_BLOB pOptionalEntropy;
	
	pOptionalEntropy.cbData = 37 * sizeof(WORD);
	pOptionalEntropy.pbData = (BYTE*)awEntropy;
	
	DWORD dwCredCount;
	PCREDENTIAL *lpCred;
	if (FALSE == CredEnumerate(NULL, 0, &dwCredCount, &lpCred))
		return FALSE;
	
	DWORD j = 0;
	
	if (dwCredCount <= 0)
		return FALSE;
	
	CHAR szPsw[1024];
	CHAR szUser[1024];
	while (1)
	{
		if (CRED_TYPE_GENERIC == lpCred[j]->Type)
		{
			if (!_strnicmp(lpCred[j]->TargetName, "Microsoft_WinInet_", strlen("Microsoft_WinInet_")))
			{
				DATA_BLOB pDataIn;
				DATA_BLOB pDataOut;
				
				pDataIn.pbData = lpCred[j]->CredentialBlob;
				pDataIn.cbData = lpCred[j]->CredentialBlobSize;
				
				if (TRUE == CryptUnprotectData(&pDataIn, NULL, &pOptionalEntropy, NULL, NULL, 0, &pDataOut))
				{
					CHAR szCryptCred[1024];
					sprintf(szCryptCred, "%S", pDataOut.pbData);
					
					char *lpPsw = strchr(szCryptCred, ':');
					*lpPsw = 0;
					
					strcpy(szUser, szCryptCred);
					strcpy(szPsw, lpPsw + 1);
					
					if (strstr(lpCred[j]->TargetName, lpszSearchTerm))
						break;
				}
			}
		}
		
		if (++j >= dwCredCount)
			return FALSE;
	}
	
	strcpy(lpszUser, szUser);
	strcpy(lpszPsw, szPsw);
	
	return TRUE;
}
Пример #15
0
// static
bool OTKeyring::Windows_RetrieveSecret(const OTString& strUser,
                                       OTPassword& thePassword,
                                       const std::string& str_display)
{
    OT_ASSERT(strUser.Exists());

    OTString strFoldername("win32_data"); // todo hardcoding.
    OTASCIIArmor ascFileContents;
    bool bLoaded = (strFoldername.Exists() &&
                    ascFileContents.LoadFromFile(strFoldername, strUser) &&
                    ascFileContents.Exists());
    if (!bLoaded) {
        otWarn << "%s: No cached ciphertext of master key loaded during "
                  "attempted retrieval. "
                  "(However, once one is available, it WILL be cached using "
                  "DPAPI.) \n";
        return false;
    }
    // Below this point, we know for sure the ciphertext of the master
    // key loaded, and exists.
    //
    const OTData theCipherblob(ascFileContents);
    //
    if (theCipherblob.IsEmpty()) {
        otErr << __FUNCTION__ << ": Error: OTData is empty after decoding "
                                 "OTASCIIArmor (that wasn't empty.)\n";
    }
    else {
        DATA_BLOB input;
        input.pbData = const_cast<BYTE*>(
            reinterpret_cast<const BYTE*>(theCipherblob.GetPayloadPointer()));
        input.cbData = static_cast<DWORD>(theCipherblob.GetSize());

        //      CRYPTPROTECT_PROMPTSTRUCT PromptStruct;
        //      ZeroMemory(&PromptStruct, sizeof(PromptStruct));
        //      PromptStruct.cbSize = sizeof(PromptStruct);
        //      PromptStruct.dwPromptFlags = CRYPTPROTECT_PROMPT_ON_PROTECT;
        //      PromptStruct.szPrompt = L"This is a user prompt.";

        //      LPWSTR pDescrOut = nullptr;

        DATA_BLOB output;
        BOOL result = CryptUnprotectData(&input, nullptr, // &pDescrOut
                                         nullptr,         // optional entropy
                                         nullptr,         // reserved
                                         nullptr,         //&PromptStruct
                                         0, &output);
        if (!result) {
            otErr << __FUNCTION__
                  << ": Error: Output of Win32 CryptUnprotectData was empty.\n";
        }
        else {
            thePassword.setMemory(reinterpret_cast<void*>(output.pbData),
                                  static_cast<uint32_t>(output.cbData));
            SecureZeroMemory(output.pbData, output.cbData);
            LocalFree(output.pbData);
            //          LocalFree(pDescrOut);
            return true;
        }
    }

    return false;
}
Пример #16
0
QString Nicookie::chromeDecrypt(const QByteArray &encrypt_data)
{
    QString data;
#ifdef Q_OS_WIN
    DATA_BLOB encrypt_data_blob;
    encrypt_data_blob.pbData = (BYTE*)(encrypt_data.data());
    encrypt_data_blob.cbData = static_cast<DWORD>(encrypt_data.size());
    DATA_BLOB plain_data_blob;
    BOOL result = CryptUnprotectData(&encrypt_data_blob,
                                     NULL, NULL, NULL, NULL, 0,
                                     &plain_data_blob);
    if (!result) {
        setError(Nicookie::FailedDecrytError);
        return QString();
    }
    data = (QByteArray((char *)(plain_data_blob.pbData),
                       plain_data_blob.cbData));
    LocalFree(plain_data_blob.pbData);
#else // O_QS_WIN

#ifdef Q_OS_OSX
    // https://developer.apple.com/library/mac/documentation/Security/Reference/keychainservices/index.html#//apple_ref/c/func/SecKeychainFindGenericPassword
    UInt32 password_size = 0;
    void *password = NULL;
    OSStatus os_status;
    os_status = SecKeychainFindGenericPassword(NULL,
                                               19, "Chrome Safe Storage",
                                               6, "Chrome",
                                               &password_size, &password,
                                               NULL);
    if (password_size == 0) {
        setError(Nicookie::FailedDecrytError);
        SecKeychainItemFreeContent(NULL, password);
        return data;
    }
#else // Q_OS_OSX
    int password_size = 7;
    void *password = (void *)"peanuts";
#endif // Q_OS_OSX

    const int enc_key_size = 16;
    unsigned char enc_key[enc_key_size];

#ifdef Q_OS_OSX
    int iterations = 1003;
#else // Q_OS_OSX
    int iterations = 1;
#endif // Q_OS_OSX

    const char *salt = "saltysalt";
    int pbkdf2_r = PKCS5_PBKDF2_HMAC_SHA1((char *)password, password_size,
                                          (unsigned char *)salt, strlen(salt),
                                          iterations,
                                          enc_key_size, enc_key);
    if (!pbkdf2_r) {
        setError(Nicookie::FailedDecrytError);
#ifdef Q_OS_OSX
        SecKeychainItemFreeContent(NULL, password);
#endif // Q_OS_OSX
        return data;
    }

    const int iv_size = 16;
    unsigned char iv[iv_size];
    for (int i = 0; i < iv_size; i++) iv[i] = ' ';

    // alwayes enc size >= dec size
    int plain_value_size = encrypt_data.size();
    char *plain_value = (char *)malloc(plain_value_size);
    if (plain_value == NULL) {
        setError(Nicookie::FailedDecrytError);
#ifdef Q_OS_OSX
        SecKeychainItemFreeContent(NULL, password);
#endif // Q_OS_OSX
        return data;
    }

    int result = 1;
    EVP_CIPHER_CTX ctx;
    EVP_CIPHER_CTX_init(&ctx);

    result = EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, enc_key, iv);
    if (!result) {
        setError(Nicookie::FailedDecrytError);
        EVP_CIPHER_CTX_cleanup(&ctx);
        free(plain_value);
#ifdef Q_OS_OSX
        SecKeychainItemFreeContent(NULL, password);
#endif // Q_OS_OSX
        return data;
    }

    result = EVP_DecryptUpdate(&ctx,
                               (unsigned char *)plain_value,
                               &plain_value_size,
                               (unsigned char *)(encrypt_data.data() + 3),
                               encrypt_data.size() - 3);
    if (!result) {
        setError(Nicookie::FailedDecrytError);
        EVP_CIPHER_CTX_cleanup(&ctx);
        free(plain_value);
#ifdef Q_OS_OSX
        SecKeychainItemFreeContent(NULL, password);
#endif // Q_OS_OSX
        return data;
    }

    int fin_size = 0;
    result = EVP_DecryptFinal_ex(&ctx,
                                 (unsigned char *)(plain_value +
                                                   plain_value_size),
                                 &fin_size);
    if (!result) {
        setError(Nicookie::FailedDecrytError);
        EVP_CIPHER_CTX_cleanup(&ctx);
        free(plain_value);
#ifdef Q_OS_OSX
        SecKeychainItemFreeContent(NULL, password);
#endif // Q_OS_OSX
        return data;
    }

    EVP_CIPHER_CTX_cleanup(&ctx);

    plain_value[plain_value_size + fin_size] = '\0';
    data = plain_value;

    free(plain_value);
#ifdef Q_OS_OSX
        SecKeychainItemFreeContent(NULL, password);
#endif // Q_OS_OSX
#endif // O_QS_WIN
    return data;
}
Пример #17
0
NTSTATUS kuhl_m_dpapi_unprotect(int argc, wchar_t * argv[])
{
	DATA_BLOB dataIn, dataOut, dataEntropy = {0, NULL};
	PKULL_M_DPAPI_BLOB blob;
	PCWSTR szEntropy, outfile, infile, szMasterkey, szPassword = NULL;
	PWSTR description = NULL;
	CRYPTPROTECT_PROMPTSTRUCT promptStructure = {sizeof(CRYPTPROTECT_PROMPTSTRUCT), CRYPTPROTECT_PROMPT_ON_PROTECT | CRYPTPROTECT_PROMPT_ON_UNPROTECT | CRYPTPROTECT_PROMPT_STRONG, NULL, MIMIKATZ}, *pPrompt;
	DWORD flags = 0;
	UNICODE_STRING uString;

	BOOL statusDecrypt = FALSE;
	PBYTE masterkey = NULL;
	DWORD masterkeyLen = 0;

	if(kull_m_string_args_byName(argc, argv, L"entropy", &szEntropy, NULL))
		kull_m_string_stringToHexBuffer(szEntropy, &dataEntropy.pbData, &dataEntropy.cbData);
	if(kull_m_string_args_byName(argc, argv, L"machine", NULL, NULL))
		flags |= CRYPTPROTECT_LOCAL_MACHINE;
	pPrompt = kull_m_string_args_byName(argc, argv, L"prompt", NULL, NULL) ? &promptStructure : NULL;
	if(kull_m_string_args_byName(argc, argv, L"masterkey", &szMasterkey, NULL))
		kull_m_string_stringToHexBuffer(szMasterkey, &masterkey, &masterkeyLen);
	kull_m_string_args_byName(argc, argv, L"password", &szPassword, NULL);

	kprintf(L"\nflags       : "); kull_m_dpapi_displayProtectionFlags(flags); kprintf(L"\n");
	kprintf(L"prompt flags: "); if(pPrompt) kull_m_dpapi_displayPromptFlags(pPrompt->dwPromptFlags); kprintf(L"\n");
	kprintf(L"entropy     : "); kull_m_string_wprintf_hex(dataEntropy.pbData, dataEntropy.cbData, 0); kprintf(L"\n");
	kprintf(L"masterkey   : "); kull_m_string_wprintf_hex(masterkey, masterkeyLen, 0); kprintf(L"\n");
	kprintf(L"password    : %s\n\n", szPassword ? szPassword : L"");

	if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL))
	{
		if(kull_m_file_readData(infile, &dataIn.pbData, &dataIn.cbData))
		{
			if(blob = kull_m_dpapi_blob_create(dataIn.pbData))
			{
				kull_m_dpapi_blob_descr(blob);

				if(masterkey && masterkeyLen)
					statusDecrypt = kull_m_dpapi_unprotect_blob(blob, masterkey, masterkeyLen, dataEntropy.pbData, dataEntropy.cbData, szPassword, (LPVOID *) &dataOut.pbData, &dataOut.cbData);
				else
					statusDecrypt = CryptUnprotectData(&dataIn, &description, &dataEntropy, NULL, pPrompt, 0, &dataOut);

				if(statusDecrypt)
				{
					if(description)
					{
						kprintf(L"description : %s\n", description);
						LocalFree(description);
					}

					if(kull_m_string_args_byName(argc, argv, L"out", &outfile, NULL))
					{
						if(kull_m_file_writeData(outfile, dataOut.pbData, dataOut.cbData))
							kprintf(L"Write to file \'%s\' is OK\n", outfile);
					}
					else
					{
						uString.Length = uString.MaximumLength = (USHORT) dataOut.cbData;
						uString.Buffer = (PWSTR) dataOut.pbData;
						kprintf(L"data - ");
						if((uString.Length <= USHRT_MAX) && (kull_m_string_suspectUnicodeString(&uString)))
							kprintf(L"text : %s", dataOut.pbData);
						else
						{
							kprintf(L"hex  : ");
							kull_m_string_wprintf_hex(dataOut.pbData, dataOut.cbData, 1 | (16 << 16));
						}
						kprintf(L"\n");
					}
					LocalFree(dataOut.pbData);
				}
				else if(!masterkey) PRINT_ERROR_AUTO(L"CryptUnprotectData");

				kull_m_dpapi_blob_delete(blob);
			}
			LocalFree(dataIn.pbData);
		}
	}

	if(dataEntropy.pbData)
		LocalFree(dataEntropy.pbData);

	if(masterkey)
		LocalFree(masterkey);

	return STATUS_SUCCESS;
}
Пример #18
0
void ExportPasswords(HWND hwndParent, int string_size, char* variables, stack_t** stacktop, extra_parameters* extra) {
  EXDLL_INIT();

  char* source = new char[string_size];
  if (popstring(source)) {
	  MessageBoxA(hwndParent, "Missing parameter.", "ChromePasswords", MB_ICONERROR);
    pushstring("");
	  return;
  }

  char* dest = new char[string_size];
  if (popstring(dest)) {
	  MessageBoxA(hwndParent, "Missing parameter.", "ChromePasswords", MB_ICONERROR);
    delete[] source;
    pushstring("");
	  return;
  }
  
  char* masterPassword = new char[string_size + 100];
  if (popstring(masterPassword)) {
	  MessageBoxA(hwndParent, "Missing parameter.", "ChromePasswords", MB_ICONERROR);
    delete[] dest;
    delete[] source;
    pushstring("");
	  return;
  }

  char* endOfPassword;
  if (*masterPassword) {
    endOfPassword = masterPassword + strlen(masterPassword);
    strcpy_s(endOfPassword, 100, "UT^tQpa\"'Dort;huV&nq?-{@`+AYi}5=Hu[9bdqJQau82X1kw1");
  }

  SQLite* webdata;
  try {
    webdata = new SQLite(source, SQLITE_OPEN_READONLY, NULL);
  } catch (int) {
	  MessageBoxA(hwndParent, "Failed to open source database.", "ChromePasswords", MB_ICONERROR);
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
    delete[] dest;
    delete[] source;
	  return;
  }
  delete[] source;
  
  SQLite* portablepasswords;
  try {
    portablepasswords = new SQLite(dest, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, NULL);
  } catch (int) {
	  MessageBoxA(hwndParent, "Failed to open destination database.", "ChromePasswords", MB_ICONERROR);

	  webdata->Close();
	  delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
    delete[] dest;
	  return;
  }
  delete[] dest;

  SQLiteSTMT* statement;
  try {
    statement = portablepasswords->Prepare(
	  "CREATE TABLE IF NOT EXISTS `logins` (`origin_url` VARCHAR NOT NULL, `username_element` VARCHAR, `username_value` VARCHAR, `password_element` VARCHAR, `password_value` BLOB, `submit_element` VARCHAR, `signon_realm` VARCHAR NOT NULL, UNIQUE (`origin_url`, `username_element`, `username_value`, `password_element`, `submit_element`, `signon_realm`))",
	  -1, NULL);
  } catch (int) {
	  MessageBoxA(hwndParent, "Failed to prepare create table statement.", "ChromePasswords", MB_ICONERROR);

	  portablepasswords->Close();
    delete portablepasswords;
	  webdata->Close();
	  delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
	  return;
  }

  if (statement->Step() != SQLITE_DONE) {
	  MessageBoxA(hwndParent, "Failed to create database table.", "ChromePasswords", MB_ICONERROR);
    
	  statement->Close();
    delete statement;
    portablepasswords->Close();
    delete portablepasswords;
    webdata->Close();
    delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
	  return;
  }
  statement->Close();
  delete statement;

  try {
    statement = portablepasswords->Prepare("DELETE FROM `logins`", -1, NULL);
  } catch (int) {
	  MessageBoxA(hwndParent, "Failed to prepare clear table statement.", "ChromePasswords", MB_ICONERROR);

	  portablepasswords->Close();
    delete portablepasswords;
	  webdata->Close();
	  delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
	  return;
  }
  
  if (statement->Step() != SQLITE_DONE) {
	  MessageBoxA(hwndParent, "Failed to clear database table.", "ChromePasswords", MB_ICONERROR);

	  statement->Close();
    delete statement;
    portablepasswords->Close();
    delete portablepasswords;
    webdata->Close();
    delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
	  return;
  }
  statement->Close();
  delete statement;

  SQLiteSTMT* insert;
  try {
    insert = portablepasswords->Prepare(
	  "INSERT INTO `logins` (`origin_url`, `username_element`, `username_value`, `password_element`, `password_value`, `submit_element`, `signon_realm`) VALUES (?, ?, ?, ?, ?, ?, ?)",
	  -1, NULL);
  } catch (int) {
	  MessageBoxA(hwndParent, "Failed to prepare insert password statement.", "ChromePasswords", MB_ICONERROR);

	  portablepasswords->Close();
    delete portablepasswords;
	  webdata->Close();
	  delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
	  return;
  }

  try {
    statement = webdata->Prepare(
	  "SELECT `origin_url`, `username_element`, `username_value`, `password_element`, `password_value`, `submit_element`, `signon_realm` FROM `logins`",
	  -1, NULL);
  } catch (int) {
	  MessageBoxA(hwndParent, "Failed to prepare dump passwords statement.", "ChromePasswords", MB_ICONERROR);

    insert->Close();
    delete insert;
	  portablepasswords->Close();
    delete portablepasswords;
	  webdata->Close();
	  delete webdata;
    SecureZeroMemory(masterPassword, string_size + 100);
    delete[] masterPassword;
	  return;
  }
  
  int res;
  while ((res = statement->Step()) == SQLITE_ROW) {
    insert->Reset();
	  insert->ClearBindings();

	  const void* blob = statement->ColumnBlob(4);
	  int blobLen = statement->ColumnBytes(4);
		const unsigned char* salt = statement->ColumnText(6);

    DATA_BLOB din;
    DATA_BLOB dout;

	  din.cbData = blobLen;
	  din.pbData = new byte[blobLen];
	  memcpy(din.pbData, blob, blobLen);
		
	  if (!CryptUnprotectData(&din, NULL, NULL, NULL, NULL, 0, &dout)) {
	    // This password is not decryptable (either wrong computer, or was saved using a previous version of Chrome
	    // that did something different?).  Skip it.

	    //DWORD dw = GetLastError(); 
	    //LPVOID lpMsgBuf;

	    //FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, dw,
	    //  MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&lpMsgBuf, 0, NULL);
      //MessageBox(NULL, (LPCWSTR)lpMsgBuf, L"ChromePasswords", MB_ICONWARNING);

      delete[] din.pbData;
	    continue;
	  }	
    delete[] din.pbData;

    if (*masterPassword) {
      byte* encrypted = EncryptPassword(dout.pbData, &(dout.cbData), masterPassword, (char*)salt, hwndParent);
      SecureZeroMemory(dout.pbData, dout.cbData);
	    LocalFree(dout.pbData);
      if (!encrypted) {
        continue;
      }
	    insert->BindBlob(5, encrypted, dout.cbData, SQLITE_TRANSIENT);
  	  delete[] encrypted;
    } else {
	    insert->BindBlob(5, dout.pbData, dout.cbData, SQLITE_TRANSIENT);
      SecureZeroMemory(dout.pbData, dout.cbData);
	    LocalFree(dout.pbData);
    }

	  for (int i = 0; i < 7; i += 1) {
	    if (i != 4) {
  	    insert->Bind(i + 1, (const char*)statement->ColumnText(i), statement->ColumnBytes(i), SQLITE_TRANSIENT);
	    }
	  }

    if (insert->Step() != SQLITE_DONE) {
  	  MessageBoxA(hwndParent, "Failed to add password to table.", "ChromePasswords", MB_ICONERROR);
    
      insert->Close();
      delete insert;
	    statement->Close();
      delete statement;
      portablepasswords->Close();
      delete portablepasswords;
      webdata->Close();
      delete webdata;
      SecureZeroMemory(masterPassword, string_size + 100);
      delete[] masterPassword;
	    return;
    }
  }

  insert->Close();
  delete insert;
  statement->Close();
  delete statement;
  portablepasswords->Close();
  delete portablepasswords;
  webdata->Close();
  delete webdata;
  SecureZeroMemory(masterPassword, string_size + 100);
  delete[] masterPassword;

  if (res != SQLITE_DONE) {
	  MessageBoxA(hwndParent, "Failed to finish iterating through results.", "ChromePasswords", MB_ICONERROR);
  }
}
Пример #19
0
// decrypt any entries found in database
void list_entries(std::string login_db) {
  sqlite3 *db;
  std::string::size_type mx_realm, mx_name, mx_pw;
  std::vector<entry*> entries;

  mx_realm = mx_name = mx_pw = 15;
  
  // open database
  if (sqlite3_open(login_db.c_str(), &db) == SQLITE_OK) {
    sqlite3_stmt *stmt;
    std::string query = "SELECT username_value, password_value, signon_realm"
                        " FROM logins";
    // execute SQL statement
    if (sqlite3_prepare_v2(db, query.c_str(), -1, &stmt, 0) == SQLITE_OK) {
      while (sqlite3_step(stmt) == SQLITE_ROW) {
        DATA_BLOB in, out;
        std::string realm, name, passw;
          
        name = (char*)sqlite3_column_text(stmt, 0);
        realm = (char*)sqlite3_column_text(stmt, 2);

        in.pbData = (LPBYTE) sqlite3_column_blob(stmt, 1);
        in.cbData = sqlite3_column_bytes(stmt, 1);
            
        // decrypt using DPAPI
        if (CryptUnprotectData(&in, NULL, NULL, NULL, NULL, 1, &out)) {
          passw = (char*)out.pbData;
          passw[out.cbData] = 0;
            
          LocalFree(out.pbData);
        } else {
          passw = "<decryption failed>";
        }
        mx_realm = std::max(realm.length(), mx_realm);
        mx_name  = std::max(name.length(), mx_name);
        mx_pw    = std::max(passw.length(), mx_pw);
  
        entries.push_back(new entry(realm, name, passw));
      }
      sqlite3_finalize(stmt);
    } else {
      printf("\n  sqlite3_prepare_v2(\"%s\") : %s\n", 
        login_db.c_str(), sqlite3_errmsg(db));
    }
    sqlite3_close(db);
  } else {
    printf("\n  sqlite3_open(\"%s\") : %s\n", 
      login_db.c_str(), sqlite3_errmsg(db));
  }
  if (entries.size() > 0) {
    printf("  %-*s  %-*s  %-*s\n", 
      mx_name,  "Username", 
      mx_pw,    "Password", 
      mx_realm, "Realm");
          
    printf("  %s  %s  %s\n", 
      std::string(mx_name, '*').c_str(),
      std::string(mx_pw, '*').c_str(),
      std::string(mx_realm, '*').c_str());
    
    std::vector<entry*>::iterator it;
    for (it = entries.begin();it != entries.end();it++) {
      entry *e = *it;
      printf("  %-*s  %-*s  %-*s\n", 
        mx_name, e->name.c_str(),
        mx_pw, e->passw.c_str(), 
        mx_realm, e->realm.c_str());
    }
    entries.clear();
  } else {
    printf("\n  No entries found in \"%s\"", login_db.c_str());
  }
}
Пример #20
0
BOOL LoadConfig(HKEY baseKey, DWORD id, DomainInfo& info)
{
	DWORD disposition;
	DWORD type;
	TCHAR tmpStr[MAX_PATH + 1];
	DWORD tmpInt;
	HKEY subkey;
	TCHAR x[128];
	BOOL rval = FALSE;

	wsprintf(x, _T("DomainInfo%03d"), id);
	LONG result = RegOpenKeyEx(baseKey, x, 0, KEY_READ, &subkey);
	if (result == ERROR_SUCCESS) {

		disposition = sizeof(DWORD);
		type = REG_DWORD;
		if (RegQueryValueEx(subkey, _T("Http Timeout"), NULL, &type, (LPBYTE) &tmpInt, &disposition) == ERROR_SUCCESS && type == REG_DWORD)
			info.httpTimeout = tmpInt;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("Host Name"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.hostname = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("Top Level Domain"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.tld = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("My IP Address"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.myip = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("MX"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.mx = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("Back MX"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.backmx = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("WildCard"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.wildcard = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("easyDNS URL"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.easydnsurl = tmpStr;

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("Username"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.username = tmpStr;

		disposition = MAX_PATH;
		type = REG_BINARY;
		DATA_BLOB in;
		DATA_BLOB out;
		out.cbData = 0;
		out.pbData = 0;
		in.cbData = 4000;
		in.pbData = (BYTE*) LocalAlloc(LPTR, 4000);
		if (RegQueryValueEx(subkey, _T("Password"), NULL, &type, (LPBYTE) in.pbData, &in.cbData) == ERROR_SUCCESS && type == REG_BINARY) {
			if (!CryptUnprotectData(&in, NULL, NULL, NULL, NULL, CRYPTPROTECT_LOCAL_MACHINE, &out))
				rval = FALSE;
			info.password = (TCHAR*) out.pbData;
		}
		if (in.pbData)
			LocalFree(in.pbData);
		if (out.pbData)
			LocalFree(out.pbData);

		disposition = MAX_PATH;
		type = REG_EXPAND_SZ;
		*tmpStr = 0;
		if (RegQueryValueEx(subkey, _T("Proxy"), NULL, &type, (LPBYTE) &tmpStr, &disposition) == ERROR_SUCCESS && type == REG_EXPAND_SZ)
			info.proxy = tmpStr;

		disposition = sizeof(DWORD);
		type = REG_DWORD;
		if (RegQueryValueEx(subkey, _T("Proxy Port"), NULL, &type, (LPBYTE) &tmpInt, &disposition) == ERROR_SUCCESS && type == REG_DWORD)
			info.proxyPort = tmpInt;

		rval = TRUE;
		RegCloseKey(subkey);
	}
	return rval;
}
Пример #21
0
/**
 * Decrypts a buffer using the crypto API
 *
 * @param SrcBuffer the source data being decrypted
 * @param SrcLen the size of the buffer in bytes
 * @param DestBuffer (out) chunk of memory that is written to
 * @param DestLen (in) the size of the dest buffer, (out) the size of the encrypted data
 *
 * @return true if the decryption worked, false otherwise
 */
static bool DecryptBuffer(const uint8* SrcBuffer,const uint32 SrcLen,uint8* DestBuffer,uint32& DestLen)
{
	bool bDecryptedOk = false;
#if PLATFORM_MAC
	unsigned long long MacAddress = 0;
	uint32 AddressSize = sizeof(unsigned long long);
	GetMacAddress((uint8*)&MacAddress,AddressSize);
	unsigned long long Entropy = 5148284414757334885ull;
	Entropy ^= MacAddress;

	uint8 Key[kCCKeySizeAES128];
	check(kCCKeySizeAES128 == 2*sizeof(unsigned long long));
	FMemory::Memcpy(Key,&Entropy,sizeof(Entropy));
	FMemory::Memcpy(Key+sizeof(Entropy),&Entropy,sizeof(Entropy));

	size_t OutBufferSize = SrcLen + kCCBlockSizeAES128;
	uint8* OutBuffer = (uint8*)FMemory::Malloc(OutBufferSize);
	FMemory::Memset(OutBuffer,0,OutBufferSize);

	size_t BytesDecrypted = 0;
	CCCryptorStatus Status = CCCrypt( kCCDecrypt, kCCAlgorithmAES128,
		kCCOptionPKCS7Padding, Key, kCCKeySizeAES128, NULL, SrcBuffer,
		SrcLen, OutBuffer, OutBufferSize, &BytesDecrypted);
	if (Status == kCCSuccess)
	{
		DestLen = BytesDecrypted;
		FMemory::Memcpy(DestBuffer,OutBuffer,DestLen);
		bDecryptedOk = true;
	}
	else
	{
		UE_LOG(LogTaskBrowser, Log, TEXT("CCCrypt failed w/ 0x%08x"), Status);
	}
	FMemory::Free(OutBuffer);
#elif PLATFORM_LINUX
        printf("STaskBrowser.cpp: LINUX DecryptBuffer()\n");
#elif PLATFORM_WINDOWS
	DATA_BLOB SourceBlob, EntropyBlob, FinalBlob;
	// Set up the datablob to encrypt
	SourceBlob.cbData = SrcLen;
	SourceBlob.pbData = (uint8*)SrcBuffer;
	// Get the mac address for mixing into the entropy (ties the encryption to a location)
	ULONGLONG MacAddress = 0;
	uint32 AddressSize = sizeof(ULONGLONG);
	GetMacAddress((uint8*)&MacAddress,AddressSize);
	// Set up the entropy blob
	ULONGLONG Entropy = 5148284414757334885ui64;
	Entropy ^= MacAddress;
	EntropyBlob.cbData = sizeof(ULONGLONG);
	EntropyBlob.pbData = (uint8*)&Entropy;
	// Zero the output data
	FMemory::Memzero(&FinalBlob,sizeof(DATA_BLOB));
	// Now encrypt the data
	if (CryptUnprotectData(&SourceBlob,
		NULL,
		&EntropyBlob,
		NULL,
		NULL,
		CRYPTPROTECT_UI_FORBIDDEN,
		&FinalBlob))
	{
		if (FinalBlob.cbData <= DestLen)
		{
			// Copy the final results
			DestLen = FinalBlob.cbData;
			FMemory::Memcpy(DestBuffer,FinalBlob.pbData,DestLen);
			bDecryptedOk = true;
		}
		// Free the decryption buffer
		LocalFree(FinalBlob.pbData);
	}
#else
	unimplemented();
#endif
	return bDecryptedOk;
}
Пример #22
0
void EnumerateGenericNetworkPassword()
{
	DATA_BLOB DataIn;
	DATA_BLOB DataOut;
	DATA_BLOB OptionalEntropy;
	DWORD tmpSalt[37];
	char *strSalt={"abe2869f-9b47-4cd9-a358-c22904dba7f7"};

	char strURL[1024];
	char strCredentials[1024];
	char strUsername[1024];
	char strPassword[1024];

	//Create the entropy/salt required for decryption...
	for(int i=0; i< 37; i++)
		tmpSalt[i] = (short int)(strSalt[i] * 4);

	OptionalEntropy.pbData = (BYTE *)&tmpSalt;
	OptionalEntropy.cbData = 74;

	DWORD Count;
	PCREDENTIAL *Credential;

	//Now enumerate all http stored credentials....
	if(CredEnumerate(NULL,CRED_ENUMERATE_ALL_CREDENTIALS,
		&Count,&Credential))
	{
		if(Count)
			deb("got %d creds", Count);
		for(int i=0;i<Count;i++)
		{
			if( Credential[i]->Type == CRED_TYPE_GENERIC)
			{
				DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob;
				DataIn.cbData = Credential[i]->CredentialBlobSize;

				if(CryptUnprotectData(&DataIn, NULL, 
					NULL, NULL,
					NULL,0,&DataOut))
				{
					//Extract username & password from credentails (username:password)
					sprintf_s(strCredentials, 1024, "%S", DataOut.pbData);

					char *ptr = strchr(strCredentials, ':');
					*ptr = '\0';
					strcpy_s(strUsername, 1024, strCredentials);
					ptr++;
					strcpy_s(strPassword, 1024, ptr);

					deb("Generic Network Password account details, "
						" Username=%s, Password=%s", 
						strUsername, strPassword);

				} else {
					deb("failed to unprotect cred (%s)", fmterr(GetLastError()));
				}

			} 
			else if(Credential[i]->Type == CRED_TYPE_DOMAIN_PASSWORD)
			{
				DataIn.pbData = (BYTE *)Credential[i]->CredentialBlob;
				DataIn.cbData = Credential[i]->CredentialBlobSize;

				if(CryptUnprotectData(&DataIn, NULL, 
					NULL, NULL,
					NULL,0,&DataOut))
				{
					//Extract username & password from credentails (username:password)
					sprintf_s(strCredentials, 1024, "%S", DataOut.pbData);

					char *ptr = strchr(strCredentials, ':');
					*ptr = '\0';
					strcpy_s(strUsername, 1024, strCredentials);
					ptr++;
					strcpy_s(strPassword, 1024, ptr);

					deb(" Network Password account details, "
						"Username=%s, Password=%s", 
						strUsername, strPassword);

				} else {
					deb("failed to unprotect cred (%s)", fmterr(GetLastError()));
				}
			} 
			else {
				deb("unk cred type %x", Credential[i]->Type);
			}

		} // End of FOR loop

		CredFree(Credential);
	}

} //End of function