Firefox password recovery C/C++

1. #include "Recovery.h"
2.  
3. #pragma region Functions
4.  
5. typedef enum {
6. siBuffer = 0,
7. siClearDataBuffer = 1,
8. siCipherDataBuffer = 2,
9. siDERCertBuffer = 3,
10. siEncodedCertBuffer = 4,
11. siDERNameBuffer = 5,
12. siEncodedNameBuffer = 6,
13. siAsciiNameString = 7,
14. siAsciiString = 8,
15. siDEROID = 9,
16. siUnsignedInteger = 10,
17. siUTCTime = 11,
18. siGeneralizedTime = 12,
19. siVisibleString = 13,
20. siUTF8String = 14,
21. siBMPString = 15
22. } SECItemType;
23.  
24. typedef struct SECItemStr SECItem;
25.  
26. struct SECItemStr {
27. SECItemType type;
28. unsigned char *data;
29. unsigned int len;
30. };
31.  
32. typedef enum _SECStatus {
33. SECWouldBlock = -2,
34. SECFailure = -1,
35. SECSuccess = 0
36. } SECStatus;
37.  
38. typedef int PRBool;
39. typedef unsigned int PRUint32;
40. typedef void PK11SlotInfo; /* self defined */
41.  
42. //Decrypt-Fkt.:
43.  
44. typedef SECStatus (__cdecl *NSS_InitFunc)(const char *configdir);
45. typedef SECStatus (__cdecl *NSS_ShutdownFunc)(void);
46. typedef PK11SlotInfo *(__cdecl *PK11_GetInternalKeySlotFunc)(void);
47. typedef void (__cdecl *PK11_FreeSlotFunc)(PK11SlotInfo *slot);
48. typedef SECStatus (__cdecl *PK11_AuthenticateFunc)(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
49. typedef SECStatus (__cdecl *PK11SDR_DecryptFunc)(SECItem *data, SECItem *result, void *cx);
50. typedef SECStatus (__cdecl *PK11_CheckUserPasswordFunc)(PK11SlotInfo *slot, const char *pw);
51. typedef char *(__cdecl *PL_Base64DecodeFunc)(const char *src, PRUint32 srclen, char *dest);
52.  
53.  
54. typedef void (__cdecl *SECITEM_ZfreeItemFunc)(SECItem *zap, PRBool freeit);
55. typedef void (*SECITEM_AllocItem)(SECItem & item, int len);
56.  
57. NSS_InitFunc NSSInit = NULL;
58. NSS_ShutdownFunc NSSShutdown = NULL;
59. PK11_GetInternalKeySlotFunc PK11GetInternalKeySlot = NULL;
60. PK11_CheckUserPasswordFunc PK11CheckUserPassword = NULL;
61. PK11_FreeSlotFunc PK11FreeSlot = NULL;
62. PK11_AuthenticateFunc PK11Authenticate = NULL;
63. PL_Base64DecodeFunc PL_Base64Decode = NULL;
64. PK11SDR_DecryptFunc PK11SDRDecrypt = NULL;
65. SECITEM_ZfreeItemFunc SECITEM_ZfreeItem = NULL;
66.  
67.  
68. //SQLITE Fkt.
69. //============================================================================================
70. #define SQLITE_OK 0
71. #define SQLITE_ROW 100
72.  
73. typedef struct sqlite3 sqlite3;
74. typedef struct sqlite3_stmt sqlite3_stmt;
75.  
76. typedef int (_cdecl *sqlite3_open)
77. (
78. const char *filename, /* Database filename (UTF-8) */
79. sqlite3 **ppDb /* OUT: SQLite db handle */
80. );
81. typedef int (_cdecl *sqlite3_prepare_v2)
82. (
83. sqlite3 *db, /* Database handle */
84. const char *zSql, /* SQL statement, UTF-8 encoded */
85. int nByte, /* Maximum length of zSql in bytes. */
86. sqlite3_stmt **ppStmt, /* OUT: Statement handle */
87. const char **pzTail /* OUT: Pointer to unused portion of zSql */
88. );
89.  
90. typedef int (_cdecl *sqlite3_close)(sqlite3 *);
91. typedef int (_cdecl *sqlite3_step)(sqlite3_stmt *);
92. typedef const unsigned char * (_cdecl *sqlite3_column_text)(sqlite3_stmt *, int iCol);
93.  
94. //============================================================================================
95.  
96. #pragma end region
97.  
98. string Recovery::getFirefoxDatabase()
99. {
100. string sDatabase = getenv("appdata");
101. sDatabase += "\\Mozilla\\Firefox\\";
102.  
103. string sProfilesINI = sDatabase + "profiles.ini";
104.  
105. if(doesFileExist(sProfilesINI))
106. {
107. char cValueOfINI[MAX_PATH] = "";
108. DWORD dwValueSize = MAX_PATH;
109.  
110. if(GetPrivateProfileString("Profile0", "Path", 0, cValueOfINI, dwValueSize, sProfilesINI.c_str()) > 0)
111. {
112. string sTempProfile = cValueOfINI;
113. sTempProfile = sTempProfile.substr(9);
114. sDatabase += "Profiles\\" + sTempProfile + "\\logins.json";
115.  
116. if(doesFileExist(sDatabase))
117. {
118. return sDatabase;
119. }
120. else
121. {
122. return "";
123. }
124. }
125. else
126. {
127. return "";
128. }
129. }
130. else
131. {
132. return "";
133. }
134. }
135.  
136. string Recovery::decryptFirefox(string sEncryptedString, string sFirefoxDatabase)
137. {
138. NSSInit = (NSS_InitFunc) GetProcAddress(this->hmNSS3, "NSS_Init");
139. NSSShutdown = (NSS_ShutdownFunc) GetProcAddress(this->hmNSS3, "NSS_Shutdown");
140. PK11GetInternalKeySlot = (PK11_GetInternalKeySlotFunc) GetProcAddress(this->hmNSS3, "PK11_GetInternalKeySlot");
141. PK11FreeSlot = (PK11_FreeSlotFunc) GetProcAddress(this->hmNSS3, "PK11_FreeSlot");
142. PK11Authenticate = (PK11_AuthenticateFunc) GetProcAddress(this->hmNSS3, "PK11_Authenticate");
143. PK11SDRDecrypt = (PK11SDR_DecryptFunc) GetProcAddress(this->hmNSS3, "PK11SDR_Decrypt");
144. PL_Base64Decode = (PL_Base64DecodeFunc) GetProcAddress(this->hmNSS3, "PL_Base64Decode");
145. PK11CheckUserPassword = (PK11_CheckUserPasswordFunc) GetProcAddress(this->hmNSS3, "PK11_CheckUserPassword");
146. SECITEM_ZfreeItem = (SECITEM_ZfreeItemFunc) GetProcAddress(this->hmNSS3, "SECITEM_ZfreeItem");
147.  
148. string sDecryptedString = "";
149.  
150. if (NSSInit && NSSShutdown && PK11GetInternalKeySlot && PK11FreeSlot && PK11Authenticate && PK11SDRDecrypt && PL_Base64Decode && PK11CheckUserPassword && SECITEM_ZfreeItem)
151. {
152. sFirefoxDatabase = sFirefoxDatabase.substr(0, sFirefoxDatabase.size() - 11);
153.  
154. SECStatus init_status = NSSInit(sFirefoxDatabase.c_str());
155.  
156. if(init_status == SECSuccess)
157. {
158. int iStringLength = sEncryptedString.size();
159. int iDestLen = 2048;
160. unsigned char cDecoded[2048];
161. PK11SlotInfo * objPK11Slot = PK11GetInternalKeySlot();
162.  
163. if(PL_Base64Decode(sEncryptedString.c_str(), iStringLength, (char*) cDecoded))
164. {
165.  
166. if(objPK11Slot)
167. {
168.  
169. if (PK11Authenticate(objPK11Slot, TRUE, NULL) == SECSuccess)
170. {
171.  
172. SECItem secInput, secOutput;
173.  
174. secInput.data = cDecoded;
175. secInput.len = decoded_size(sEncryptedString.c_str());
176.  
177. secOutput.data = NULL;
178. secOutput.len = 0;
179.  
180. if (PK11SDRDecrypt(&secInput, &secOutput, NULL) == SECSuccess)
181. {
182. sDecryptedString = string((char*) secOutput.data, secOutput.len);
183. SECITEM_ZfreeItem(&secOutput, FALSE);
184. }
185. }
186. PK11FreeSlot(objPK11Slot);
187. }
188. }
189. }
190.  
191. }
192. return sDecryptedString;
193. }
194.  
195. bool Recovery::loadFirefoxLibraries()
196. {
197. string sLibrary_NSS3 = this->sFirefoxPath + "nss3.dll";
198. string sLibrary_Mozglue = this->sFirefoxPath + "mozglue.dll";
199.  
200. if(doesFileExist(sLibrary_NSS3) && doesFileExist(sLibrary_Mozglue))
201. {
202. this->hmMozglue = LoadLibrary(sLibrary_Mozglue.c_str());
203. this->hmNSS3 = LoadLibrary(sLibrary_NSS3.c_str());
204.  
205. if(this->hmNSS3 && this->hmMozglue)
206. {
207. return true;
208. }
209. else
210. {
211. return false;
212. }
213. }
214. else
215. {
216. return false;
217. }
218. }
219.  
220. bool Recovery::unloadFirefoxLibraries()
221. {
222. return FreeLibrary(this->hmNSS3) && FreeLibrary(this->hmMozglue);
223. }
224.  
225. void Recovery::Firefox()
226. {
227. if(isBrowserInstalled(FIREFOX))
228. {
229. string sFirefoxDatabase = getFirefoxDatabase();
230.  
231. if(sFirefoxDatabase.size() > 0 && this->sFirefoxPath.size() > 0)
232. {
233. string sTempline = "";
234. ifstream ifJsonPasswords(sFirefoxDatabase.c_str(), ios::in);
235.  
236. if(ifJsonPasswords.is_open())
237. {
238. if(getline(ifJsonPasswords, sTempline))
239. {
240. for (int i = 0; i < sTempline.size(); i++)
241. {
242. string sURL = "";
243. string sEncryptedUser = "";
244. string sEncryptedPass = "";
245.  
246. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////START PARSING JSON
247. int iFind = sTempline.find("hostname"); // URL
248. if (iFind > -1)
249. {
250. sTempline = sTempline.substr(iFind, sTempline.size());
251. sURL = sTempline.substr(11);
252. iFind = sURL.find("\"");
253. sURL = sURL.substr(0, iFind);
254. sTempline = sTempline.substr(sURL.size(), sTempline.size());
255. }
256.  
257. iFind = sTempline.find("encryptedUsername"); //USER
258. if (iFind > -1)
259. {
260. sTempline = sTempline.substr(iFind, sTempline.size());
261. sEncryptedUser = sTempline.substr(20);
262. iFind = sEncryptedUser.find("\"");
263. sEncryptedUser = sEncryptedUser.substr(0, iFind);
264. sTempline = sTempline.substr(sEncryptedUser.size(), sTempline.size());
265. }
266.  
267. iFind = sTempline.find("encryptedPassword"); //PASS
268. if (iFind > -1)
269. {
270. sTempline = sTempline.substr(iFind, sTempline.size());
271. sEncryptedPass = sTempline.substr(20);
272. iFind = sEncryptedPass.find("\"");
273. sEncryptedPass = sEncryptedPass.substr(0, iFind);
274. sTempline = sTempline.substr(sEncryptedPass.size(), sTempline.size());
275. }
276. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////END PARSING JSON
277.  
278. if (sURL.size() > 0 && sEncryptedUser.size() > 0 && sEncryptedPass.size() > 0)
279. {
280. if(loadFirefoxLibraries())
281. {
282. string sUserPlain = decryptFirefox(sEncryptedUser, sFirefoxDatabase);
283. string sPassPlain = decryptFirefox(sEncryptedPass, sFirefoxDatabase);
284. cout << "URL: " << sURL << endl;
285. cout << "User: " << sUserPlain << endl;
286. cout << "Pass: " << sPassPlain << endl;
287. }
288. }
289. }
290. }
291. unloadFirefoxLibraries();
292. }
293. }
294. }
295. }