Wyciaganie hasla z pliku BLOB
Od HLDS.pl
Kod źródłowy programiku pozwalającego wyciągnąć hasło do Steama z pliku blob.
/* Copyright 2005,2006 Luigi Auriemma This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA http://www.gnu.org/licenses/gpl.txt */ #include <stdio.h> #include <stdlib.h> #include <windows.h> #include <sys/stat.h> #define VER "0.1" #define FIND "Phrase" "\x01\x50" typedef int (WINAPI*_steam_dll_pwd)(u_char *phrase, int len, void *boh); _steam_dll_pwd steam_dll_pwd; void std_err(void); int main(int argc, char *argv[]) { FILE *fd; HINSTANCE hLib; struct stat xstat; u_int len; u_short nlen; u_char *buff, *p, *limit; struct { u_int boh1; u_char *pass; u_int boh2; u_int boh3; u_int boh4; u_int passlen; u_int boh5; u_int boh6; } steam_pwd; setbuf(stdout, NULL); fputs("\n" "Steam password decoder "VER"\n" "by Luigi Auriemma\n" "e-mail: aluigi@autistici.org\n" "web: aluigi.org\n" "\n", stdout); if(argc < 2) { printf("\n" "Usage: %s <ClientRegistry.blob>\n" "\n" " NOTE: this password recovery tool works ONLY on the same computer in which\n" " was located the ClientRegistry.blob file!\n" "\n", argv[0]); fputs("\n Press RETURN to exit\n", stdout); fgetc(stdin); exit(1); } printf("- load %s in memory\n", argv[1]); fd = fopen(argv[1], "rb"); if(!fd) std_err(); fstat(fileno(fd), &xstat); buff = malloc(xstat.st_size); if(!buff) std_err(); fread(buff, xstat.st_size, 1, fd); fclose(fd); limit = buff + xstat.st_size - sizeof(FIND); for(p = buff; p < limit; p++) { if(!memcmp(p, FIND, sizeof(FIND) - 1)) break; } if(p < limit) { p += 30; nlen = *(u_short *)p; p += 2; len = *(u_int *)p; p += 4 + nlen; printf("\nEncoded: %.*s\n", len, p); fputs("\n- load the local STEAM.DLL file in memory\n", stdout); hLib = LoadLibrary("STEAM.DLL"); if(!hLib) std_err(); steam_dll_pwd = (_steam_dll_pwd)0x20252397; printf("\n" "NOTE: now if the tool crashes means the password cannot be recovered since the\n" " ClientRegistry.blob file has not been created on this computer (Steam\n" " uses a ProductID based key).\n"); memset(&steam_pwd, 0, sizeof(steam_pwd)); steam_dll_pwd(p, len, &steam_pwd); printf("\nPassword: %s\n", steam_pwd.pass); FreeLibrary(hLib); } else { printf("\n" "- Password not found, probably you have not saved it or have disabled the\n" " storing of the local account informations through the Settings menu of Steam\n"); } free(buff); fputs("\n Press RETURN to exit\n", stdout); fgetc(stdin); return(0); } void std_err(void) { perror("\nError"); fputs("\n Press RETURN to exit\n", stdout); fgetc(stdin); exit(1); } /* This is the final part of the algorithm, I'm too lazy to implement also the creation of the hash required for the decoding u_char *steam_pwd(u_char *phrase) { int i, len; static u_char *pwd; u_char k[16], *p, al, bl; len = strlen(phrase) >> 1; pwd = malloc(len + sizeof(char *)); // needed for direct sscanf p = phrase; for(i = 0; i < len; i++, p += 2) sscanf(p, "%02hhX", &pwd[i]); memcpy(k, HASH + PRODUCTID, 16); // NOT implemented for(i = 0; i < len; i++) { bl = pwd[i]; al = k[i & 15]; k[i & 15] = bl; pwd[i] = al ^ bl; } pwd[i] = 0; return(pwd + (*pwd & 15) + 3); } */