Wyciaganie hasla z pliku BLOB

Od HLDS.pl
Wersja KaszpiR (dyskusja | edycje) z dnia 23:23, 16 gru 2006
(różn.) ← poprzednia wersja | zobacz aktualną wersję (różn.) | następna wersja → (różn.)
Skocz do: nawigacji, wyszukiwania

Kod źródłowy programiku pozwalającego wyciągnąć hasło do Steama z pliku blob.

/*
    Copyright 2005,2006 Luigi Auriemma
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
 
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
 
    http://www.gnu.org/licenses/gpl.txt
 
*/
 
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <sys/stat.h>
 
 
 
#define VER     "0.1"
#define FIND    "Phrase" "\x01\x50"
 
 
 
typedef int (WINAPI*_steam_dll_pwd)(u_char *phrase, int len, void *boh);
_steam_dll_pwd  steam_dll_pwd;
void std_err(void);
 
 
 
int main(int argc, char *argv[]) {
    FILE        *fd;
    HINSTANCE   hLib;
    struct stat xstat;
    u_int       len;
    u_short     nlen;
    u_char      *buff,
                *p,
                *limit;
 
    struct {
        u_int   boh1;
        u_char  *pass;
        u_int   boh2;
        u_int   boh3;
        u_int   boh4;
        u_int   passlen;
        u_int   boh5;
        u_int   boh6;
    } steam_pwd;
 
 
    setbuf(stdout, NULL);
 
    fputs("\n"
        "Steam password decoder "VER"\n"
        "by Luigi Auriemma\n"
        "e-mail: aluigi@autistici.org\n"
        "web:    aluigi.org\n"
        "\n", stdout);
 
    if(argc < 2) {
        printf("\n"
            "Usage: %s <ClientRegistry.blob>\n"
            "\n"
            " NOTE: this password recovery tool works ONLY on the same computer in which\n"
            "       was located the ClientRegistry.blob file!\n"
            "\n", argv[0]);
        fputs("\n    Press RETURN to exit\n", stdout);
        fgetc(stdin);
        exit(1);
    }
 
    printf("- load %s in memory\n", argv[1]);
    fd = fopen(argv[1], "rb");
    if(!fd) std_err();
 
    fstat(fileno(fd), &xstat);
    buff = malloc(xstat.st_size);
    if(!buff) std_err();
    fread(buff, xstat.st_size, 1, fd);
    fclose(fd);
 
    limit = buff + xstat.st_size - sizeof(FIND);
    for(p = buff; p < limit; p++) {
        if(!memcmp(p, FIND, sizeof(FIND) - 1)) break;
    }
 
    if(p < limit) {
        p += 30;
        nlen = *(u_short *)p;
        p += 2;
        len = *(u_int *)p;
        p += 4 + nlen;
 
        printf("\nEncoded:  %.*s\n", len, p);
 
        fputs("\n- load the local STEAM.DLL file in memory\n", stdout);
        hLib = LoadLibrary("STEAM.DLL");
        if(!hLib) std_err();
        steam_dll_pwd = (_steam_dll_pwd)0x20252397;
 
        printf("\n"
            "NOTE: now if the tool crashes means the password cannot be recovered since the\n"
            "      ClientRegistry.blob file has not been created on this computer (Steam\n"
            "      uses a ProductID based key).\n");
 
        memset(&steam_pwd, 0, sizeof(steam_pwd));
        steam_dll_pwd(p, len, &steam_pwd);
 
        printf("\nPassword: %s\n", steam_pwd.pass);
        FreeLibrary(hLib);
 
    } else {
        printf("\n"
            "- Password not found, probably you have not saved it or have disabled the\n"
            "  storing of the local account informations through the Settings menu of Steam\n");
    }
 
    free(buff);
    fputs("\n    Press RETURN to exit\n", stdout);
    fgetc(stdin);
    return(0);
}
 
 
 
void std_err(void) {
    perror("\nError");
    fputs("\n    Press RETURN to exit\n", stdout);
    fgetc(stdin);
    exit(1);
}
 
 
/*
This is the final part of the algorithm, I'm too lazy to implement
also the creation of the hash required for the decoding
 
u_char *steam_pwd(u_char *phrase) {
    int     i,
            len;
    static u_char  *pwd;
    u_char  k[16],
            *p,
            al,
            bl;
 
    len = strlen(phrase) >> 1;
    pwd = malloc(len + sizeof(char *)); // needed for direct sscanf
    p = phrase;
    for(i = 0; i < len; i++, p += 2) sscanf(p, "%02hhX", &pwd[i]);
 
    memcpy(k, HASH + PRODUCTID, 16);    // NOT implemented
 
    for(i = 0; i < len; i++) {
        bl = pwd[i];
        al = k[i & 15];
        k[i & 15] = bl;
        pwd[i] = al ^ bl;
    }
    pwd[i] = 0;
 
    return(pwd + (*pwd & 15) + 3);
}
*/
Osobiste
Przestrzenie nazw
Warianty
Działania
HLDS.pl - Menu:
Inne
IRC
Inne sekcje:
Znajomi:
Narzędzia