From 0ccfead131a778abeaba1090936df3eb7503d106 Mon Sep 17 00:00:00 2001 From: wesmar Date: Tue, 30 Sep 2025 23:38:41 +0200 Subject: [PATCH] Aktualizacja: 2025-09-30 23:38:41 --- kvc/BannerSystem.cpp | 153 ++++++++++++++ kvc/BannerSystem.h | 20 ++ kvc/BrowserHelp.cpp | 322 ++++++++++++++++++++++++++++++ kvc/BrowserHelp.h | 32 +++ kvc/CommunicationLayer.cpp | 39 +--- kvc/CommunicationLayer.h | 5 +- kvc/ControllerPasswordManager.cpp | 10 +- kvc/CryptCore.cpp | 1 + kvc/HelpSystem.cpp | 6 +- kvc/Kvc.cpp | 138 ++++++++----- kvc/Kvc.vcxproj | 5 +- kvc/OrchestratorCore.cpp | 22 +- kvc/kvc_pass.vcxproj | 4 + kvc/licznik.py | 121 ----------- 14 files changed, 656 insertions(+), 222 deletions(-) create mode 100644 kvc/BannerSystem.cpp create mode 100644 kvc/BannerSystem.h create mode 100644 kvc/BrowserHelp.cpp create mode 100644 kvc/BrowserHelp.h delete mode 100644 kvc/licznik.py diff --git a/kvc/BannerSystem.cpp b/kvc/BannerSystem.cpp new file mode 100644 index 0000000..56462a1 --- /dev/null +++ b/kvc/BannerSystem.cpp @@ -0,0 +1,153 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + +// Add these functions to CommunicationLayer.cpp or create separate BannerSystem.cpp + +#include +#include +#include + +namespace Banner +{ + // Print centered text with specified color + void PrintCentered(HANDLE hConsole, const std::wstring& text, WORD color, int width = 80) + { + int textLen = static_cast(text.length()); + int padding = (width - textLen) / 2; + if (padding < 0) padding = 0; + + SetConsoleTextAttribute(hConsole, color); + std::wcout << std::wstring(padding, L' ') << text << L"\n"; + } + + // Print application banner with blue frame + void PrintHeader() + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + const int width = 80; + const WORD frameColor = FOREGROUND_BLUE | FOREGROUND_INTENSITY; + const WORD textColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY; + + // Top border + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"\n"; + std::wcout << L"================================================================================\n"; + + // Banner content - centered white text + PrintCentered(hConsole, L"Marek Wesolowski - WESMAR - 2025", textColor, width); + PrintCentered(hConsole, L"PassExtractor v1.0.1 https://kvc.pl", textColor, width); + PrintCentered(hConsole, L"+48 607-440-283, marek@wesolowski.eu.org", textColor, width); + PrintCentered(hConsole, L"PassExtractor - Advanced Browser Credential Extraction Framework", textColor, width); + PrintCentered(hConsole, L"Multi-Browser Password, Cookie & Payment Data Recovery Tool", textColor, width); + PrintCentered(hConsole, L"Chrome, Brave, Edge Support via COM Elevation & DPAPI Techniques", textColor, width); + + // Bottom border + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"================================================================================\n\n"; + + // Restore original color + SetConsoleTextAttribute(hConsole, originalColor); + } + + // Print footer with donation information + void PrintFooter() + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + const int width = 80; + const WORD frameColor = FOREGROUND_BLUE | FOREGROUND_INTENSITY; + const WORD textColor = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY; + const WORD linkColor = FOREGROUND_GREEN | FOREGROUND_INTENSITY; + + // Helper lambda for centered text in frame + auto printCenteredInFrame = [&](const std::wstring& text) { + int textLen = static_cast(text.length()); + int padding = (width - 2 - textLen) / 2; + if (padding < 0) padding = 0; + + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"|"; + + SetConsoleTextAttribute(hConsole, textColor); + std::wcout << std::wstring(padding, L' ') << text + << std::wstring(width - 2 - padding - textLen, L' '); + + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"|\n"; + }; + + // Top border + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"+" << std::wstring(width-2, L'-') << L"+\n"; + + // Footer content + printCenteredInFrame(L"Support this project - a small donation is greatly appreciated"); + printCenteredInFrame(L"and helps sustain private research builds."); + printCenteredInFrame(L"GitHub source code: https://github.com/wesmar/kvc/"); + printCenteredInFrame(L"Professional services: marek@wesolowski.eu.org"); + + // Donation line with colored links + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"|"; + + std::wstring paypal = L"PayPal: "; + std::wstring paypalLink = L"paypal.me/ext1"; + std::wstring middle = L" "; + std::wstring revolut = L"Revolut: "; + std::wstring revolutLink = L"revolut.me/marekb92"; + + int totalLen = static_cast(paypal.length() + paypalLink.length() + + middle.length() + revolut.length() + revolutLink.length()); + int padding = (width - totalLen - 2) / 2; + if (padding < 0) padding = 0; + + SetConsoleTextAttribute(hConsole, textColor); + std::wcout << std::wstring(padding, L' ') << paypal; + SetConsoleTextAttribute(hConsole, linkColor); + std::wcout << paypalLink; + SetConsoleTextAttribute(hConsole, textColor); + std::wcout << middle << revolut; + SetConsoleTextAttribute(hConsole, linkColor); + std::wcout << revolutLink; + SetConsoleTextAttribute(hConsole, textColor); + std::wcout << std::wstring(width - totalLen - padding - 2, L' '); + + SetConsoleTextAttribute(hConsole, frameColor); + std::wcout << L"|\n"; + + // Bottom border + std::wcout << L"+" << std::wstring(width-2, L'-') << L"+\n\n"; + + // Restore original color + SetConsoleTextAttribute(hConsole, originalColor); + } +} diff --git a/kvc/BannerSystem.h b/kvc/BannerSystem.h new file mode 100644 index 0000000..9f2bc20 --- /dev/null +++ b/kvc/BannerSystem.h @@ -0,0 +1,20 @@ +// BannerSystem.h - Application banner and footer management +#ifndef BANNER_SYSTEM_H +#define BANNER_SYSTEM_H + +#include +#include + +namespace Banner +{ + // Print centered text with specified color + void PrintCentered(HANDLE hConsole, const std::wstring& text, WORD color, int width = 80); + + // Print application banner with blue frame + void PrintHeader(); + + // Print footer with donation information + void PrintFooter(); +} + +#endif // BANNER_SYSTEM_H \ No newline at end of file diff --git a/kvc/BrowserHelp.cpp b/kvc/BrowserHelp.cpp new file mode 100644 index 0000000..dff68cd --- /dev/null +++ b/kvc/BrowserHelp.cpp @@ -0,0 +1,322 @@ +/******************************************************************************* + _ ____ ______ + | |/ /\ \ / / ___| + | ' / \ \ / / | + | . \ \ V /| |___ + |_|\_\ \_/ \____| + +The **Kernel Vulnerability Capabilities (KVC)** framework represents a paradigm shift in Windows security research, +offering unprecedented access to modern Windows internals through sophisticated ring-0 operations. Originally conceived +as "Kernel Process Control," the framework has evolved to emphasize not just control, but the complete **exploitation +of kernel-level primitives** for legitimate security research and penetration testing. + +KVC addresses the critical gap left by traditional forensic tools that have become obsolete in the face of modern Windows +security hardening. Where tools like ProcDump and Process Explorer fail against Protected Process Light (PPL) and Antimalware +Protected Interface (AMSI) boundaries, KVC succeeds by operating at the kernel level, manipulating the very structures +that define these protections. + + ----------------------------------------------------------------------------- + Author : Marek Wesołowski + Email : marek@wesolowski.eu.org + Phone : +48 607 440 283 (Tel/WhatsApp) + Date : 04-09-2025 + +*******************************************************************************/ + +// BrowserHelp.cpp - Comprehensive help system for PassExtractor +#include +#include "BrowserHelp.h" +#include +#include + +namespace BrowserHelp +{ + void PrintUsage(std::wstring_view programName) noexcept + { + PrintBasicUsage(programName); + PrintBrowserTargets(); + PrintCommandLineOptions(); + PrintOutputFormat(); + PrintTechnicalFeatures(); + PrintUsageExamples(programName); + PrintRequirements(); + PrintBrowserSpecificNotes(); + PrintSecurityNotice(); + PrintFooter(); + } + + void PrintHeader() noexcept + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + const int width = 80; + + // Blue header border + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"\n"; + std::wcout << L"================================================================================\n"; + + // Centered text printing + auto printCentered = [&](const std::wstring& text) { + int textLen = static_cast(text.length()); + int padding = (width - textLen) / 2; + if (padding < 0) padding = 0; + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << std::wstring(padding, L' ') << text << L"\n"; + }; + + printCentered(L"PassExtractor - Advanced Browser Credential Extraction Framework"); + printCentered(L"Multi-Browser Password, Cookie & Payment Data Recovery Tool"); + printCentered(L"Chrome, Brave, Edge Support via COM Elevation & DPAPI Techniques"); + + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"================================================================================\n\n"; + + SetConsoleTextAttribute(hConsole, originalColor); + } + + void PrintBasicUsage(std::wstring_view programName) noexcept + { + PrintSectionHeader(L"USAGE"); + std::wcout << L" " << programName << L" [options]\n"; + std::wcout << L" " << programName << L" --help\n\n"; + } + + void PrintBrowserTargets() noexcept + { + PrintSectionHeader(L"BROWSER TARGETS"); + PrintCommandLine(L"chrome", L"Google Chrome (COM Elevation + AES-GCM)"); + PrintCommandLine(L"brave", L"Brave Browser (COM Elevation + AES-GCM)"); + PrintCommandLine(L"edge", L"Microsoft Edge (Split-Key Strategy: COM + DPAPI)"); + PrintCommandLine(L"all", L"All installed browsers (automatic detection)"); + std::wcout << L"\n"; + } + + void PrintCommandLineOptions() noexcept + { + PrintSectionHeader(L"OPTIONS"); + PrintCommandLine(L"-o, --output-path ", L"Output directory (default: .\\output\\)"); + PrintCommandLine(L"-v, --verbose", L"Enable detailed debug output"); + PrintCommandLine(L"--json-only", L"Extract only JSON files (skip reports)"); + PrintCommandLine(L"--quiet", L"Minimal output (errors only)"); + PrintCommandLine(L"--profile ", L"Extract specific browser profile only"); + PrintCommandLine(L"-h, --help", L"Show this help message"); + std::wcout << L"\n"; + } + + void PrintOutputFormat() noexcept + { + PrintSectionHeader(L"OUTPUT FORMAT"); + std::wcout << L" JSON Files (all browsers):\n"; + std::wcout << L" passwords.json - Decrypted login credentials\n"; + std::wcout << L" cookies.json - Session cookies with tokens\n"; + std::wcout << L" payments.json - Credit card data with CVCs\n\n"; + } + + void PrintTechnicalFeatures() noexcept + { + PrintSectionHeader(L"TECHNICAL FEATURES"); + std::wcout << L" - COM elevation service exploitation (Chrome/Brave/Edge cookies+payments)\n"; + std::wcout << L" - DPAPI extraction for Edge passwords (orchestrator-side)\n"; + std::wcout << L" - Split-key strategy for Edge (different keys per data type)\n"; + std::wcout << L" - Direct syscall invocation for stealth operations\n"; + std::wcout << L" - Process injection with custom PE loader\n"; + std::wcout << L" - AES-GCM decryption with v10/v20 scheme support\n"; + std::wcout << L" - Automatic profile discovery and enumeration\n"; + std::wcout << L" - Multi-threaded extraction pipeline\n\n"; + } + + void PrintUsageExamples(std::wstring_view programName) noexcept + { + PrintSectionHeader(L"USAGE EXAMPLES"); + const int commandWidth = 50; + + auto printLine = [&](const std::wstring& command, const std::wstring& description) { + std::wcout << L" " << std::left << std::setw(commandWidth) + << (std::wstring(programName) + L" " + command) + << L"# " << description << L"\n"; + }; + + printLine(L"chrome", L"Extract Chrome to .\\output\\"); + printLine(L"edge -o C:\\reports", L"Edge to custom directory"); + printLine(L"brave --verbose", L"Brave with debug output"); + printLine(L"all", L"All browsers to .\\output\\"); + printLine(L"chrome -o D:\\data -v", L"Combined options"); + printLine(L"edge --json-only", L"Edge JSON files only"); + printLine(L"chrome --profile Default", L"Extract specific profile"); + printLine(L"all --quiet -o C:\\dumps", L"Silent extraction to custom path"); + + std::wcout << L"\n"; + } + + void PrintRequirements() noexcept + { + PrintSectionHeader(L"REQUIREMENTS"); + std::wcout << L" - Windows 10/11 (x64 architecture)\n"; + std::wcout << L" - Administrator privileges required\n"; + std::wcout << L" - kvc_crypt.dll (security module)\n"; + std::wcout << L" - Target browser must be installed\n\n"; + } + + void PrintBrowserSpecificNotes() noexcept + { + PrintSectionHeader(L"BROWSER-SPECIFIC BEHAVIOR"); + + std::wcout << L" Chrome/Brave:\n"; + std::wcout << L" - Single COM-elevated key for all data types\n"; + std::wcout << L" - Requires browser process for COM elevation\n"; + std::wcout << L" - Extracts passwords, cookies, payment cards\n\n"; + + std::wcout << L" Edge:\n"; + std::wcout << L" - Split-key strategy (COM + DPAPI)\n"; + std::wcout << L" - COM key: cookies and payment data\n"; + std::wcout << L" - DPAPI key: passwords (no browser process needed)\n\n"; + } + + void PrintSecurityNotice() noexcept + { + PrintSectionHeader(L"SECURITY & LEGAL NOTICE"); + + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_INTENSITY); + std::wcout << L" WARNING: ADVANCED CREDENTIAL EXTRACTION TOOL\n\n"; + SetConsoleTextAttribute(hConsole, originalColor); + + std::wcout << L" CAPABILITIES:\n"; + std::wcout << L" - Extracts encrypted browser credentials (passwords, cookies, payments)\n"; + std::wcout << L" - Uses COM elevation bypass and DPAPI extraction techniques\n"; + std::wcout << L" - Direct syscall invocation for stealth operations\n"; + std::wcout << L" - Process injection and memory manipulation\n\n"; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY); + std::wcout << L" LEGAL & ETHICAL RESPONSIBILITY:\n"; + SetConsoleTextAttribute(hConsole, originalColor); + std::wcout << L" - Intended for authorized penetration testing and security research only\n"; + std::wcout << L" - User assumes full legal responsibility for all actions performed\n"; + std::wcout << L" - Ensure proper authorization before using on any system\n"; + std::wcout << L" - Misuse may violate computer crime laws in your jurisdiction\n\n"; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_INTENSITY); + std::wcout << L" By using this tool, you acknowledge understanding and accept full responsibility.\n\n"; + SetConsoleTextAttribute(hConsole, originalColor); + } + + void PrintFooter() noexcept + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + const int width = 80; + + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"+" << std::wstring(width-2, L'-') << L"+\n"; + + auto printCenteredFooter = [&](const std::wstring& text) { + int textLen = static_cast(text.length()); + int padding = (width - 2 - textLen) / 2; + if (padding < 0) padding = 0; + + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"|"; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << std::wstring(padding, L' ') << text + << std::wstring(width - 2 - padding - textLen, L' '); + + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"|\n"; + }; + + printCenteredFooter(L"Support this project - a small donation is greatly appreciated"); + printCenteredFooter(L"and helps sustain private research builds."); + printCenteredFooter(L"GitHub source code: https://github.com/wesmar/kvc/"); + printCenteredFooter(L"Professional services: marek@wesolowski.eu.org"); + + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"|"; + + std::wstring paypal = L"PayPal: "; + std::wstring paypalLink = L"paypal.me/ext1"; + std::wstring middle = L" "; + std::wstring revolut = L"Revolut: "; + std::wstring revolutLink = L"revolut.me/marekb92"; + + int totalLen = static_cast(paypal.length() + paypalLink.length() + + middle.length() + revolut.length() + revolutLink.length()); + int padding = (width - totalLen - 2) / 2; + if (padding < 0) padding = 0; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << std::wstring(padding, L' ') << paypal; + SetConsoleTextAttribute(hConsole, FOREGROUND_GREEN | FOREGROUND_INTENSITY); + std::wcout << paypalLink; + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << middle << revolut; + SetConsoleTextAttribute(hConsole, FOREGROUND_GREEN | FOREGROUND_INTENSITY); + std::wcout << revolutLink; + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << std::wstring(width - totalLen - padding - 2, L' '); + + SetConsoleTextAttribute(hConsole, FOREGROUND_BLUE | FOREGROUND_INTENSITY); + std::wcout << L"|\n"; + + std::wcout << L"+" << std::wstring(width-2, L'-') << L"+\n\n"; + + SetConsoleTextAttribute(hConsole, originalColor); + } + + void PrintSectionHeader(const wchar_t* title) noexcept + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY); + std::wcout << L"=== " << title << L" ===\n"; + + SetConsoleTextAttribute(hConsole, originalColor); + } + + void PrintCommandLine(const wchar_t* command, const wchar_t* description) noexcept + { + const int commandWidth = 50; + std::wcout << L" " << std::left << std::setw(commandWidth) + << command << L"- " << description << L"\n"; + } + + void PrintNote(const wchar_t* note) noexcept + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + SetConsoleTextAttribute(hConsole, FOREGROUND_INTENSITY); + std::wcout << L" " << note << L"\n"; + + SetConsoleTextAttribute(hConsole, originalColor); + } + + void PrintWarning(const wchar_t* warning) noexcept + { + HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE); + CONSOLE_SCREEN_BUFFER_INFO csbi; + GetConsoleScreenBufferInfo(hConsole, &csbi); + WORD originalColor = csbi.wAttributes; + + SetConsoleTextAttribute(hConsole, FOREGROUND_RED | FOREGROUND_INTENSITY); + std::wcout << L" " << warning << L"\n"; + + SetConsoleTextAttribute(hConsole, originalColor); + } +} \ No newline at end of file diff --git a/kvc/BrowserHelp.h b/kvc/BrowserHelp.h new file mode 100644 index 0000000..2d190ab --- /dev/null +++ b/kvc/BrowserHelp.h @@ -0,0 +1,32 @@ +// BrowserHelp.h - Comprehensive help and usage information for PassExtractor +#ifndef BROWSER_HELP_H +#define BROWSER_HELP_H + +#include + +namespace BrowserHelp +{ + // Print complete usage information with formatting and colors + void PrintUsage(std::wstring_view programName) noexcept; + + // Section printing helpers + void PrintHeader() noexcept; + void PrintBasicUsage(std::wstring_view programName) noexcept; + void PrintBrowserTargets() noexcept; + void PrintCommandLineOptions() noexcept; + void PrintOutputFormat() noexcept; + void PrintTechnicalFeatures() noexcept; + void PrintUsageExamples(std::wstring_view programName) noexcept; + void PrintRequirements() noexcept; + void PrintBrowserSpecificNotes() noexcept; + void PrintSecurityNotice() noexcept; + void PrintFooter() noexcept; + + // Formatting helpers + void PrintSectionHeader(const wchar_t* title) noexcept; + void PrintCommandLine(const wchar_t* command, const wchar_t* description) noexcept; + void PrintNote(const wchar_t* note) noexcept; + void PrintWarning(const wchar_t* warning) noexcept; +} + +#endif // BROWSER_HELP_H \ No newline at end of file diff --git a/kvc/CommunicationLayer.cpp b/kvc/CommunicationLayer.cpp index d2bac48..c99833c 100644 --- a/kvc/CommunicationLayer.cpp +++ b/kvc/CommunicationLayer.cpp @@ -33,7 +33,7 @@ that define these protections. #pragma comment(lib, "Rpcrt4.lib") -constexpr DWORD MODULE_COMPLETION_TIMEOUT_MS = 60000; +constexpr DWORD MODULE_COMPLETION_TIMEOUT_MS = 10000; #ifndef NT_SUCCESS #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) @@ -118,33 +118,6 @@ Console::Console(bool verbose) : m_verbose(verbose), m_hConsole(GetStdHandle(STD m_originalAttributes = consoleInfo.wAttributes; } -void Console::displayBanner() const -{ - SetColor(FOREGROUND_RED | FOREGROUND_INTENSITY); - std::cout << "PassExtractor x64 | 1.0.1 by WESMAR\n\n"; - ResetColor(); -} - -void Console::printUsage() const -{ - SetColor(FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_INTENSITY); - std::wcout << L"Usage:\n" - << L" kvc_pass.exe [options] \n\n" - << L"Options:\n" - << L" --output-path|-o Directory for output files (default: .\\output\\)\n" - << L" --verbose|-v Enable verbose debug output from the orchestrator\n" - << L" --help|-h Show this help message\n\n" - << L"Browser targets:\n" - << L" chrome - Extract from Google Chrome\n" - << L" brave - Extract from Brave Browser\n" - << L" edge - Extract from Microsoft Edge\n" - << L" all - Extract from all installed browsers\n\n" - << L"Required files:\n" - << L" kvc_crypt.dll - Security module (same directory)\n" - << L" winsqlite3.dll - SQLite library (system32) or sqlite3.dll fallback\n"; - ResetColor(); -} - void Console::Info(const std::string& msg) const { print("[*]", msg, FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_INTENSITY); } void Console::Success(const std::string& msg) const { print("[+]", msg, FOREGROUND_GREEN | FOREGROUND_INTENSITY); } void Console::Error(const std::string& msg) const { print("[-]", msg, FOREGROUND_RED | FOREGROUND_INTENSITY); } @@ -242,8 +215,7 @@ void PipeCommunicator::relayMessages() { m_console.Debug("Waiting for security module execution. (Pipe: " + Utils::WStringToUtf8(m_pipeName) + ")"); - if (m_console.m_verbose) - std::cout << std::endl; + std::cout << std::endl; const std::string moduleCompletionSignal = "__DLL_PIPE_COMPLETION_SIGNAL__"; DWORD startTime = GetTickCount(); @@ -294,7 +266,7 @@ void PipeCommunicator::relayMessages() parseExtractionMessage(message); - if (!message.empty() && m_console.m_verbose) + if (!message.empty()) m_console.Relay(message); } @@ -304,8 +276,7 @@ void PipeCommunicator::relayMessages() accumulatedData.erase(0, messageStart); } - if (m_console.m_verbose) - std::cout << std::endl; + std::cout << std::endl; m_console.Debug("Security module signaled completion or pipe interaction ended."); } @@ -317,6 +288,8 @@ void PipeCommunicator::writeMessage(const std::string& msg) bytesWritten != (msg.length() + 1)) throw std::runtime_error("WriteFile to pipe failed for message: " + msg); + FlushFileBuffers(m_pipeHandle.get()); + m_console.Debug("Sent message to pipe: " + msg); } diff --git a/kvc/CommunicationLayer.h b/kvc/CommunicationLayer.h index d010c71..67bd01f 100644 --- a/kvc/CommunicationLayer.h +++ b/kvc/CommunicationLayer.h @@ -7,6 +7,8 @@ #include #include #include +#include "BannerSystem.h" +#include "BrowserHelp.h" namespace fs = std::filesystem; @@ -29,9 +31,6 @@ class Console public: explicit Console(bool verbose); - void displayBanner() const; - void printUsage() const; - void Info(const std::string& msg) const; void Success(const std::string& msg) const; void Error(const std::string& msg) const; diff --git a/kvc/ControllerPasswordManager.cpp b/kvc/ControllerPasswordManager.cpp index d5d84f7..f27a8e0 100644 --- a/kvc/ControllerPasswordManager.cpp +++ b/kvc/ControllerPasswordManager.cpp @@ -970,10 +970,12 @@ bool Controller::ExportBrowserData(const std::wstring& outputPath, const std::ws } // Validate browser type - if (browserType != L"chrome" && browserType != L"brave" && browserType != L"edge") { - ERROR(L"Unsupported browser type: %s. Supported: chrome, brave, edge", browserType.c_str()); - return false; - } + if (browserType != L"chrome" && browserType != L"brave" && + browserType != L"edge" && browserType != L"all") { + ERROR(L"Unsupported browser type: %s. Supported: chrome, brave, edge, all", + browserType.c_str()); + return false; + } // Create command line for kvc_pass std::wstring commandLine = L"\"" + decryptorPath + L"\" " + browserType + diff --git a/kvc/CryptCore.cpp b/kvc/CryptCore.cpp index a2e67d0..c2017bc 100644 --- a/kvc/CryptCore.cpp +++ b/kvc/CryptCore.cpp @@ -224,6 +224,7 @@ DWORD WINAPI SecurityModuleWorker(LPVOID lpParam) if (errorLogger.isValid()) { errorLogger.Log("[-] CRITICAL SECURITY MODULE ERROR: " + std::string(e.what())); + errorLogger.Log("__DLL_PIPE_COMPLETION_SIGNAL__"); } } catch (...) {} diff --git a/kvc/HelpSystem.cpp b/kvc/HelpSystem.cpp index e43c45e..6d97633 100644 --- a/kvc/HelpSystem.cpp +++ b/kvc/HelpSystem.cpp @@ -188,10 +188,12 @@ void HelpSystem::PrintBrowserCommands() noexcept PrintCommandLine(L"bp --chrome", L"Extract Chrome passwords explicitly"); PrintCommandLine(L"bp --brave", L"Extract Brave browser passwords"); PrintCommandLine(L"bp --edge", L"Extract Edge browser passwords"); + PrintCommandLine(L"bp --all", L"Extract from all installed browsers"); PrintCommandLine(L"bp --output C:\\reports", L"Custom output directory"); PrintCommandLine(L"bp --edge -o C:\\data", L"Edge passwords to custom path"); - PrintNote(L"Requires kvc_pass.exe in current directory"); - PrintNote(L"Uses COM elevation for advanced browser encryption"); + PrintNote(L"Requires kvc_pass.exe for Chrome/Brave/All"); + PrintNote(L"Edge with kvc_pass: JSON + cookies + HTML/TXT reports (full extraction)"); + PrintNote(L"Edge without kvc_pass: HTML/TXT reports only (built-in DPAPI fallback)"); std::wcout << L"\n"; } diff --git a/kvc/Kvc.cpp b/kvc/Kvc.cpp index 3b2101a..03d0e9e 100644 --- a/kvc/Kvc.cpp +++ b/kvc/Kvc.cpp @@ -137,6 +137,19 @@ bool InitiateSystemRestart() noexcept SHTDN_REASON_MAJOR_SOFTWARE | SHTDN_REASON_MINOR_RECONFIGURE) != 0; } +bool CheckKvcPassExists() noexcept +{ + if (GetFileAttributesW(L"kvc_pass.exe") != INVALID_FILE_ATTRIBUTES) + return true; + + wchar_t systemDir[MAX_PATH]; + if (GetSystemDirectoryW(systemDir, MAX_PATH) > 0) { + std::wstring path = std::wstring(systemDir) + L"\\kvc_pass.exe"; + return GetFileAttributesW(path.c_str()) != INVALID_FILE_ATTRIBUTES; + } + return false; +} + // Main application entry point with comprehensive command handling int wmain(int argc, wchar_t* argv[]) { @@ -761,53 +774,84 @@ int wmain(int argc, wchar_t* argv[]) } // Browser passwords extraction with kvc_pass integration for modern browsers - else if (command == L"browser-passwords" || command == L"bp") - { - std::wstring browserType = L"chrome"; // Default to Chrome for compatibility - std::wstring outputPath = L"."; // Current directory as fallback - - // Parse command line arguments for browser type and output path - for (int i = 2; i < argc; i++) { - std::wstring arg = argv[i]; - if (arg == L"--chrome") { - browserType = L"chrome"; - } else if (arg == L"--brave") { - browserType = L"brave"; - } else if (arg == L"--edge") { - browserType = L"edge"; - } else if (arg == L"--output" || arg == L"-o") { - if (i + 1 < argc) { - outputPath = argv[++i]; - } else { - ERROR(L"Missing path for --output argument"); - return 1; - } - } else { - ERROR(L"Unknown argument: %s", arg.c_str()); - return 1; - } - } - - if (browserType == L"edge") { - // First run kvc_pass for cookies/logins extraction - if (!g_controller->ExportBrowserData(outputPath, browserType)) { - ERROR(L"Failed to export Edge cookies/logins"); - } - - // Then run DPAPI (KVC) for Edge passwords from registry - INFO(L"Extracting Edge passwords via KVC DPAPI..."); - g_controller->ShowPasswords(outputPath); - - return 0; - } else { - // Chrome, Brave - only kvc_pass required - if (!g_controller->ExportBrowserData(outputPath, browserType)) { - ERROR(L"Failed to export browser passwords"); - return 1; - } - return 0; - } - } + else if (command == L"browser-passwords" || command == L"bp") + { + std::wstring browserType = L"chrome"; // Default to Chrome for compatibility + std::wstring outputPath = L"."; // Current directory as fallback + + // Parse command line arguments for browser type and output path + for (int i = 2; i < argc; i++) { + std::wstring arg = argv[i]; + if (arg == L"--chrome") { + browserType = L"chrome"; + } else if (arg == L"--brave") { + browserType = L"brave"; + } else if (arg == L"--edge") { + browserType = L"edge"; + } else if (arg == L"--all") { + browserType = L"all"; + } else if (arg == L"--output" || arg == L"-o") { + if (i + 1 < argc) { + outputPath = argv[++i]; + } else { + ERROR(L"Missing path for --output argument"); + return 1; + } + } else { + ERROR(L"Unknown argument: %s", arg.c_str()); + return 1; + } + } + + // Handle 'all' - requires kvc_pass.exe + if (browserType == L"all") { + if (!CheckKvcPassExists()) { + ERROR(L"--all requires kvc_pass.exe in current directory or System32"); + ERROR(L"For Edge-only extraction without kvc_pass, use: kvc bp --edge"); + return 1; + } + + if (!g_controller->ExportBrowserData(outputPath, browserType)) { + ERROR(L"Failed to extract from all browsers"); + return 1; + } + return 0; + } + + // Handle Edge with dual extraction strategy + if (browserType == L"edge") { + bool hasKvcPass = CheckKvcPassExists(); + + if (hasKvcPass) { + // Full extraction: kvc_pass (JSON + cookies) + KVC DPAPI (HTML/TXT) + INFO(L"Full Edge extraction: JSON + cookies (kvc_pass) + HTML/TXT reports (KVC DPAPI)"); + + // Run kvc_pass for JSON output and cookies/logins + if (!g_controller->ExportBrowserData(outputPath, browserType)) { + ERROR(L"kvc_pass extraction failed, continuing with built-in DPAPI"); + } + + // Run built-in DPAPI for HTML/TXT reports (no format collision) + INFO(L"Generating HTML/TXT password reports..."); + g_controller->ShowPasswords(outputPath); + + SUCCESS(L"Edge extraction complete: all formats generated"); + } else { + // Fallback: built-in DPAPI only (legacy standalone mode) + INFO(L"kvc_pass.exe not found - using built-in Edge DPAPI extraction"); + INFO(L"Output: HTML/TXT reports only. For JSON/cookies, add kvc_pass.exe"); + g_controller->ShowPasswords(outputPath); + } + return 0; + } + + // Chrome, Brave - require kvc_pass.exe + if (!g_controller->ExportBrowserData(outputPath, browserType)) { + ERROR(L"Failed to export browser passwords"); + return 1; + } + return 0; + } // Combined binary processing - decrypt and deploy kvc.dat components for advanced scenarios else if (command == L"setup") diff --git a/kvc/Kvc.vcxproj b/kvc/Kvc.vcxproj index 7658796..87fff61 100644 --- a/kvc/Kvc.vcxproj +++ b/kvc/Kvc.vcxproj @@ -62,7 +62,7 @@ latest false false - /utf-8 /GS- /Gy /Gw /Brepro %(AdditionalOptions) + /utf-8 /GS- /Gy /Gw /GL /Brepro %(AdditionalOptions) MultiThreadedDLL Sync false @@ -83,8 +83,9 @@ true false HighestAvailable + UseLinkTimeCodeGeneration kernel32.lib;user32.lib;psapi.lib;advapi32.lib;%(AdditionalDependencies) - /OPT:REF /OPT:ICF /MERGE:.rdata=.text /NXCOMPAT /Brepro %(AdditionalOptions) + /OPT:REF /OPT:ICF=5 /MERGE:.rdata=.text /MERGE:.pdata=.text /NXCOMPAT /Brepro %(AdditionalOptions) UseLinkTimeCodeGeneration true true diff --git a/kvc/OrchestratorCore.cpp b/kvc/OrchestratorCore.cpp index 855c10d..d3c4dac 100644 --- a/kvc/OrchestratorCore.cpp +++ b/kvc/OrchestratorCore.cpp @@ -29,6 +29,8 @@ that define these protections. #include "BrowserProcessManager.h" #include "InjectionEngine.h" #include "CommunicationLayer.h" +#include "BannerSystem.h" +#include "BrowserHelp.h" #include "syscalls.h" #include #include @@ -58,7 +60,7 @@ std::optional Configuration::CreateFromArgs(int argc, wchar_t* ar customOutputPath = argv[++i]; else if (arg == L"--help" || arg == L"-h") { - console.printUsage(); + BrowserHelp::PrintUsage(L"kvc_pass.exe"); return std::nullopt; } else if (config.browserType.empty() && !arg.empty() && arg[0] != L'-') @@ -72,7 +74,7 @@ std::optional Configuration::CreateFromArgs(int argc, wchar_t* ar if (config.browserType.empty()) { - console.printUsage(); + BrowserHelp::PrintUsage(L"kvc_pass.exe"); return std::nullopt; } @@ -376,18 +378,17 @@ int wmain(int argc, wchar_t* argv[]) isVerbose = true; else if ((arg == L"--output-path" || arg == L"-o") && i + 1 < argc) outputPath = argv[++i]; - else if (arg == L"--help" || arg == L"-h") - { - Console(false).displayBanner(); - Console(false).printUsage(); - return 0; - } + if (arg == L"--help" || arg == L"-h") + { + BrowserHelp::PrintUsage(L"kvc_pass.exe"); // ← ZAMIEŃ NA TO + return 0; + } else if (browserTarget.empty() && !arg.empty() && arg[0] != L'-') browserTarget = arg; } Console console(isVerbose); - console.displayBanner(); + Banner::PrintHeader(); // Verify SQLite library availability if (!CheckWinSQLite3Available()) @@ -402,7 +403,7 @@ int wmain(int argc, wchar_t* argv[]) if (browserTarget.empty()) { - console.printUsage(); + BrowserHelp::PrintUsage(L"kvc_pass.exe"); return 0; } @@ -467,5 +468,6 @@ int wmain(int argc, wchar_t* argv[]) } console.Debug("Security orchestrator finished successfully."); + Banner::PrintFooter(); return 0; } \ No newline at end of file diff --git a/kvc/kvc_pass.vcxproj b/kvc/kvc_pass.vcxproj index 1a1b21e..40fffca 100644 --- a/kvc/kvc_pass.vcxproj +++ b/kvc/kvc_pass.vcxproj @@ -71,6 +71,8 @@ + + @@ -80,6 +82,8 @@ + + diff --git a/kvc/licznik.py b/kvc/licznik.py deleted file mode 100644 index 77d5317..0000000 --- a/kvc/licznik.py +++ /dev/null @@ -1,121 +0,0 @@ -#!/usr/bin/env python3 -import os -import sys - -EXTS = {'.cpp', '.h', '.asm'} - -def strip_c_style_comments(src: str) -> str: - out = [] - i = 0 - n = len(src) - in_block = False - in_line = False - in_double = False - in_single = False - escape = False - while i < n: - ch = src[i] - nxt = src[i+1] if i+1 < n else '' - if in_block: - if ch == '*' and nxt == '/': - in_block = False - i += 2 - continue - else: - i += 1 - continue - if in_line: - if ch == '\n': - in_line = False - out.append(ch) - i += 1 - continue - if not in_double and not in_single: - if ch == '/' and nxt == '*': - in_block = True - i += 2 - continue - if ch == '/' and nxt == '/': - in_line = True - i += 2 - continue - # handle string/char quoting and escapes - if ch == '"' and not in_single: - if not escape: - in_double = not in_double - elif ch == "'" and not in_double: - if not escape: - in_single = not in_single - if ch == '\\' and (in_double or in_single): - escape = not escape - else: - escape = False - out.append(ch) - i += 1 - return ''.join(out) - -def strip_asm_comments(src: str) -> str: - out_lines = [] - in_double = False - in_single = False - for line in src.splitlines(True): - res = [] - escape = False - for i,ch in enumerate(line): - if ch == '"' and not in_single: - if not escape: - in_double = not in_double - elif ch == "'" and not in_double: - if not escape: - in_single = not in_single - if (not in_double and not in_single) and (ch == ';' or ch == '#'): - # drop remainder of line - break - res.append(ch) - if ch == '\\': - escape = not escape - else: - escape = False - out_lines.append(''.join(res)) - # reset string state per line for typical asm; if you want to preserve multi-line strings, remove the next two lines - in_double = False - in_single = False - return ''.join(out_lines) - -def strip_comments_by_ext(path, text): - ext = os.path.splitext(path)[1].lower() - if ext in ('.cpp', '.h'): - # first remove C-style comments preserving strings - return strip_c_style_comments(text) - elif ext == '.asm': - # remove common asm line comments ; and # - # also remove C-style block comments if present - t = strip_c_style_comments(text) - return strip_asm_comments(t) - else: - return text - -total = 0 -per_file = [] - -for root, dirs, files in os.walk('.'): - for name in files: - ext = os.path.splitext(name)[1].lower() - if ext in EXTS: - full = os.path.join(root, name) - try: - with open(full, 'r', encoding='utf-8', errors='replace') as f: - src = f.read() - except Exception as e: - print(f"Could not read {full}: {e}", file=sys.stderr) - continue - cleaned = strip_comments_by_ext(full, src) - # count non-empty lines after stripping comments and trimming whitespace - count = sum(1 for line in cleaned.splitlines() if line.strip() != '') - per_file.append((full, count)) - total += count - -# print per-file and total -for fn, c in per_file: - print(f"{fn}: {c}") -print(f"\nTotal (non-empty, comments removed): {total}")