How to get session information? about telegram-desktop-decrypt HOT 14 OPEN

The map file does not have this info. You can use the bulkdecrypt to look in UserSettings, but I don't think the auth_key will be there. There is also the settings1 file, I don't remember what kind of information it stores. This tool decrypts it, but does not parse it.

from telegram-desktop-decrypt.

Hmmm.. To auth into telegram desktop app need this two files (no less or more). I think they must contain login info. I already tried to find auth_key in bulkdecrypt but seems there only user settings no auth data. Can you give me some links to tdata structure information? Maybe you know where i need to look.

from telegram-desktop-decrypt.

https://github.com/telegramdesktop/tdesktop/blob/dev/Telegram/SourceFiles/storage/localstorage.cpp

from telegram-desktop-decrypt.

Hi.
My question is how to change local passcode in map[0-1] by replacing some values in this file.
Because if by using JTP we can get the hash of this maybe it can be replaced in the editor.
Is there any chance to do it?

from telegram-desktop-decrypt.

from telegram-desktop-decrypt.

John The Ripper is the Kali Linux tool to get the passcode's hash from the tdata folder.
If you launch the program It says that the hash loaded from map[0-1] file.
That's why I am asking if it is possible to change it.

from telegram-desktop-decrypt.

And could you explain how your program decrypts the files from tdata.
Because I failed in trying to do that.

from telegram-desktop-decrypt.

Following the bulk decrypt steps:
It parse the streams at the map[0,1] file with tdata.ReadRawTDF(f), checking the checksum too;

Then the function encrypted.ReadEMap(rawtdf) assumes the 3 streams belong to a encrypted map, and are: Salt, KeyEncrypted, and MapEncrypted.

emap.Decrypt(password) calls
emap.GetKey(password), that calls
passkey := decrypt.CreateLocalKey([]byte(password), t.Salt)
and then
localkey, err := decrypt.DecryptLocal(t.KeyEncrypted, passkey)

So decrypt.CreateLocalKey does the main job, creating a passkey from a password and a salt. If all goes well, that passkey can decrypt the t.KeyEncrypted, which is the middle stream in the map[0,1] file. When decrypted, this middle stream is the localkey, which can be viewed with the "map getkey" options of telegram-desktop-decrypt.

Maybe the key that JTR gives you is this passkey, that can decrypt the middle stream, or it may be the localkey, I don't know.

The MapEncrypted stream just contains a list of type-cache_filename pairs. These files are decrypted using the localkey. The map list the type of the file, which is important only to parse the data, but does not affect decryption.

from telegram-desktop-decrypt.

I need to find this passcode in Telegram Desktop, which is stored in the map[0-1] file.

I don't have any idea about the length of the password, which characters it contains and the strength of it.
Is there any chance to find out it with your tool or maybe replace it in the map[0-1] file with the simplest one (ex. 1234).

Because whenever I run your script it shows me Wrong map key error etc.

from telegram-desktop-decrypt.

No, the tool is only able to extract something if you have the password, or if the password was never set. It does not crack anything.

from telegram-desktop-decrypt.

@SH659
Hi! Have you been able to extract the auth_key?

from telegram-desktop-decrypt.

@SH659
Hi! Have you been able to extract the auth_key?

No :(

from telegram-desktop-decrypt.

Hi! Have you been able to extract the auth_key?

from telegram-desktop-decrypt.

Hi! Have you been able to extract the auth_key?

from telegram-desktop-decrypt.