[Tool] Password recovery.

TyranO · #1 12-12-2008, 06:38 AM

This will tell your password for the account selected in the login screen.

This is pretty useless. The only use it could have is that if you have your BF2 password saved and hidden with * chars and that you are changing computers and that you forgot your password, then you can recover it. Of course you could tell gamespy to send you an email, but if you also forgot your email or email password, then you're saved.

Also, this is open-source.

I searched strings for the password until I found the "right" offset. It was static so it wasn't hard at all.

Source:

Quote:

#include <windows.h>
#include <iostream>
#include <Tlhelp32.h>
#include "colors.cpp"

using namespace std;

DWORD GetPID (char* proc);
void EnableDebugPriv();
DWORD GetDLL (char* DllName, DWORD tPid);

int main(int argc, char *argv[])
{
SetColor(-1,1);
ClearConsole();

SetColor(7);
cout <<" |||||||||||||||||||||||||||||||||||||||||||||||||| ||\n";
SetColor(-21);
cout << " ~ TyranO's Battlefield 2 Pass Recover for BF2 1.41 ~\n";
SetColor(7);
cout <<" |||||||||||||||||||||||||||||||||||||||||||||||||| ||\n" << endl;
SetColor(11);

SetConsoleTitle("BF2 password Recovery");

if(GetPID("BF2.exe") == 0)
{
SetColor(-4);
cout << "BF2 was not found." << endl << endl;
SetColor(-1);
system("Pause");
exit(0);
}
else
{
SetColor(-1);
cout << "Select or log in the account from which you want to recover the password." << endl << endl;
DWORD Address = 36977564;
DWORD Buffer = 0;
SIZE_T BytesRead = 0;
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, GetPID("BF2.exe"));
EnableDebugPriv();
for(;;)

{
char Name[20];
Name[19] = 0;

for( unsigned int i = 0; i < 19; i++ )
{
ReadProcessMemory( hProc, (LPVOID)( Address + i ), &Buffer, 1, &BytesRead );
Name[i] = Buffer;
}
SetColor(10);
cout << "Your current password is: ";
SetColor(-20);
cout << Name << endl << endl;
SetColor(-1);
system("Pause");
cout << endl;

}
}
}

// Get PID for process (proc).
DWORD GetPID (char* proc)
{
BOOL working=0;
PROCESSENTRY32 lppe= {0};
DWORD targetPid=0;
HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROC ESS ,0);

if (hSnapshot)
{
lppe.dwSize=sizeof(lppe);
working=Process32First(hSnapshot,&lppe);
while (working)
{
if (_stricmp(lppe.szExeFile,proc)==0)
{
targetPid=lppe.th32ProcessID;
break;
}
working=Process32Next(hSnapshot,&lppe);
}
}

CloseHandle( hSnapshot );
return targetPid;
}

// Debug Priviledges.
void EnableDebugPriv()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
OpenProcessToken( GetCurrentProcess( ), TOKEN_ADJUST_PRIVILEGES |TOKEN_QUERY, &hToken );
LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue );
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );
CloseHandle( hToken );
}

// DLL Base (6F).
DWORD GetDLL(char* DllName, DWORD tPid)
{
HANDLE snapMod;
MODULEENTRY32 me32;

if (tPid == 0) return 0;
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);
me32.dwSize = sizeof(MODULEENTRY32);

if (Module32First(snapMod, &me32)){
do{
if (strcmp(DllName,me32.szModule) == 0){
CloseHandle(snapMod);
return (DWORD) me32.modBaseAddr;
}
}while(Module32Next(snapMod,&me32));
}

CloseHandle(snapMod);
return 0;

}

colors.cpp:

Quote:

//This will clear the console.
void ClearConsole()
{
//Get the handle to the current output buffer...
HANDLE hStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
//This is used to reset the carat/cursor to the top left.
COORD coord = {0, 0};
//A return value... indicating how many chars were written
// not used but we need to capture this since it will be
// written anyway (passing NULL causes an access violation).
DWORD count;
//This is a structure containing all of the console info
// it is used here to find the size of the console.
CONSOLE_SCREEN_BUFFER_INFO csbi;
//Here we will set the current color
if(GetConsoleScreenBufferInfo(hStdOut, &csbi))
{
//This fills the buffer with a given character (in this case 32=space).
FillConsoleOutputCharacter(hStdOut, (TCHAR) 32, csbi.dwSize.X * csbi.dwSize.Y, coord, &count);
FillConsoleOutputAttribute(hStdOut, csbi.wAttributes, csbi.dwSize.X * csbi.dwSize.Y, coord, &count );
//This will set our cursor position for the next print statement.
SetConsoleCursorPosition(hStdOut, coord);
}
return;
}

//This will set the forground color for printing in a console window.
void SetColor(int ForgC)
{
WORD wColor;
//We will need this handle to get the current background attribute
HANDLE hStdOut = GetStdHandle(STD_OUTPUT_HANDLE);
CONSOLE_SCREEN_BUFFER_INFO csbi;

//We use csbi for the wAttributes word.
if(GetConsoleScreenBufferInfo(hStdOut, &csbi))
{
//Mask out all but the background attribute, and add in the forgournd color
wColor = (csbi.wAttributes & 0xF0) + (ForgC & 0x0F);
SetConsoleTextAttribute(hStdOut, wColor);
}
return;
}

MaRcDk · #2 02-26-2009, 05:02 PM

No comments.. sorry for my rude language.. but.. WHAT THE F*CK?

Come on guys, he clearly deservs some comments for this..

+ rep Tyrano, i'm sorry i didn't see this until now

claire9090 · #3 02-26-2009, 05:33 PM

Very Nice !!

! :>

Serverman · #4 02-26-2009, 07:15 PM

I didnt see this either

And thanks XD I've forgotten my pass XD Only reason i can still play is because of auto-login XD (Do you have one for BF2142 too?

)

willard · #5 03-10-2009, 04:45 AM

It says 'BF2 not found' for me

ltkropf · #6 04-09-2009, 08:43 PM

BF2 not found message