How to get session information? #2
Comments
|
The map file does not have this info. You can use the bulkdecrypt to look in UserSettings, but I don't think the auth_key will be there. There is also the settings1 file, I don't remember what kind of information it stores. This tool decrypts it, but does not parse it. |
|
Hmmm.. To auth into telegram desktop app need this two files (no less or more). I think they must contain login info. I already tried to find auth_key in bulkdecrypt but seems there only user settings no auth data. Can you give me some links to tdata structure information? Maybe you know where i need to look. |
|
Hi. |
|
I've never heard about the local passcode or the JTP...
But I don`t think they are at the map file. Maybe in the settings[0-1] file
or in the encrypted userSetting.
…On Fri, Aug 16, 2019 at 8:10 AM ZX-zedex ***@***.***> wrote:
Hi.
My question is how to change local passcode in map[0-1] by replacing some
values in this file.
Because if by using JTP we can get the hash of this maybe it can be
replaced in the editor.
Is there any chance to do it?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2?email_source=notifications&email_token=AACTTMYTFDAZDES7AKXPJQ3QE2DK7A5CNFSM4IK4CZFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4OLC7Q#issuecomment-521974142>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AACTTM4GVUOR2HCQ7OIAMJ3QE2DK7ANCNFSM4IK4CZFA>
.
|
|
John The Ripper is the Kali Linux tool to get the passcode's hash from the tdata folder. |
|
And could you explain how your program decrypts the files from tdata. |
|
Following the bulk decrypt steps: Then the function encrypted.ReadEMap(rawtdf) assumes the 3 streams belong to a encrypted map, and are: Salt, KeyEncrypted, and MapEncrypted. emap.Decrypt(password) calls So decrypt.CreateLocalKey does the main job, creating a passkey from a password and a salt. If all goes well, that passkey can decrypt the t.KeyEncrypted, which is the middle stream in the map[0,1] file. When decrypted, this middle stream is the localkey, which can be viewed with the "map getkey" options of telegram-desktop-decrypt. Maybe the key that JTR gives you is this passkey, that can decrypt the middle stream, or it may be the localkey, I don't know. The MapEncrypted stream just contains a list of type-cache_filename pairs. These files are decrypted using the localkey. The map list the type of the file, which is important only to parse the data, but does not affect decryption. |
|
I need to find this passcode in Telegram Desktop, which is stored in the map[0-1] file.
I don't have any idea about the length of the password, which characters it contains and the strength of it. Because whenever I run your script it shows me Wrong map key error etc. |
|
No, the tool is only able to extract something if you have the password, or if the password was never set. It does not crack anything. |
|
@SH659 |
No :( |
|
Hi! Have you been able to extract the auth_key? |
1 similar comment
|
Hi! Have you been able to extract the auth_key? |
I want to convert
tdata\D877F783D5D3EF8C\map[0-1]
tdata\D877F783D5D3EF8C[0-1]
files to another format that i can use.
At least I need to get auth_key from this files.
Is there any way to do it?
The text was updated successfully, but these errors were encountered: