Samuirai · October 22, 2012 21:01
diff --git a/dump_key.c b/dump_key.c
 #include <stdio.h> 
 #include <stdlib.h> 
 #include <string.h>
 #include <mach/mach.h> 
 #include <mach/mach_vm.h>  


 int main(int argc, char **argv) { 

    int i,j;
    kern_return_t kr; pid_t pid; 
    mach_port_t target_task; 
    mach_vm_address_t address; 
    mach_vm_size_t size = (mach_vm_size_t)vm_page_size; 
    vm_offset_t local_address; 
    mach_msg_type_number_t local_size = vm_page_size;  
    if (argc != 2) { 
        fprintf(stderr, "usage: %s <gw2 pid>\n", argv[0]); exit(1); 
    } 

    pid = atoi(argv[1]); 

    kr = task_for_pid(mach_task_self(), pid, &target_task); 
    if (kr != KERN_SUCCESS) { printf("task_for_pid failed. Probably not enough rights. Please retry with sudo.\n"); exit(kr); }  


    printf("Guild Wars 2 search for session key on OSX.\nwww.smrrd.de\n\n");

    vm_region_basic_info_data_64_t regionInfo;
    mach_msg_type_number_t infoCount = VM_REGION_BASIC_INFO_COUNT_64;
    mach_port_t objectName = MACH_PORT_NULL;
    char *search_string = "session_key=";

    printf("start sarching inside the memory regions:\n");
    while(mach_vm_region(target_task, &address, &size, VM_REGION_BASIC_INFO_64, (vm_region_info_t)&regionInfo, &infoCount, &objectName) == KERN_SUCCESS) {

        if ((regionInfo.protection & VM_PROT_READ)) {

            kr = mach_vm_read(target_task, address, size, &local_address, &local_size); 

            if(kr==KERN_SUCCESS) { // Address can be read

                printf("search [0x%x] - [0x%x]\n",(unsigned int)address,(unsigned int)address+local_size);
                for(i=0; i<size-1; ++i) { // go through whole memory        
                    j=0;
                    for(;;) { // search for the session_key string
                            if((*(char *)(local_address+i+j)) != search_string[j]) { break; }

                            if(j>=strlen(search_string)-1) { // if we found the whole string
                                char c;
                                j=0;
                                printf("Found it. Stop searching.\n\n");
                                // print the key. 
                                while((c=*(char *)(local_address+i+j)) != '&' && (c=*(char *)(local_address+i+j)) != '\0'){
                                    printf("%c",*(char *)(local_address+i+j));
                                    j+=1;
                                }
                                printf("\n\n");
                                printf("code by smrrd.de\n");
                                exit(0);
                            }
                            j++;
                        }
                }
            }

        } else {
            // Invalid Address
            //printf("[%x] invalid\n",address);
        }
        address += size;
    }
    printf("It seems there is nothing in the memory that looks like the session key. Maybe it's the wrong process?\n");
    exit(1);
 }
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <mach/mach.h>
	#include <mach/mach_vm.h>


	int main(int argc, char **argv) {

	int i,j;
	kern_return_t kr; pid_t pid;
	mach_port_t target_task;
	mach_vm_address_t address;
	mach_vm_size_t size = (mach_vm_size_t)vm_page_size;
	vm_offset_t local_address;
	mach_msg_type_number_t local_size = vm_page_size;
	if (argc != 2) {
	fprintf(stderr, "usage: %s <gw2 pid>\n", argv[0]); exit(1);
	}

	pid = atoi(argv[1]);

	kr = task_for_pid(mach_task_self(), pid, &target_task);
	if (kr != KERN_SUCCESS) { printf("task_for_pid failed. Probably not enough rights. Please retry with sudo.\n"); exit(kr); }


	printf("Guild Wars 2 search for session key on OSX.\nwww.smrrd.de\n\n");

	vm_region_basic_info_data_64_t regionInfo;
	mach_msg_type_number_t infoCount = VM_REGION_BASIC_INFO_COUNT_64;
	mach_port_t objectName = MACH_PORT_NULL;
	char *search_string = "session_key=";

	printf("start sarching inside the memory regions:\n");
	while(mach_vm_region(target_task, &address, &size, VM_REGION_BASIC_INFO_64, (vm_region_info_t)&regionInfo, &infoCount, &objectName) == KERN_SUCCESS) {

	if ((regionInfo.protection & VM_PROT_READ)) {

	kr = mach_vm_read(target_task, address, size, &local_address, &local_size);

	if(kr==KERN_SUCCESS) { // Address can be read

	printf("search [0x%x] - [0x%x]\n",(unsigned int)address,(unsigned int)address+local_size);
	for(i=0; i<size-1; ++i) { // go through whole memory
	j=0;
	for(;;) { // search for the session_key string
	if(((char )(local_address+i+j)) != search_string[j]) { break; }

	if(j>=strlen(search_string)-1) { // if we found the whole string
	char c;
	j=0;
	printf("Found it. Stop searching.\n\n");
	// print the key.
	while((c=(char )(local_address+i+j)) != '&' && (c=(char )(local_address+i+j)) != '\0'){
	printf("%c",(char )(local_address+i+j));
	j+=1;
	}
	printf("\n\n");
	printf("code by smrrd.de\n");
	exit(0);
	}
	j++;
	}
	}
	}

	} else {
	// Invalid Address
	//printf("[%x] invalid\n",address);
	}
	address += size;
	}
	printf("It seems there is nothing in the memory that looks like the session key. Maybe it's the wrong process?\n");
	exit(1);
	}