Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

question about versions #1

Open
goldeneye5599 opened this issue Aug 1, 2023 · 4 comments
Open

question about versions #1

goldeneye5599 opened this issue Aug 1, 2023 · 4 comments

Comments

@goldeneye5599
Copy link

I tested it on Telegram version 4.8.10 x64 but it doesn't work,
I guess it shouldn't anyway because the address will be different anyway.

I'm trying to update your code to latest version, but I'm not sure if in the latest version
it works differently in a way that the telegram data encrypted and the key derived from the passcode itself so it will be impossible in the same way like you did by just changing the condition of the check.
tried to look over telegram desktop source code and it looks like the data is encrypted and the key derived from it.
do you have idea about that?
@ardabada
Copy link
Owner

ardabada commented Aug 3, 2023

you should find the address where the jump to unlock function is performed. kind of:
if (passcode == expected) { unlock(); //find this address }
then you can find the address where the function is referenced and do the injection in that jump instruction. i found that address by pure debugging so it took some time. in another versio of telegram the address is different, as you have noticed. either you debug telegram app and find the address or you take a look on imports/exports segment of the executable and find the address of relevant function. at least that what comes to mind for now

@goldeneye5599
Copy link
Author

@ardabada
But per the source code of Telegram desktop, in latest versions the unlock is actually decrypt to files using crypto key which derived from the passcode itself
So you can't just jump to the unlock because it will not unlock without the correct password
that's what I'm trying to check with you if you have idea about that

@ardabada
Copy link
Owner

ardabada commented Aug 4, 2023
edited
Loading

@goldeneye5599 you need to change this instruction https://github.com/telegramdesktop/tdesktop/blob/dev/Telegram/SourceFiles/storage/storage_domain.cpp#L250 so instead of equals you make it not equals
the only thing is you have to find address of that method and then change the jump instruction

@goldeneye5599
Copy link
Author

I think that it's decrypt the data of telegram using the passcode but I'm not sure.
I tried to find the address of this function with x64dbg but havn't found, does it help that I have the source code?
do you have idea how can I find it? tried to debug the screen of the passcode, but it looks like it's works with event loop or something like that, hard to find the logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ardabada @goldeneye5599