commit bc350ff36ad08bc04b3e44d7fa78a035c324eee6
Author: _ <>
Date: Sun Nov 1 22:08:10 2020 -0700
Initial commit
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..1ff0c42
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,63 @@
+###############################################################################
+# Set default behavior to automatically normalize line endings.
+###############################################################################
+* text=auto
+
+###############################################################################
+# Set default behavior for command prompt diff.
+#
+# This is need for earlier builds of msysgit that does not have it on by
+# default for csharp files.
+# Note: This is only used by command line
+###############################################################################
+#*.cs diff=csharp
+
+###############################################################################
+# Set the merge driver for project and solution files
+#
+# Merging from the command prompt will add diff markers to the files if there
+# are conflicts (Merging from VS is not affected by the settings below, in VS
+# the diff markers are never inserted). Diff markers may cause the following
+# file extensions to fail to load in VS. An alternative would be to treat
+# these files as binary and thus will always conflict and require user
+# intervention with every merge. To do so, just uncomment the entries below
+###############################################################################
+#*.sln merge=binary
+#*.csproj merge=binary
+#*.vbproj merge=binary
+#*.vcxproj merge=binary
+#*.vcproj merge=binary
+#*.dbproj merge=binary
+#*.fsproj merge=binary
+#*.lsproj merge=binary
+#*.wixproj merge=binary
+#*.modelproj merge=binary
+#*.sqlproj merge=binary
+#*.wwaproj merge=binary
+
+###############################################################################
+# behavior for image files
+#
+# image files are treated as binary by default.
+###############################################################################
+#*.jpg binary
+#*.png binary
+#*.gif binary
+
+###############################################################################
+# diff behavior for common document formats
+#
+# Convert binary document formats to text before diffing them. This feature
+# is only available from the command line. Turn it on by uncommenting the
+# entries below.
+###############################################################################
+#*.doc diff=astextplain
+#*.DOC diff=astextplain
+#*.docx diff=astextplain
+#*.DOCX diff=astextplain
+#*.dot diff=astextplain
+#*.DOT diff=astextplain
+#*.pdf diff=astextplain
+#*.PDF diff=astextplain
+#*.rtf diff=astextplain
+#*.RTF diff=astextplain
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4ce6fdd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,340 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!?*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+*- Backup*.rdl
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# JetBrains Rider
+.idea/
+*.sln.iml
+
+# CodeRush personal settings
+.cr/personal
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# Local History for Visual Studio
+.localhistory/
+
+# BeatPulse healthcheck temp database
+healthchecksdb
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..2bd9456
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,7 @@
+Copyright (c) 2020 @ProfessorTox (_)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..137bd94
--- /dev/null
+++ b/README.md
@@ -0,0 +1,29 @@
+# SpotifyKeyDumper
+### By [@ProfessorTox](https://twitter.com/ProfessorTox)
+Dump AES keys for Spotify songs from a compatible Windows Spotify version (compatibility listed below).
+
+![Screenshot Example](./screenshot_example.png)
+
+## Using
+1. Make sure `SpotifyKeyDumperInjector.exe` and `SpotifyKeyDumper.dll` are located in the same folder as Spotify (`Spotify.exe`).
+2. Start SpotifyKeyDumperInjector either before or after launching Spotify.
+
+## Building
+This project uses C++14 on Visual Studio 2019
+
+## Compatibility
+* 1.1.25
+* 1.1.26
+* 1.1.27
+* 1.1.30
+* 1.1.44
+* 1.1.45
+
+If you want a specific version, DM me.
+
+## Notes
+* Tools used for research: IDA Pro, Ghidra, and Cheat Engine
+* **This program was created for educational purposes. It is not intended to be used otherwise**
+
+## License
+The MIT License (MIT)
\ No newline at end of file
diff --git a/SpotifyKeyDumper.sln b/SpotifyKeyDumper.sln
new file mode 100644
index 0000000..86101db
--- /dev/null
+++ b/SpotifyKeyDumper.sln
@@ -0,0 +1,41 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30330.147
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SpotifyKeyDumper", "SpotifyKeyDumper\SpotifyKeyDumper.vcxproj", "{E6674E55-3CF4-45E4-A22F-7E257BCEA583}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SpotifyKeyDumperInjector", "SpotifyKeyDumperInjector\SpotifyKeyDumperInjector.vcxproj", "{8B27E6F4-E0BD-4ECB-9E19-27801E43F988}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Debug|x86 = Debug|x86
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x64.ActiveCfg = Debug|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x64.Build.0 = Debug|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x86.ActiveCfg = Debug|Win32
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x86.Build.0 = Debug|Win32
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x64.ActiveCfg = Release|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x64.Build.0 = Release|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x86.ActiveCfg = Release|Win32
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x86.Build.0 = Release|Win32
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Debug|x64.ActiveCfg = Debug|x64
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Debug|x64.Build.0 = Debug|x64
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Debug|x86.ActiveCfg = Debug|Win32
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Debug|x86.Build.0 = Debug|Win32
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Release|x64.ActiveCfg = Release|x64
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Release|x64.Build.0 = Release|x64
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Release|x86.ActiveCfg = Release|Win32
+ {8B27E6F4-E0BD-4ECB-9E19-27801E43F988}.Release|x86.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {2AF2F633-D558-412B-9CFF-184E0AE9BB7A}
+ EndGlobalSection
+EndGlobal
diff --git a/SpotifyKeyDumper/Hooks.cpp b/SpotifyKeyDumper/Hooks.cpp
new file mode 100644
index 0000000..7eec87f
--- /dev/null
+++ b/SpotifyKeyDumper/Hooks.cpp
@@ -0,0 +1,149 @@
+#include "pch.h"
+#include "Utils.h"
+#include "Hooks.h"
+
+typedef int(__cdecl* keyToLE_v25)(unsigned int* dest, int* key, int bits);
+keyToLE_v25 keyToLEFunc_v25_hook = nullptr;
+
+typedef int(__cdecl* keyToLE_v30)(unsigned int* dest, int* key, int bits, bool isEncoded);
+keyToLE_v30 keyToLEFunc_v30_hook = nullptr;
+
+std::string prevKeyStr = std::string();
+
+int __cdecl keyToLE_hook_v25(unsigned int* dest, int* key, int bits)
+{
+ if (bits == 128)
+ {
+ BYTE keyBuffer[16];
+ BYTE* keyBufPtr = keyBuffer;
+ memcpy(keyBufPtr, key, 16);
+
+ // Only print out key if it is different
+ std::string newKeyStr = Utils::HexString(keyBufPtr, 16);
+ if (newKeyStr.compare(prevKeyStr) != 0)
+ std::cout << "Key: " << newKeyStr << std::endl << std::endl;
+
+ prevKeyStr = newKeyStr;
+ }
+
+ return keyToLEFunc_v25_hook(dest, key, bits);
+}
+
+int __cdecl keyToLE_hook_v30(unsigned int* dest, int* key, int bits, bool isEncoded)
+{
+ //std::cout << "TEST" << std::endl;
+
+ if (bits == 128)
+ {
+ void* decodedKeyPtr = key;
+
+ if (isEncoded)
+ {
+ // key is encoded with some sort of algorithm; decode it here
+
+ unsigned int keyDecoded[4];
+ unsigned int uVar1;
+ unsigned int keyPtr;
+ unsigned int uVar3;
+ int index;
+
+ keyPtr = *key;
+ index = 15;
+ uVar3 = key[1];
+ keyDecoded[0] = key[2];
+ keyDecoded[1] = key[3];
+ keyDecoded[2] = key[4];
+ keyDecoded[3] = key[5];
+
+ do
+ {
+ uVar1 = keyDecoded[index - 1 & 3];
+ keyDecoded[index & 3] =
+ keyDecoded[index & 3] +
+ (((((uVar1 + index + keyPtr & uVar1 * 16 + uVar3) * 2 + uVar1 * -17) -
+ index) - uVar3) - keyPtr);
+ index = index - 1;
+ }
+ while (index >= 0);
+
+ decodedKeyPtr = &keyDecoded;
+ }
+
+ // Copy key bytes to new buffer
+ unsigned char keyBuffer[16];
+ unsigned char* keyBufPtr = keyBuffer;
+ memcpy(keyBufPtr, decodedKeyPtr, 16);
+
+ // Only print out key if it is different
+ std::string newKeyStr = Utils::HexString(keyBufPtr, 16);
+ if (newKeyStr.compare(prevKeyStr) != 0)
+ std::cout << "Key: " << newKeyStr << std::endl << std::endl;
+
+ prevKeyStr = newKeyStr;
+ }
+
+ return keyToLEFunc_v30_hook(dest, key, bits, isEncoded);
+}
+
+char* GetAddrV26()
+{
+ BYTE ref_v19 = 0x55;
+ BYTE* byteAtAddrStr = (BYTE*)0x010800C0;
+
+ // Byte at byteAtAddr in 1.1.26-19 is 0x55
+ if (*byteAtAddrStr == ref_v19)
+ return (char*)0x010800C0;
+ else
+ return (char*)0x0107FEC0;
+}
+
+char* GetAddrV27()
+{
+ BYTE ref_v7 = 0x55;
+ BYTE* byteAtAddrStr = (BYTE*)0x01068F90;
+
+ // Byte at byteAtAddr in 1.1.26-19 is 0x55
+ if (*byteAtAddrStr == ref_v7)
+ return (char*)0x01068F90;
+ else
+ return (char*)0x01068F20;
+}
+
+
+void Hooks::Init()
+{
+ int spotifyVer = Utils::GetSpotifyVersion();
+
+ // Method is stripped from Release build if this isn't here :/
+ std::cout << "Spotify version: " << Utils::GetSpotifyVersion() << std::endl;
+
+ switch (spotifyVer)
+ {
+ case 25:
+ keyToLEFunc_v25_hook = (keyToLE_v25)Utils::TrampHook32((char*)0x0106B920, (char*)keyToLE_hook_v25, 6);
+ break;
+ case 26:
+ // Two 1.1.26 versions
+ keyToLEFunc_v25_hook = (keyToLE_v25)Utils::TrampHook32(GetAddrV26(), (char*)keyToLE_hook_v25, 6);
+ break;
+ case 27:
+ // Two 1.1.27 versions
+ keyToLEFunc_v25_hook = (keyToLE_v25)Utils::TrampHook32(GetAddrV27(), (char*)keyToLE_hook_v25, 6);
+ break;
+ /*case 28:
+ //keyToLEFunc_v25_hook = (keyToLE_v25)Utils::TrampHook32((char*)0x0106B920, (char*)keyToLE_hook_v25, 6);
+ break;
+ case 29:
+ //keyToLEFunc_v25_hook = (keyToLE_v25)Utils::TrampHook32((char*)0x0106B920, (char*)keyToLE_hook_v25, 6);
+ break;*/
+ case 30:
+ keyToLEFunc_v30_hook = (keyToLE_v30)Utils::TrampHook32((char*)0x0108E840, (char*)keyToLE_hook_v30, 6);
+ break;
+ case 44:
+ keyToLEFunc_v30_hook = (keyToLE_v30)Utils::TrampHook32((char*)0x010CABC0, (char*)keyToLE_hook_v30, 6);
+ break;
+ case 45:
+ keyToLEFunc_v30_hook = (keyToLE_v30)Utils::TrampHook32((char*)0x010CF780, (char*)keyToLE_hook_v30, 6);
+ break;
+ }
+}
\ No newline at end of file
diff --git a/SpotifyKeyDumper/Hooks.h b/SpotifyKeyDumper/Hooks.h
new file mode 100644
index 0000000..f3efd6e
--- /dev/null
+++ b/SpotifyKeyDumper/Hooks.h
@@ -0,0 +1,7 @@
+#pragma once
+class Hooks
+{
+public:
+ static void Init();
+};
+
diff --git a/SpotifyKeyDumper/SpotifyKeyDumper.cpp b/SpotifyKeyDumper/SpotifyKeyDumper.cpp
new file mode 100644
index 0000000..20f9d6d
--- /dev/null
+++ b/SpotifyKeyDumper/SpotifyKeyDumper.cpp
@@ -0,0 +1,27 @@
+#include "pch.h"
+#include "Hooks.h"
+
+static const char* VERSION = "0.1";
+
+DWORD WINAPI InitMain(LPVOID lpParam)
+{
+ AllocConsole();
+ FILE* fDummy;
+ freopen_s(&fDummy, "CONIN$", "r", stdin);
+ freopen_s(&fDummy, "CONOUT$", "w", stderr);
+ freopen_s(&fDummy, "CONOUT$", "w", stdout);
+
+ std::cout << "SpotifyKeyDumper v" << VERSION << std::endl << std::endl;
+
+ Hooks::Init();
+
+ return 0;
+}
+
+BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwAttached, LPVOID lpvReserved)
+{
+ if (dwAttached == DLL_PROCESS_ATTACH)
+ CreateThread(NULL, 0, &InitMain, NULL, 0, NULL);
+
+ return 1;
+}
diff --git a/SpotifyKeyDumper/SpotifyKeyDumper.sln b/SpotifyKeyDumper/SpotifyKeyDumper.sln
new file mode 100644
index 0000000..ff7a13c
--- /dev/null
+++ b/SpotifyKeyDumper/SpotifyKeyDumper.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30330.147
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SpotifyKeyDumper", "SpotifyKeyDumper.vcxproj", "{E6674E55-3CF4-45E4-A22F-7E257BCEA583}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Debug|x86 = Debug|x86
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x64.ActiveCfg = Debug|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x64.Build.0 = Debug|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x86.ActiveCfg = Debug|Win32
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Debug|x86.Build.0 = Debug|Win32
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x64.ActiveCfg = Release|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x64.Build.0 = Release|x64
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x86.ActiveCfg = Release|Win32
+ {E6674E55-3CF4-45E4-A22F-7E257BCEA583}.Release|x86.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {2AF2F633-D558-412B-9CFF-184E0AE9BB7A}
+ EndGlobalSection
+EndGlobal
diff --git a/SpotifyKeyDumper/SpotifyKeyDumper.vcxproj b/SpotifyKeyDumper/SpotifyKeyDumper.vcxproj
new file mode 100644
index 0000000..1d2f96b
--- /dev/null
+++ b/SpotifyKeyDumper/SpotifyKeyDumper.vcxproj
@@ -0,0 +1,175 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ x64
+
+
+
+ 16.0
+ Win32Proj
+ {e6674e55-3cf4-45e4-a22f-7e257bcea583}
+ SpotifyKeyDumper
+ 10.0
+
+
+
+ DynamicLibrary
+ true
+ v142
+ Unicode
+
+
+ DynamicLibrary
+ false
+ v142
+ true
+ Unicode
+
+
+ DynamicLibrary
+ true
+ v142
+ Unicode
+
+
+ DynamicLibrary
+ false
+ v142
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ false
+
+
+ true
+
+
+ false
+
+
+
+ Level3
+ true
+ WIN32;_DEBUG;SPOTIFYKEYDUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ Use
+ pch.h
+
+
+ Windows
+ true
+ false
+
+
+
+
+ Level3
+ true
+ true
+ true
+ WIN32;NDEBUG;SPOTIFYKEYDUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ Use
+ pch.h
+ true
+ Speed
+
+
+ Windows
+ true
+ true
+ true
+ false
+
+
+
+
+ Level3
+ true
+ _DEBUG;SPOTIFYKEYDUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ Use
+ pch.h
+
+
+ Windows
+ true
+ false
+
+
+
+
+ Level3
+ true
+ true
+ true
+ NDEBUG;SPOTIFYKEYDUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ Use
+ pch.h
+
+
+ Windows
+ true
+ true
+ true
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ Create
+ Create
+ Create
+ Create
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/SpotifyKeyDumper/SpotifyKeyDumper.vcxproj.filters b/SpotifyKeyDumper/SpotifyKeyDumper.vcxproj.filters
new file mode 100644
index 0000000..a8b14ca
--- /dev/null
+++ b/SpotifyKeyDumper/SpotifyKeyDumper.vcxproj.filters
@@ -0,0 +1,45 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Header Files
+
+
+ Header Files
+
+
+ Header Files
+
+
+ Header Files
+
+
+
+
+ Source Files
+
+
+ Source Files
+
+
+ Source Files
+
+
+ Source Files
+
+
+
\ No newline at end of file
diff --git a/SpotifyKeyDumper/Utils.cpp b/SpotifyKeyDumper/Utils.cpp
new file mode 100644
index 0000000..12dc722
--- /dev/null
+++ b/SpotifyKeyDumper/Utils.cpp
@@ -0,0 +1,83 @@
+#include "pch.h"
+#include "Utils.h"
+
+bool Utils::Detour32(char* src, char* dst, const intptr_t len)
+{
+ if (len < 5) return false;
+
+ DWORD curProtection;
+ VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &curProtection);
+
+ intptr_t relativeAddress = (intptr_t)(dst - (intptr_t)src) - 5;
+
+ *src = (char)'\xE9';
+ *(intptr_t*)((intptr_t)src + 1) = relativeAddress;
+
+ VirtualProtect(src, len, curProtection, &curProtection);
+ return true;
+}
+
+char* Utils::TrampHook32(char* src, char* dst, const intptr_t len)
+{
+ // Make sure the length is greater than 5
+ if (len < 5) return 0;
+
+ // Create the gateway (len + 5 for the overwritten bytes + the jmp)
+ void* gateway = VirtualAlloc(0, len + 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
+
+ if (gateway == NULL) return 0;
+
+ // Write the stolen bytes into the gateway
+ memcpy(gateway, src, len);
+
+ // Get the gateway to destination addy
+ intptr_t gatewayRelativeAddr = ((intptr_t)src - (intptr_t)gateway) - 5;
+
+ // Add the jmp opcode to the end of the gateway
+ *(char*)((intptr_t)gateway + len) = 0xE9;
+
+ // Add the address to the jmp
+ *(intptr_t*)((intptr_t)gateway + len + 1) = gatewayRelativeAddr;
+
+ // Perform the detour
+ Detour32(src, dst, len);
+
+ return (char*)gateway;
+}
+
+int spotifyVer = -1;
+int Utils::GetSpotifyVersion()
+{
+ if (spotifyVer != -1)
+ return spotifyVer;
+
+ LPCWSTR lpszFilePath = L"Spotify.exe";
+ DWORD dwDummy;
+ DWORD dwFVISize = GetFileVersionInfoSize(lpszFilePath, &dwDummy);
+ LPBYTE lpVersionInfo = new BYTE[dwFVISize];
+ GetFileVersionInfo(lpszFilePath, 0, dwFVISize, lpVersionInfo);
+ UINT uLen;
+ VS_FIXEDFILEINFO* lpFfi;
+ VerQueryValue(lpVersionInfo, _T("\\"), (LPVOID*)&lpFfi, &uLen);
+ DWORD dwFileVersionMS = lpFfi->dwFileVersionMS;
+ DWORD dwFileVersionLS = lpFfi->dwFileVersionLS;
+ delete[] lpVersionInfo;
+
+ DWORD dwLeftMost = HIWORD(dwFileVersionMS);
+ DWORD dwSecondLeft = LOWORD(dwFileVersionMS);
+ DWORD dwSecondRight = HIWORD(dwFileVersionLS);
+ DWORD dwRightMost = LOWORD(dwFileVersionLS);
+
+ return spotifyVer = dwSecondRight;
+}
+
+std::string Utils::HexString(BYTE* data, int len)
+{
+ std::stringstream ss;
+ ss << std::hex;
+
+ for (int i(0); i < len; ++i)
+ ss << std::setw(2) << std::setfill('0') << (int)data[i];
+
+ return ss.str();
+}
\ No newline at end of file
diff --git a/SpotifyKeyDumper/Utils.h b/SpotifyKeyDumper/Utils.h
new file mode 100644
index 0000000..6119e88
--- /dev/null
+++ b/SpotifyKeyDumper/Utils.h
@@ -0,0 +1,11 @@
+#pragma once
+
+class Utils
+{
+public:
+ static bool Detour32(char* src, char* dst, const intptr_t len);
+ static char* TrampHook32(char* src, char* dst, const intptr_t len);
+ static int GetSpotifyVersion();
+ static std::string HexString(BYTE* data, int len);
+};
+
diff --git a/SpotifyKeyDumper/framework.h b/SpotifyKeyDumper/framework.h
new file mode 100644
index 0000000..54b83e9
--- /dev/null
+++ b/SpotifyKeyDumper/framework.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
+// Windows Header Files
+#include
diff --git a/SpotifyKeyDumper/pch.cpp b/SpotifyKeyDumper/pch.cpp
new file mode 100644
index 0000000..64b7eef
--- /dev/null
+++ b/SpotifyKeyDumper/pch.cpp
@@ -0,0 +1,5 @@
+// pch.cpp: source file corresponding to the pre-compiled header
+
+#include "pch.h"
+
+// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
diff --git a/SpotifyKeyDumper/pch.h b/SpotifyKeyDumper/pch.h
new file mode 100644
index 0000000..8e4e41f
--- /dev/null
+++ b/SpotifyKeyDumper/pch.h
@@ -0,0 +1,19 @@
+// pch.h: This is a precompiled header file.
+// Files listed below are compiled only once, improving build performance for future builds.
+// This also affects IntelliSense performance, including code completion and many code browsing features.
+// However, files listed here are ALL re-compiled if any one of them is updated between builds.
+// Do not add files here that you will be updating frequently as this negates the performance advantage.
+
+#ifndef PCH_H
+#define PCH_H
+
+// add headers that you want to pre-compile here
+#pragma comment(lib, "Version.lib")
+
+#include "framework.h"
+#include
+#include
+#include
+#include
+
+#endif //PCH_H
diff --git a/SpotifyKeyDumperInjector/SpotifyKeyDumperInjector.cpp b/SpotifyKeyDumperInjector/SpotifyKeyDumperInjector.cpp
new file mode 100644
index 0000000..c6fe628
--- /dev/null
+++ b/SpotifyKeyDumperInjector/SpotifyKeyDumperInjector.cpp
@@ -0,0 +1,82 @@
+#include
+#include
+#include
+
+static const char* VERSION = "1.0";
+
+static const char* DLL_FILE_PATH = "SpotifyKeyDumper.dll";
+static const wchar_t* PROC_NAME = L"Spotify.exe";
+
+DWORD GetProcId(const wchar_t* procName)
+{
+ DWORD procId = 0;
+ HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+
+ if (hSnap != INVALID_HANDLE_VALUE)
+ {
+ PROCESSENTRY32 procEntry;
+ procEntry.dwSize = sizeof(procEntry);
+
+ if (Process32First(hSnap, &procEntry))
+ {
+ do
+ {
+ if (!wcscmp(procEntry.szExeFile, procName))
+ {
+ procId = procEntry.th32ProcessID;
+ break;
+ }
+ }
+ while (Process32Next(hSnap, &procEntry));
+ }
+ }
+
+ CloseHandle(hSnap);
+ return procId;
+}
+
+void StartDllInjection()
+{
+ const char* dllPath = DLL_FILE_PATH;
+ const wchar_t* procName = PROC_NAME;
+ DWORD procId = 0;
+
+ while (!procId)
+ {
+ procId = GetProcId(procName);
+ Sleep(50);
+ }
+
+ // Possibly injecting too fast resulting in an error, so delay?
+ Sleep(50);
+
+ HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, procId);
+
+ if (hProc && hProc != INVALID_HANDLE_VALUE)
+ {
+ void* loc = VirtualAllocEx(hProc, 0, MAX_PATH, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+
+ if (loc == NULL)
+ return;
+
+ WriteProcessMemory(hProc, loc, dllPath, strlen(dllPath) + 1, 0);
+
+ HANDLE hThread = CreateRemoteThread(hProc, 0, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, loc, 0, 0);
+ if (hThread)
+ CloseHandle(hThread);
+ }
+
+ if (hProc)
+ CloseHandle(hProc);
+}
+
+int main()
+{
+ std::cout << "SpotifyKeyDumperInjector v" << VERSION << std::endl << std::endl;
+
+ std::wcout << "Waiting to inject \"" << DLL_FILE_PATH << "\" into \"" << std::wstring(PROC_NAME) << "\"..." << std::endl;
+ StartDllInjection();
+ std::cout << "Injected." << std::endl;
+
+ return 0;
+}
\ No newline at end of file
diff --git a/SpotifyKeyDumperInjector/SpotifyKeyDumperInjector.vcxproj b/SpotifyKeyDumperInjector/SpotifyKeyDumperInjector.vcxproj
new file mode 100644
index 0000000..2b5e639
--- /dev/null
+++ b/SpotifyKeyDumperInjector/SpotifyKeyDumperInjector.vcxproj
@@ -0,0 +1,151 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ x64
+
+
+
+ 16.0
+ Win32Proj
+ {8b27e6f4-e0bd-4ecb-9e19-27801e43f988}
+ SpotifyKeyDumperInjector
+ 10.0.17763.0
+
+
+
+ Application
+ true
+ v142
+ Unicode
+
+
+ Application
+ false
+ v142
+ true
+ Unicode
+
+
+ Application
+ true
+ v142
+ Unicode
+
+
+ Application
+ false
+ v142
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ false
+
+
+ true
+
+
+ false
+
+
+
+ Level3
+ true
+ WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+ stdcpp14
+
+
+ Console
+ true
+
+
+
+
+ Level3
+ true
+ true
+ true
+ WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+ Size
+ stdcpp14
+ Cdecl
+
+
+ Console
+ true
+ true
+ true
+
+
+
+
+ Level3
+ true
+ _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+
+
+
+
+ Level3
+ true
+ true
+ true
+ NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/screenshot_example.png b/screenshot_example.png
new file mode 100644
index 0000000..aff6914
Binary files /dev/null and b/screenshot_example.png differ