Ankermake slicer stores your login information in an obfuscated format.
The file to look for is
%AppData%/Local/AnkerMake/AnkerMake_64bit_fp/login.jsonWhich, even though it is named .json, is a base64-encoded, encrypted json file.
This file can be decoded using a couple of unix commands. First, decode the base64:
$ base64 -d login.json > login.rawNow login.raw will contain the raw (encrypted) contents. These can be decrypted using openssl:
$ openssl aes-128-ecb -d -nopad -in login.raw -K 1b55f97793d58864571e1055838cac97The key 1b55f97793d58864571e1055838cac97 was extracted from Ankermake Slicer using Ghidra.
The openssl command above should yield output similar to this:
{
"code": 0,
"data": {
"ab_code": "REDACTED",
"auth_token": "REDACTED",
"avatar": "",
"domain": "",
"email": "REDACTED",
"geo_key": "REDACTED",
"invitation_code": "REDACTED",
"inviter_code": "",
"mac_addr": "",
"nick_name": "",
"params": null,
"phone": "",
"phone_code": "",
"privilege": 0,
"server_secret_info": {
"public_key": "REDACTED"
},
"token_expires_at": "REDACTED",
"trust_list": [
],
"user_id": "REDACTED",
"verify_code_url": ""
},
"msg": "Succeed."
}Alternatively, the excellent CyberChef tool can be used.
Just click on this recipe and paste the contents of your login.json to see the contents.