Как расшифровать пароли из chromium браузеров на с/c++ ? В паблике пытаюсь найти примеры кодов, но все они старые. Буду рад, если скинете хотя бы объяснение как это делается сегодня.
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Как расшифровать пароли из браузеров?
- Автор темы Bitard
- Дата начала
щас тебе так и выложили работающие на сегодняшний день методы
Плохо форум смотрел, алгоритм уже обсуждался и если память не изменяет, выкладывали реализации.
GitHub - XShar/Fuck_Chrome_C: Показывает пароли во всех Хромах, включая версии 80 и выше.
Показывает пароли во всех Хромах, включая версии 80 и выше. - XShar/Fuck_Chrome_C
github.com
Ну и как на этом форуме уже говорили, либа bcrypt работает начиная с win7+, поэтому поддержка старых винд отпадает. Однако ты можешь нагуглить реализации крипты aes-gcm-256 и у тебя отпадет зависимость bcryptGitHub - XShar/Fuck_Chrome_C: Показывает пароли во всех Хромах, включая версии 80 и выше.
Показывает пароли во всех Хромах, включая версии 80 и выше. - XShar/Fuck_Chrome_Cgithub.com
Hi!
It depends on the browser. Each web browser stores passwords some what differently (although they're still some what similar). Do not listen to the person who said that the public methods work, this is not entirely true. Many of the common GitHub proof-of-concepts are broken and no longer work because, for example, Chrome web browser recently changed how it stores passwords. My memory is a little fuzzy - I have not written any code which exfiltrates data from web browsers in quite sometime. However, I do have some code that allows you to do it successfully. I wrote this code 8 months ago and forgot to share it on vx-underground. Thank you for reminding me.
You can check it out here: Chrome Password Dumper by smelly__vx
It depends on the browser. Each web browser stores passwords some what differently (although they're still some what similar). Do not listen to the person who said that the public methods work, this is not entirely true. Many of the common GitHub proof-of-concepts are broken and no longer work because, for example, Chrome web browser recently changed how it stores passwords. My memory is a little fuzzy - I have not written any code which exfiltrates data from web browsers in quite sometime. However, I do have some code that allows you to do it successfully. I wrote this code 8 months ago and forgot to share it on vx-underground. Thank you for reminding me.
You can check it out here: Chrome Password Dumper by smelly__vx
И как же по разному? Они все в бд хранятся
Нифига там не менялось, уже как год у них шифрование aes-gcm
Ну, не все, по моему ie хранит пароли в реестре
Chrome has made its password storage multi-phased. It is not perfect - but they implemented this to kill public password dumpers. They made this change in Chrome version 80 (I think... I cannot remember the exact details...) it is briefly explained here: https://xenarmor.com/how-to-recover-saved-passwords-google-chrome/
tl;dr first you must retrieve the "master key" from \\Chrome\\User Data\\Local State. The Masterkey is a generic-BASE64 encoded string.
In my code, line 224:
Код:
Substring = StringFindSubstringA(Substring, (PCHAR)"\"os_crypt\":{\"encrypted_key\":\"");
if (Substring == NULL)
goto FAILURE;
if (StringRemoveSubstring(Substring, (PCHAR)"\"os_crypt\":{\"encrypted_key\":\"") == NULL)
goto FAILURE;
if (StringTerminateStringAtCharA(Substring, '"') == NULL)
goto FAILURE;
if (!CryptStringToBinaryA(Substring, (DWORD)StringLengthA(Substring), CRYPT_STRING_BASE64, NULL, &dwLength, NULL, NULL))
goto FAILURE;
Decoded = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, StringLengthA(Substring) + 1);
if (Decoded == NULL)
goto FAILURE;
if (!CryptStringToBinaryA(Substring, (DWORD)StringLengthA(Substring), CRYPT_STRING_BASE64, Decoded, &dwLength, NULL, NULL))
goto FAILURE;
Decoded += 5;
dwLength -= 5;
In.cbData = dwLength;
In.pbData = Decoded;
if (!CryptUnprotectData(&In, NULL, NULL, NULL, NULL, 0, &GlobalBlob))
goto FAILURE;This retrieves the Masterkey. Then, later on, the password is stored in the database in AES-256. You have to use the Masterkey which was retrieved. The Initialization Vector is the second argument in the SQL3 query object callback routine (I can't remember what this value is...). Then you have to calculate the encrypted password offset. The encrypted passwords in the database are stored in a format you have to parse
[V10][INITIALIZATION VECTOR][AES256 ENCRYTPYED PASSWORD] like so..
Код:
struct WebPassword
{
BYTE signature[3] = "v10";
BYTE iv[12];
BYTE encPassword[...]
}Its also viewable in the code I shared... Its been awhile since I reviewed this.
I had issues lately with this. That explains it. Thank you.Chrome has made its password storage multi-phased. It is not perfect - but they implemented this to kill public password dumpers. They made this change in Chrome version 80 (I think... I cannot remember the exact details...) it is briefly explained here: https://xenarmor.com/how-to-recover-saved-passwords-google-chrome/
tl;dr first you must retrieve the "master key" from \\Chrome\\User Data\\Local State. The Masterkey is a generic-BASE64 encoded string.
In my code, line 224:
Код:Substring = StringFindSubstringA(Substring, (PCHAR)"\"os_crypt\":{\"encrypted_key\":\""); if (Substring == NULL) goto FAILURE; if (StringRemoveSubstring(Substring, (PCHAR)"\"os_crypt\":{\"encrypted_key\":\"") == NULL) goto FAILURE; if (StringTerminateStringAtCharA(Substring, '"') == NULL) goto FAILURE; if (!CryptStringToBinaryA(Substring, (DWORD)StringLengthA(Substring), CRYPT_STRING_BASE64, NULL, &dwLength, NULL, NULL)) goto FAILURE; Decoded = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, StringLengthA(Substring) + 1); if (Decoded == NULL) goto FAILURE; if (!CryptStringToBinaryA(Substring, (DWORD)StringLengthA(Substring), CRYPT_STRING_BASE64, Decoded, &dwLength, NULL, NULL)) goto FAILURE; Decoded += 5; dwLength -= 5; In.cbData = dwLength; In.pbData = Decoded; if (!CryptUnprotectData(&In, NULL, NULL, NULL, NULL, 0, &GlobalBlob)) goto FAILURE;
This retrieves the Masterkey. Then, later on, the password is stored in the database in AES-256. You have to use the Masterkey which was retrieved. The Initialization Vector is the second argument in the SQL3 query object callback routine (I can't remember what this value is...). Then you have to calculate the encrypted password offset. The encrypted passwords in the database are stored in a format you have to parse
[V10][INITIALIZATION VECTOR][AES256 ENCRYTPYED PASSWORD] like so..
Код:struct WebPassword { BYTE signature[3] = "v10"; BYTE iv[12]; BYTE encPassword[...] }
Its also viewable in the code I shared... Its been awhile since I reviewed this.
Поиск по git Есть много проектов, которые работают там для выполнения задачи
This is not true. Compile them and try