Skip to content

Instantly share code, notes, and snippets.

@shuax

shuax/chrome_pass.py

Created May 28, 2020 08:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shuax/30863707072208d46fec6aa7f251067f to your computer and use it in GitHub Desktop.
Save shuax/30863707072208d46fec6aa7f251067f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
chrome_pass.py
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import base64
# https://github.com/chromium/chromium/blob/master/components/os_crypt/os_crypt_win.cc
# Local State -> os_crypt.encrypted_key
# start with "DPAPI"
encrypted_key = "RFBBUElHFVPkvx6wPkLGBufud/s3Mjg5QwQqbPJ3kTB7aajsZw=="
encrypted_key = base64.b64decode(encrypted_key)[5:]
print('encrypted_key', encrypted_key, len(encrypted_key))
# Default/Login Data -> logins
# start with "v10"
password_value = "76313073d2d9e7c225ad0c6d9197d36ee3a3cc254a239890482a537e631e722ce0af88cd74"
password_value = bytes.fromhex(password_value)[3:]
print('password_value', password_value, len(password_value))
nonce = password_value[:12]
data = password_value[12:]
print('nonce', nonce, len(nonce))
print('data', data, len(data))
aesgcm = AESGCM(encrypted_key)
password = aesgcm.decrypt(nonce, data, b'')
print(password)
@shuax
Copy link
Author

shuax commented May 28, 2020 

encrypted_key b'G\x15S\xe4\xbf\x1e\xb0>B\xc6\x06\xe7\xeew\xfb7289C\x04*l\xf2w\x910{i\xa8\xecg' 32
password_value b's\xd2\xd9\xe7\xc2%\xad\x0cm\x91\x97\xd3n\xe3\xa3\xcc%J#\x98\x90H*S~c\x1er,\xe0\xaf\x88\xcdt' 34
nonce b's\xd2\xd9\xe7\xc2%\xad\x0cm\x91\x97\xd3' 12
data b'n\xe3\xa3\xcc%J#\x98\x90H*S~c\x1er,\xe0\xaf\x88\xcdt' 22
b'123456'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment