HackBrowserData/crypto/crypto.go

package crypto

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/des"
	"crypto/hmac"
	"crypto/sha1"
	"crypto/sha256"
	"encoding/asn1"
	"errors"

	"golang.org/x/crypto/pbkdf2"
)

var (
	errPasswordIsEmpty  = errors.New("password is empty")
	errDecodeASN1Failed = errors.New("decode ASN1 data failed")
	errEncryptedLength  = errors.New("length of encrypted password less than block size")
)

type ASN1PBE interface {
	Decrypt(globalSalt, masterPwd []byte) (key []byte, err error)
}

func NewASN1PBE(b []byte) (pbe ASN1PBE, err error) {
	var (
		n nssPBE
		m metaPBE
		l loginPBE
	)
	if _, err := asn1.Unmarshal(b, &n); err == nil {
		return n, nil
	}
	if _, err := asn1.Unmarshal(b, &m); err == nil {
		return m, nil
	}
	if _, err := asn1.Unmarshal(b, &l); err == nil {
		return l, nil
	}
	return nil, errDecodeASN1Failed
}

// nssPBE Struct
//
//	SEQUENCE (2 elem)
//		OBJECT IDENTIFIER
//		SEQUENCE (2 elem)
//			OCTET STRING (20 byte)
//			INTEGER 1
//	OCTET STRING (16 byte)
type nssPBE struct {
	AlgoAttr struct {
		asn1.ObjectIdentifier
		SaltAttr struct {
			EntrySalt []byte
			Len       int
		}
	}
	Encrypted []byte
}

func (n nssPBE) Decrypt(globalSalt, masterPwd []byte) (key []byte, err error) {
	glmp := append(globalSalt, masterPwd...)
	hp := sha1.Sum(glmp)
	s := append(hp[:], n.salt()...)
	chp := sha1.Sum(s)
	pes := paddingZero(n.salt(), 20)
	tk := hmac.New(sha1.New, chp[:])
	tk.Write(pes)
	pes = append(pes, n.salt()...)
	k1 := hmac.New(sha1.New, chp[:])
	k1.Write(pes)
	tkPlus := append(tk.Sum(nil), n.salt()...)
	k2 := hmac.New(sha1.New, chp[:])
	k2.Write(tkPlus)
	k := append(k1.Sum(nil), k2.Sum(nil)...)
	iv := k[len(k)-8:]
	return des3Decrypt(k[:24], iv, n.encrypted())
}

func (n nssPBE) salt() []byte {
	return n.AlgoAttr.SaltAttr.EntrySalt
}

func (n nssPBE) encrypted() []byte {
	return n.Encrypted
}

// MetaPBE Struct
//
//	SEQUENCE (2 elem)
//		OBJECT IDENTIFIER
//	    SEQUENCE (2 elem)
//	    SEQUENCE (2 elem)
//	      	OBJECT IDENTIFIER
//	       	SEQUENCE (4 elem)
//	       	OCTET STRING (32 byte)
//	      		INTEGER 1
//	       		INTEGER 32
//	       		SEQUENCE (1 elem)
//	          	OBJECT IDENTIFIER
//	    SEQUENCE (2 elem)
//	      	OBJECT IDENTIFIER
//	      	OCTET STRING (14 byte)
//	OCTET STRING (16 byte)
type metaPBE struct {
	AlgoAttr  algoAttr
	Encrypted []byte
}

type algoAttr struct {
	asn1.ObjectIdentifier
	Data struct {
		Data struct {
			asn1.ObjectIdentifier
			SlatAttr slatAttr
		}
		IVData ivAttr
	}
}

type ivAttr struct {
	asn1.ObjectIdentifier
	IV []byte
}

type slatAttr struct {
	EntrySalt      []byte
	IterationCount int
	KeySize        int
	Algorithm      struct {
		asn1.ObjectIdentifier
	}
}

func (m metaPBE) Decrypt(globalSalt, _ []byte) (key2 []byte, err error) {
	k := sha1.Sum(globalSalt)
	key := pbkdf2.Key(k[:], m.salt(), m.iterationCount(), m.keySize(), sha256.New)
	iv := append([]byte{4, 14}, m.iv()...)
	return aes128CBCDecrypt(key, iv, m.encrypted())
}

func (m metaPBE) salt() []byte {
	return m.AlgoAttr.Data.Data.SlatAttr.EntrySalt
}

func (m metaPBE) iterationCount() int {
	return m.AlgoAttr.Data.Data.SlatAttr.IterationCount
}

func (m metaPBE) keySize() int {
	return m.AlgoAttr.Data.Data.SlatAttr.KeySize
}

func (m metaPBE) iv() []byte {
	return m.AlgoAttr.Data.IVData.IV
}

func (m metaPBE) encrypted() []byte {
	return m.Encrypted
}

// loginPBE Struct
//
//	OCTET STRING (16 byte)
//	SEQUENCE (2 elem)
//			OBJECT IDENTIFIER
//			OCTET STRING (8 byte)
//	OCTET STRING (16 byte)
type loginPBE struct {
	CipherText []byte
	Data       struct {
		asn1.ObjectIdentifier
		IV []byte
	}
	Encrypted []byte
}

func (l loginPBE) Decrypt(globalSalt, _ []byte) (key []byte, err error) {
	return des3Decrypt(globalSalt, l.iv(), l.encrypted())
}

func (l loginPBE) iv() []byte {
	return l.Data.IV
}

func (l loginPBE) encrypted() []byte {
	return l.Encrypted
}

func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	encryptLen := len(encryptPass)
	if encryptLen < block.BlockSize() {
		return nil, errEncryptedLength
	}

	dst := make([]byte, encryptLen)
	mode := cipher.NewCBCDecrypter(block, iv)
	mode.CryptBlocks(dst, encryptPass)
	dst = pkcs5UnPadding(dst, block.BlockSize())
	return dst, nil
}

func pkcs5UnPadding(src []byte, blockSize int) []byte {
	n := len(src)
	paddingNum := int(src[n-1])
	if n < paddingNum || paddingNum > blockSize {
		return src
	}
	return src[:n-paddingNum]
}

// des3Decrypt use for decrypt firefox PBE
func des3Decrypt(key, iv []byte, src []byte) ([]byte, error) {
	block, err := des.NewTripleDESCipher(key)
	if err != nil {
		return nil, err
	}
	blockMode := cipher.NewCBCDecrypter(block, iv)
	sq := make([]byte, len(src))
	blockMode.CryptBlocks(sq, src)
	return pkcs5UnPadding(sq, block.BlockSize()), nil
}

func paddingZero(s []byte, l int) []byte {
	h := l - len(s)
	if h <= 0 {
		return s
	}
	for i := len(s); i < l; i++ {
		s = append(s, 0)
	}
	return s
}
chore: update project layout 2 years ago			`package crypto`
dev-feat: add chromium browser for macos 3 years ago
			`import (`
			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/des"`
			`"crypto/hmac"`
			`"crypto/sha1"`
			`"crypto/sha256"`
			`"encoding/asn1"`
			`"errors"`

			`"golang.org/x/crypto/pbkdf2"`
			`)`

			`var (`
refactor: only handle error if security command not found 2 years ago			`errPasswordIsEmpty = errors.New("password is empty")`
			`errDecodeASN1Failed = errors.New("decode ASN1 data failed")`
			`errEncryptedLength = errors.New("length of encrypted password less than block size")`
dev-feat: add chromium browser for macos 3 years ago			`)`

			`type ASN1PBE interface {`
			`Decrypt(globalSalt, masterPwd []byte) (key []byte, err error)`
			`}`

			`func NewASN1PBE(b []byte) (pbe ASN1PBE, err error) {`
			`var (`
fix: modify firefox asn1 data struct 2 years ago			`n nssPBE`
			`m metaPBE`
			`l loginPBE`
dev-feat: add chromium browser for macos 3 years ago			`)`
			`if _, err := asn1.Unmarshal(b, &n); err == nil {`
			`return n, nil`
			`}`
			`if _, err := asn1.Unmarshal(b, &m); err == nil {`
			`return m, nil`
			`}`
			`if _, err := asn1.Unmarshal(b, &l); err == nil {`
			`return l, nil`
			`}`
			`return nil, errDecodeASN1Failed`
			`}`

fix: modify firefox asn1 data struct 2 years ago			`// nssPBE Struct`
refactor: add comments and format code style 2 years ago			`//`
			`// SEQUENCE (2 elem)`
			`// OBJECT IDENTIFIER`
			`// SEQUENCE (2 elem)`
			`// OCTET STRING (20 byte)`
			`// INTEGER 1`
			`// OCTET STRING (16 byte)`
fix: modify firefox asn1 data struct 2 years ago			`type nssPBE struct {`
			`AlgoAttr struct {`
			`asn1.ObjectIdentifier`
			`SaltAttr struct {`
			`EntrySalt []byte`
			`Len int`
			`}`
			`}`
dev-feat: add chromium browser for macos 3 years ago			`Encrypted []byte`
			`}`

fix: modify firefox asn1 data struct 2 years ago			`func (n nssPBE) Decrypt(globalSalt, masterPwd []byte) (key []byte, err error) {`
dev-feat: add chromium browser for macos 3 years ago			`glmp := append(globalSalt, masterPwd...)`
			`hp := sha1.Sum(glmp)`
feat: add is full export browsing data option 2 years ago			`s := append(hp[:], n.salt()...)`
dev-feat: add chromium browser for macos 3 years ago			`chp := sha1.Sum(s)`
feat: add is full export browsing data option 2 years ago			`pes := paddingZero(n.salt(), 20)`
dev-feat: add chromium browser for macos 3 years ago			`tk := hmac.New(sha1.New, chp[:])`
			`tk.Write(pes)`
feat: add is full export browsing data option 2 years ago			`pes = append(pes, n.salt()...)`
dev-feat: add chromium browser for macos 3 years ago			`k1 := hmac.New(sha1.New, chp[:])`
			`k1.Write(pes)`
feat: add is full export browsing data option 2 years ago			`tkPlus := append(tk.Sum(nil), n.salt()...)`
dev-feat: add chromium browser for macos 3 years ago			`k2 := hmac.New(sha1.New, chp[:])`
			`k2.Write(tkPlus)`
			`k := append(k1.Sum(nil), k2.Sum(nil)...)`
			`iv := k[len(k)-8:]`
refactor: add comments and format code style 2 years ago			`return des3Decrypt(k[:24], iv, n.encrypted())`
			`}`

feat: add is full export browsing data option 2 years ago			`func (n nssPBE) salt() []byte {`
refactor: add comments and format code style 2 years ago			`return n.AlgoAttr.SaltAttr.EntrySalt`
			`}`

			`func (n nssPBE) encrypted() []byte {`
			`return n.Encrypted`
dev-feat: add chromium browser for macos 3 years ago			`}`

			`// MetaPBE Struct`
refactor: add comments and format code style 2 years ago			`//`
			`// SEQUENCE (2 elem)`
			`// OBJECT IDENTIFIER`
			`// SEQUENCE (2 elem)`
			`// SEQUENCE (2 elem)`
			`// OBJECT IDENTIFIER`
			`// SEQUENCE (4 elem)`
			`// OCTET STRING (32 byte)`
			`// INTEGER 1`
			`// INTEGER 32`
			`// SEQUENCE (1 elem)`
			`// OBJECT IDENTIFIER`
			`// SEQUENCE (2 elem)`
			`// OBJECT IDENTIFIER`
			`// OCTET STRING (14 byte)`
			`// OCTET STRING (16 byte)`
fix: modify firefox asn1 data struct 2 years ago			`type metaPBE struct {`
			`AlgoAttr algoAttr`
dev-feat: add chromium browser for macos 3 years ago			`Encrypted []byte`
			`}`

fix: modify firefox asn1 data struct 2 years ago			`type algoAttr struct {`
			`asn1.ObjectIdentifier`
			`Data struct {`
			`Data struct {`
			`asn1.ObjectIdentifier`
			`SlatAttr slatAttr`
			`}`
			`IVData ivAttr`
			`}`
dev-feat: add chromium browser for macos 3 years ago			`}`

fix: modify firefox asn1 data struct 2 years ago			`type ivAttr struct {`
			`asn1.ObjectIdentifier`
			`IV []byte`
dev-feat: add chromium browser for macos 3 years ago			`}`

fix: modify firefox asn1 data struct 2 years ago			`type slatAttr struct {`
dev-feat: add chromium browser for macos 3 years ago			`EntrySalt []byte`
			`IterationCount int`
			`KeySize int`
fix: modify firefox asn1 data struct 2 years ago			`Algorithm struct {`
			`asn1.ObjectIdentifier`
			`}`
dev-feat: add chromium browser for macos 3 years ago			`}`

fix: renaming unused parameter 1 year ago			`func (m metaPBE) Decrypt(globalSalt, _ []byte) (key2 []byte, err error) {`
dev-feat: add chromium browser for macos 3 years ago			`k := sha1.Sum(globalSalt)`
feat: add is full export browsing data option 2 years ago			`key := pbkdf2.Key(k[:], m.salt(), m.iterationCount(), m.keySize(), sha256.New)`
refactor: add comments and format code style 2 years ago			`iv := append([]byte{4, 14}, m.iv()...)`
			`return aes128CBCDecrypt(key, iv, m.encrypted())`
dev-feat: add chromium browser for macos 3 years ago			`}`

feat: add is full export browsing data option 2 years ago			`func (m metaPBE) salt() []byte {`
fix: modify firefox asn1 data struct 2 years ago			`return m.AlgoAttr.Data.Data.SlatAttr.EntrySalt`
			`}`

			`func (m metaPBE) iterationCount() int {`
			`return m.AlgoAttr.Data.Data.SlatAttr.IterationCount`
			`}`

			`func (m metaPBE) keySize() int {`
			`return m.AlgoAttr.Data.Data.SlatAttr.KeySize`
			`}`

refactor: add comments and format code style 2 years ago			`func (m metaPBE) iv() []byte {`
			`return m.AlgoAttr.Data.IVData.IV`
			`}`

			`func (m metaPBE) encrypted() []byte {`
			`return m.Encrypted`
			`}`

fix: modify firefox asn1 data struct 2 years ago			`// loginPBE Struct`
refactor: add comments and format code style 2 years ago			`//`
			`// OCTET STRING (16 byte)`
			`// SEQUENCE (2 elem)`
			`// OBJECT IDENTIFIER`
			`// OCTET STRING (8 byte)`
			`// OCTET STRING (16 byte)`
fix: modify firefox asn1 data struct 2 years ago			`type loginPBE struct {`
dev-feat: add chromium browser for macos 3 years ago			`CipherText []byte`
fix: modify firefox asn1 data struct 2 years ago			`Data struct {`
			`asn1.ObjectIdentifier`
			`IV []byte`
			`}`
dev-feat: add chromium browser for macos 3 years ago			`Encrypted []byte`
			`}`

fix: renaming unused parameter 1 year ago			`func (l loginPBE) Decrypt(globalSalt, _ []byte) (key []byte, err error) {`
refactor: add comments and format code style 2 years ago			`return des3Decrypt(globalSalt, l.iv(), l.encrypted())`
			`}`

			`func (l loginPBE) iv() []byte {`
			`return l.Data.IV`
			`}`
chore: add lint ruler, exclude unused variable 2 years ago
refactor: add comments and format code style 2 years ago			`func (l loginPBE) encrypted() []byte {`
			`return l.Encrypted`
dev-feat: add chromium browser for macos 3 years ago			`}`

			`func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {`
			`block, err := aes.NewCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`encryptLen := len(encryptPass)`
			`if encryptLen < block.BlockSize() {`
			`return nil, errEncryptedLength`
			`}`

			`dst := make([]byte, encryptLen)`
			`mode := cipher.NewCBCDecrypter(block, iv)`
			`mode.CryptBlocks(dst, encryptPass)`
fix: add block size check, Close #120 2 years ago			`dst = pkcs5UnPadding(dst, block.BlockSize())`
dev-feat: add chromium browser for macos 3 years ago			`return dst, nil`
			`}`

fix: add block size check, Close #120 2 years ago			`func pkcs5UnPadding(src []byte, blockSize int) []byte {`
			`n := len(src)`
			`paddingNum := int(src[n-1])`
			`if n < paddingNum \|\| paddingNum > blockSize {`
			`return src`
			`}`
			`return src[:n-paddingNum]`
dev-feat: add chromium browser for macos 3 years ago			`}`

refactor: add comments and format code style 2 years ago			`// des3Decrypt use for decrypt firefox PBE`
dev-feat: add chromium browser for macos 3 years ago			`func des3Decrypt(key, iv []byte, src []byte) ([]byte, error) {`
			`block, err := des.NewTripleDESCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`blockMode := cipher.NewCBCDecrypter(block, iv)`
			`sq := make([]byte, len(src))`
			`blockMode.CryptBlocks(sq, src)`
fix: add block size check, Close #120 2 years ago			`return pkcs5UnPadding(sq, block.BlockSize()), nil`
dev-feat: add chromium browser for macos 3 years ago			`}`

			`func paddingZero(s []byte, l int) []byte {`
			`h := l - len(s)`
			`if h <= 0 {`
			`return s`
			`}`
refactor: add comments and format code style 2 years ago			`for i := len(s); i < l; i++ {`
			`s = append(s, 0)`
			`}`
			`return s`
dev-feat: add chromium browser for macos 3 years ago			`}`