You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
176 lines
4.2 KiB
176 lines
4.2 KiB
4 years ago
|
package decrypt
|
||
4 years ago
|
|
||
4 years ago
|
import (
|
||
|
"crypto/aes"
|
||
|
"crypto/cipher"
|
||
4 years ago
|
"crypto/sha1"
|
||
|
"crypto/sha256"
|
||
|
"encoding/asn1"
|
||
|
"encoding/hex"
|
||
|
"hack-browser-data/log"
|
||
4 years ago
|
"syscall"
|
||
|
"unsafe"
|
||
|
|
||
4 years ago
|
"golang.org/x/crypto/pbkdf2"
|
||
4 years ago
|
)
|
||
|
|
||
4 years ago
|
func ChromePass(encryptPass, key []byte) ([]byte, error) {
|
||
4 years ago
|
if len(encryptPass) > 15 {
|
||
|
// remove prefix 'v10'
|
||
4 years ago
|
return aesGCMDecrypt(encryptPass[15:], key, encryptPass[3:15])
|
||
4 years ago
|
} else {
|
||
4 years ago
|
return nil, errPasswordIsEmpty
|
||
4 years ago
|
}
|
||
|
}
|
||
|
|
||
4 years ago
|
// chromium > 80 https://source.chromium.org/chromium/chromium/src/+/master:components/os_crypt/os_crypt_win.cc
|
||
4 years ago
|
func aesGCMDecrypt(crypted, key, nounce []byte) ([]byte, error) {
|
||
4 years ago
|
block, err := aes.NewCipher(key)
|
||
|
if err != nil {
|
||
4 years ago
|
return nil, err
|
||
4 years ago
|
}
|
||
4 years ago
|
blockMode, err := cipher.NewGCM(block)
|
||
4 years ago
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
4 years ago
|
origData, err := blockMode.Open(nil, nounce, crypted, nil)
|
||
4 years ago
|
if err != nil {
|
||
4 years ago
|
return nil, err
|
||
4 years ago
|
}
|
||
4 years ago
|
return origData, nil
|
||
4 years ago
|
}
|
||
|
|
||
4 years ago
|
type dataBlob struct {
|
||
4 years ago
|
cbData uint32
|
||
|
pbData *byte
|
||
|
}
|
||
|
|
||
4 years ago
|
func NewBlob(d []byte) *dataBlob {
|
||
4 years ago
|
if len(d) == 0 {
|
||
4 years ago
|
return &dataBlob{}
|
||
4 years ago
|
}
|
||
4 years ago
|
return &dataBlob{
|
||
4 years ago
|
pbData: &d[0],
|
||
|
cbData: uint32(len(d)),
|
||
|
}
|
||
|
}
|
||
|
|
||
4 years ago
|
func (b *dataBlob) ToByteArray() []byte {
|
||
4 years ago
|
d := make([]byte, b.cbData)
|
||
|
copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
|
||
|
return d
|
||
|
}
|
||
|
|
||
|
// chrome < 80 https://chromium.googlesource.com/chromium/src/+/76f496a7235c3432983421402951d73905c8be96/components/os_crypt/os_crypt_win.cc#82
|
||
4 years ago
|
func decryptStringWithDPAPI(data []byte) ([]byte, error) {
|
||
4 years ago
|
dllCrypt := syscall.NewLazyDLL("Crypt32.dll")
|
||
|
dllKernel := syscall.NewLazyDLL("Kernel32.dll")
|
||
|
procDecryptData := dllCrypt.NewProc("CryptUnprotectData")
|
||
|
procLocalFree := dllKernel.NewProc("LocalFree")
|
||
4 years ago
|
var outBlob dataBlob
|
||
4 years ago
|
r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outBlob)))
|
||
|
if r == 0 {
|
||
4 years ago
|
return nil, err
|
||
|
}
|
||
4 years ago
|
defer procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData)))
|
||
|
return outBlob.ToByteArray(), nil
|
||
4 years ago
|
}
|
||
4 years ago
|
|
||
4 years ago
|
func DPApi(data []byte) ([]byte, error) {
|
||
4 years ago
|
dllCrypt := syscall.NewLazyDLL("Crypt32.dll")
|
||
|
dllKernel := syscall.NewLazyDLL("Kernel32.dll")
|
||
|
procDecryptData := dllCrypt.NewProc("CryptUnprotectData")
|
||
|
procLocalFree := dllKernel.NewProc("LocalFree")
|
||
4 years ago
|
var outBlob dataBlob
|
||
4 years ago
|
r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outBlob)))
|
||
|
if r == 0 {
|
||
4 years ago
|
return nil, err
|
||
4 years ago
|
}
|
||
|
defer procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData)))
|
||
4 years ago
|
return outBlob.ToByteArray(), nil
|
||
4 years ago
|
}
|
||
4 years ago
|
|
||
4 years ago
|
type NssPBE struct {
|
||
|
SequenceA
|
||
|
Encrypted []byte
|
||
|
}
|
||
|
|
||
4 years ago
|
type MetaPBE struct {
|
||
|
SequenceA
|
||
4 years ago
|
Encrypted []byte
|
||
4 years ago
|
}
|
||
|
type SequenceA struct {
|
||
|
PKCS5PBES2 asn1.ObjectIdentifier
|
||
|
SequenceB
|
||
|
}
|
||
|
type SequenceB struct {
|
||
|
SequenceC
|
||
|
SequenceD
|
||
|
}
|
||
|
|
||
|
type SequenceC struct {
|
||
|
PKCS5PBKDF2 asn1.ObjectIdentifier
|
||
|
SequenceE
|
||
|
}
|
||
|
|
||
|
type SequenceD struct {
|
||
|
AES256CBC asn1.ObjectIdentifier
|
||
|
IV []byte
|
||
|
}
|
||
|
|
||
|
type SequenceE struct {
|
||
|
EntrySalt []byte
|
||
|
IterationCount int
|
||
|
KeySize int
|
||
|
SequenceF
|
||
|
}
|
||
|
|
||
|
type SequenceF struct {
|
||
|
HMACWithSHA256 asn1.ObjectIdentifier
|
||
|
}
|
||
|
|
||
4 years ago
|
func DecodeMeta(decodeItem []byte) (pbe MetaPBE, err error) {
|
||
|
_, err = asn1.Unmarshal(decodeItem, &pbe)
|
||
|
if err != nil {
|
||
|
log.Error(err)
|
||
|
return
|
||
|
}
|
||
|
return
|
||
|
}
|
||
|
|
||
|
func DecodeNss(nssA11Bytes []byte) (pbe NssPBE, err error) {
|
||
|
log.Debug(hex.EncodeToString(nssA11Bytes))
|
||
|
_, err = asn1.Unmarshal(nssA11Bytes, &pbe)
|
||
|
if err != nil {
|
||
|
log.Error(err)
|
||
|
return
|
||
|
}
|
||
|
return
|
||
|
}
|
||
4 years ago
|
|
||
4 years ago
|
func Meta(globalSalt, masterPwd []byte, pbe MetaPBE) ([]byte, error) {
|
||
4 years ago
|
return decryptMeta(globalSalt, masterPwd, pbe.IV, pbe.EntrySalt, pbe.Encrypted, pbe.IterationCount, pbe.KeySize)
|
||
|
}
|
||
|
|
||
4 years ago
|
func Nss(globalSalt, masterPwd []byte, pbe NssPBE) ([]byte, error) {
|
||
4 years ago
|
return decryptMeta(globalSalt, masterPwd, pbe.IV, pbe.EntrySalt, pbe.Encrypted, pbe.IterationCount, pbe.KeySize)
|
||
|
}
|
||
|
|
||
|
func decryptMeta(globalSalt, masterPwd, nssIv, entrySalt, encrypted []byte, iter, keySize int) ([]byte, error) {
|
||
|
k := sha1.Sum(globalSalt)
|
||
4 years ago
|
log.Println(hex.EncodeToString(k[:]))
|
||
4 years ago
|
key := pbkdf2.Key(k[:], entrySalt, iter, keySize, sha256.New)
|
||
4 years ago
|
log.Println(hex.EncodeToString(key))
|
||
|
i, err := hex.DecodeString("040e")
|
||
|
if err != nil {
|
||
|
log.Println(err)
|
||
|
}
|
||
|
// @https://hg.mozilla.org/projects/nss/rev/fc636973ad06392d11597620b602779b4af312f6#l6.49
|
||
4 years ago
|
iv := append(i, nssIv...)
|
||
|
dst, err := aes128CBCDecrypt(key, iv, encrypted)
|
||
4 years ago
|
if err != nil {
|
||
|
log.Println(err)
|
||
|
}
|
||
|
return dst, err
|
||
|
}
|