commit fe40b99d69c3142dbe936037222569b5433e8a3d Author: ᴍᴏᴏɴD4ʀᴋ Date: Fri Jun 19 20:43:31 2020 +0800 add chrome password decrypt diff --git a/README.md b/README.md new file mode 100644 index 0000000..0b0cc88 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +# HackBrowserData + +export your browser data, support Safari and Chrome. + diff --git a/core/common/common.go b/core/common/common.go new file mode 100644 index 0000000..a03c142 --- /dev/null +++ b/core/common/common.go @@ -0,0 +1,79 @@ +package common + +import ( + "database/sql" + "hack-browser-data/log" + "hack-browser-data/utils" + + _ "github.com/mattn/go-sqlite3" +) + +const ( + Chrome = "Chrome" + Safari = "Safari" +) + +type ( + BrowserData struct { + BrowserName string + LoginData []LoginData + } + LoginData struct { + UserName string + encryptPass []byte + Password string + LoginUrl string + } + History struct { + } + Cookie struct { + } + BookMark struct { + } +) + +func ParseDB() (results []*LoginData) { + //datetime(visit_time / 1000000 + (strftime('%s', '1601-01-01')), 'unixepoch') + loginD := &LoginData{} + logins, err := sql.Open("sqlite3", utils.LoginData) + defer func() { + if err := logins.Close(); err != nil { + log.Println(err) + } + }() + if err != nil { + log.Println(err) + } + err = logins.Ping() + log.Println(err) + rows, err := logins.Query(`SELECT origin_url, username_value, password_value FROM logins`) + defer func() { + if err := rows.Close(); err != nil { + log.Println(err) + } + }() + log.Println(err) + for rows.Next() { + var ( + url string + username string + pwd []byte + password string + ) + err = rows.Scan(&url, &username, &pwd) + loginD = &LoginData{ + UserName: username, + encryptPass: pwd, + LoginUrl: url, + } + if len(pwd) > 3 { + password = utils.Aes128CBCDecrypt(pwd[3:]) + } + loginD.Password = password + if err != nil { + log.Println(err) + } + results = append(results, loginD) + } + return +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..467018a --- /dev/null +++ b/go.mod @@ -0,0 +1,10 @@ +module hack-browser-data + +go 1.14 + +require ( + github.com/forgoer/openssl v0.0.0-20200331032942-ad9f8d57d8b1 + github.com/mattn/go-sqlite3 v1.14.0 + go.uber.org/zap v1.15.0 + golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..3b0ae8c --- /dev/null +++ b/go.sum @@ -0,0 +1,69 @@ +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc= +github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/forgoer/openssl v0.0.0-20200331032942-ad9f8d57d8b1 h1:KC0gMm3q6pgXwfwMDx36ntHIB/B+ardzsa2SgRcdYdY= +github.com/forgoer/openssl v0.0.0-20200331032942-ad9f8d57d8b1/go.mod h1:NMVFOzYeLVR7UiGTxsa+A21nrERTZ3Rv2JHDPcJpDyI= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mattn/go-sqlite3 v1.14.0 h1:mLyGNKR8+Vv9CAU7PphKa2hkEqxxhn8i32J6FPj1/QA= +github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= +github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk= +go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= +go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM= +go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529 h1:iMGN4xG0cnqj3t+zOM8wUB0BiPKHEwSxEZCvzcbZuvk= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM= +golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5 h1:hKsoRgsbwY1NafxrwTs+k64bikrLBkAgPir1TNCj3Zs= +golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= diff --git a/log/log.go b/log/log.go new file mode 100644 index 0000000..6e88baf --- /dev/null +++ b/log/log.go @@ -0,0 +1,116 @@ +package log + +import ( + "os" + "strings" + + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +var ( + formatLogger *zap.SugaredLogger + levelMap = map[string]zapcore.Level{ + "debug": zapcore.DebugLevel, + "info": zapcore.InfoLevel, + "warn": zapcore.WarnLevel, + "error": zapcore.ErrorLevel, + "panic": zapcore.PanicLevel, + "fatal": zapcore.FatalLevel, + } +) + +func init() { + logger := newLogger("debug") + formatLogger = logger.Sugar() +} + +func newLogger(level string) *zap.Logger { + core := newCore(level) + return zap.New(core, + zap.AddCaller(), + zap.AddCallerSkip(1), + zap.Development(), + ) +} + +func newCore(level string) zapcore.Core { + encoderConfig := zapcore.EncoderConfig{ + TimeKey: "time", + LevelKey: "level", + NameKey: "logger", + CallerKey: "line", + MessageKey: "msg", + StacktraceKey: "stacktrace", + LineEnding: zapcore.DefaultLineEnding, + EncodeLevel: zapcore.CapitalColorLevelEncoder, + EncodeTime: zapcore.ISO8601TimeEncoder, + EncodeDuration: zapcore.SecondsDurationEncoder, // + EncodeCaller: zapcore.ShortCallerEncoder, + EncodeName: zapcore.FullNameEncoder, + } + return zapcore.NewCore( + zapcore.NewConsoleEncoder(encoderConfig), + zapcore.NewMultiWriteSyncer(zapcore.AddSync(os.Stdout)), + zap.NewAtomicLevelAt(getLoggerLevel(level)), + ) +} + +func getLoggerLevel(lvl string) zapcore.Level { + if level, ok := levelMap[strings.ToLower(lvl)]; ok { + return level + } + return zapcore.InfoLevel +} + +func Debug(args ...interface{}) { + formatLogger.Debug(args...) +} + +func Debugf(template string, args ...interface{}) { + formatLogger.Debugf(template, args...) +} + +func Info(args ...interface{}) { + formatLogger.Info(args...) +} + +func Infof(template string, args ...interface{}) { + formatLogger.Infof(template, args...) +} + +func Warn(args ...interface{}) { + formatLogger.Warn(args...) +} + +func Warnf(template string, args ...interface{}) { + formatLogger.Warnf(template, args...) +} + +func Error(args ...interface{}) { + formatLogger.Error(args...) +} + +func Errorf(template string, args ...interface{}) { + formatLogger.Errorf(template, args...) +} + +func Panic(args ...interface{}) { + formatLogger.Panic(args...) +} + +func Panicf(template string, args ...interface{}) { + formatLogger.Panicf(template, args...) +} + +func Fatal(args ...interface{}) { + formatLogger.Fatal(args...) +} + +func Fatalf(template string, args ...interface{}) { + formatLogger.Fatalf(template, args...) +} + +func Println(args ...interface{}) { + formatLogger.Debug(args...) +} diff --git a/main.go b/main.go new file mode 100644 index 0000000..638d71b --- /dev/null +++ b/main.go @@ -0,0 +1,24 @@ +package main + +import ( + "fmt" + "hack-browser-data/core/common" + "hack-browser-data/log" + "hack-browser-data/utils" + "runtime" +) + +func main() { + err := utils.CopyDB(utils.GetDBPath(utils.LoginData), utils.LoginData) + if err != nil { + log.Println(err) + } + osName := runtime.GOOS + switch osName { + case "darwin": + utils.InitChromeKey() + common.ParseDB() + case "windows": + fmt.Println("Windows") + } +} diff --git a/utils/utils.go b/utils/utils.go new file mode 100644 index 0000000..41133c6 --- /dev/null +++ b/utils/utils.go @@ -0,0 +1,39 @@ +package utils + +import ( + "hack-browser-data/log" + "io/ioutil" + "os" + "path/filepath" +) + +const ( + LoginData = "Login Data" + History = "History" + Cookies = "Cookies" + WebData = "Web Data" +) + +func CopyDB(source, dest string) error { + // remove current path db file first + locals, _ := filepath.Glob("*") + for _, v := range locals { + if v == dest { + err := os.Remove(dest) + if err != nil { + return err + } + } + } + sourceFile, err := ioutil.ReadFile(source) + if err != nil { + log.Println(err.Error()) + } + + err = ioutil.WriteFile(dest, sourceFile, 644) + if err != nil { + log.Println(err.Error()) + } + err = os.Chmod(dest, 0777) + return err +} diff --git a/utils/utils_darwin.go b/utils/utils_darwin.go new file mode 100644 index 0000000..a97e470 --- /dev/null +++ b/utils/utils_darwin.go @@ -0,0 +1,124 @@ +package utils + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/sha1" + "fmt" + "hack-browser-data/log" + "os/exec" + "path/filepath" + + "github.com/forgoer/openssl" + "golang.org/x/crypto/pbkdf2" +) + +const ( + macChromeDir = "/Users/*/Library/Application Support/Google/Chrome/*/" +) + +var ( + iv = []byte{32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32} + command = []string{"security", "find-generic-password", "-wa", "Chrome"} + chromeSalt = []byte("saltysalt") + chromeKey []byte + chromePass []byte +) + +func GetDBPath(dbName string) string { + s, err := filepath.Glob(macChromeDir + dbName) + if err != nil && len(s) == 0 { + panic(err) + } + return s[0] +} + +func InitChromeKey() { + var ( + cmd *exec.Cmd + stdout, stderr bytes.Buffer + ) + cmd = exec.Command(command[0], command[1], command[2], command[3]) + cmd.Stdout = &stdout + cmd.Stderr = &stderr + err := cmd.Run() + if err != nil { + log.Println(err) + panic(err) + } + + if stderr.Len() > 0 { + panic(stderr.String()) + } + // replace /n + temp := stdout.Bytes() + chromePass = temp[:len(temp)-1] + chromeKey = pbkdf2.Key(chromePass, chromeSalt, 1003, 16, sha1.New) +} + +func DecryptPass(chromePass []byte) []byte { + l := pbkdf2.Key(chromePass, chromeSalt, 1003, 16, sha1.New) + return l +} + +func Aes128CBCDecrypt(encryptPass []byte) string { + src, err := openssl.AesCBCDecrypt(encryptPass, chromeKey, iv, openssl.PKCS5_PADDING) + if err != nil { + log.Println(err) + } + return string(src) +} + +func AesDecrypt(ciphertext []byte, key, iv []byte) ([]byte, error) { + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + blockMode := cipher.NewCBCDecrypter(block, iv) + origData := make([]byte, len(ciphertext)) + fmt.Println(blockMode.BlockSize()) + //func (x *cbcDecrypter) CryptBlocks(dst, src []byte) { + // if len(src)%x.blockSize != 0 { + // panic("crypto/cipher: input not full blocks") + blockMode.CryptBlocks(origData, ciphertext) + origData = PKCS5UnPadding(origData) + return origData, nil +} + +func ZeroPadding(ciphertext []byte, blockSize int) []byte { + padding := blockSize - len(ciphertext)%blockSize + padtext := bytes.Repeat([]byte{0}, padding) + return append(ciphertext, padtext...) +} + +func ZeroUnPadding(origData []byte) []byte { + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +} + +func PKCS5Padding(ciphertext []byte, blockSize int) []byte { + padding := blockSize - len(ciphertext)%blockSize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(ciphertext, padtext...) +} + +func PKCS5UnPadding(origData []byte) []byte { + length := len(origData) + // 去掉最后一个字节 unpadding 次 + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +} + +func PKCS7Padding(ciphertext []byte, blockSize int) []byte { + padding := blockSize - len(ciphertext)%blockSize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(ciphertext, padtext...) +} + +func PKCS7UnPadding(origData []byte) []byte { + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +} diff --git a/utils/utils_windows.go b/utils/utils_windows.go new file mode 100644 index 0000000..b0b94c7 --- /dev/null +++ b/utils/utils_windows.go @@ -0,0 +1,26 @@ +package utils + +const ( + winChromeDir = "/Users/*/Library/Application Support/Google/Chrome/*/" +) + +func GetDBPath(dbName string) string { + s, err := filepath.Glob(winChromeDir + dbName) + if err != nil && len(s) == 0 { + panic(err) + } + return s[0] +} + +func AesGCMDecrypt(crypted, key, nounce []byte) ([]byte, error) { + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + blockMode, _ := cipher.NewGCM(block) + origData, err := blockMode.Open(nil, nounce, crypted, nil) + if err != nil{ + return nil, err + } + return origData, nil +}