fiberpax.blogg.se

What is beautiful about this, is that we do not actually need the user’s keychain password to access this Safe Storage Key.

What we need is stored in the user’s keychain as “Chrome Safe Storage”. Password: This is the important non-constant part.Iterations: 1003 (constant) for symmetric key derivation.Salt: The salt is ‘saltysalt’ (constant).The decryption key is a PBKDF2 key generated with the following: In this source code we find the following information:Įncryption Scheme: AES-128 CBC with a constant salt and constant iterations. What kind of encryption you ask? Well, lets refer to the Google Chromium Source Code for that information. We can get around this by directly querying the Google Chrome SQL database that is stored in “ ~/Library/Application Support/Google/Chrome/Profile */Login Data” on macOS.įor each password that you have saved in Google Chrome, there is a field that looks something like this in this “Login Data” database:įor this user we have this encrypted blob of data that begins with v10. Who needs it! This is very inconvenient, and it mandates that you know the password of the local user on whatever box you’re on. The current way of exporting passwords from Google Chrome is to open the Chrome browser, navigate to settings, then click “manage passwords”, then be presented with the following for each of your passwords that you want to access. What are we macOS users to do when we need a way to quickly dump all of our stored passwords in Google Chrome? However, all of these implementations are for the Windows OS only. There are a number of open source programs out there that decrypt passwords that you store in Google Chrome. There’s nothing new here and I’m simply just re-trying what was originally researched in the above articles but I was interested to see if the Windows POC still works 6-years later, and it does.Decrypting Google Chrome Passwords on macOS / OS X Without the password stored in there it would be computationally very difficult to break the AES encryption.

This malware would easily run in the user context and could therefore extract all of Chrome’s saved passwords and send them off to a C&C.Ĭhrome on macOS is a little more secure because the user would need to enter the keychain password to allow any scripts access to Chrome Safe Storage. Let’s say a user gets phished and accidently installs malware on their machine. Whilst this isn’t a vulnerability, it is concerning especially in Windows.