English | δΈζ
Get the User:Password from Chrome(include version < 80 and version > 80)
All version
Windows
-
Install
set CGO_ENABLED=1 & go install github.com/godoes/HackChrome@latest
-
Open cmd or powershell
HackChrome -h # output: Usage of HackChrome: -edge true or false, default is false and chrome is used.
-
Run
# Google Chrome: HackChrome > netpass.txt # Microsoft Edge: HackChrome -edge > netpass.txt
- version < 80
User:Password pairs were stored in the file named "Login Data".
Password was encrypted, But we can use "CryptUnprotectData" Function in "Crypt32.dll" to decrypt them.
Finally, We get the plaintext of the User:Password pairs stored in Chrome
- version > 80
Based on the Algorithm used by "version < 80", It use AES-GCM to encrypt the password via a and a .
The can be found in the "Local State" file, and can be decrypted by "CryptUnprotectData" mentioned above.
The can be found at the beginning of the encrypted_password.
Therefore, we can decrypt all the password.
- Merge the result
If someone updates the Chrome recently, we need to find the two ways of User:Password pairs.
What's more, I use some rules to merge the results into an array.
The Project follows MIT LICENSE.