![]() ![]() ![]() The encryption of the cookies is performed with AES-256 in GCM mode. Path = r'%LocalAppData%\Google\Chrome\User Data\Local State'Įncrypted_key = base64.b64decode(encrypted_key) # Base64 decodingĮncrypted_key = encrypted_key # Remove DPAPIĭecrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0) # Decrypt key The decryption returns a tuple whose second value contains the decrypted key: import os Afterwards a decryption with win32crypt.CryptUnprotectData is possible. the key must first be Base64 decoded and the first 5 bytes must be removed. The encrypted key starts with the ASCII encoding of DPAPI (i.e. The details are described here, section Chrome v80.0 and higher. The applied key is encrypted using DPAPI. Since Chrome version 80 and higher, cookies are encrypted using AES-256 in GCM mode. It seems that after update 80 it is no longer a valid solution.Īccording to this blog post it seems that i need to CryptUnprotectData on encrypted_key from Local State file, than somehow decrypt cookie, using decrypted key.įor the first part i got my encrypted_key path = r'%LocalAppData%\Google\Chrome\User Data\Local State'Įncrypted_key = json.loads(file.read())Įncrypted_key = bytearray(encrypted_key, 'utf-8')ĭecrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)Īnd got exception: pywintypes.error: (13, 'CryptProtectData', 'The data is invalid.')Īlso for the second part of encryption, it seems that i should use pycryptodome, something like this snippet: cipher = AES.new(encrypted_key, AES.MODE_GCM, nonce=nonce)īut i can't figure out where i should get nonce valueĬan someone explain, how to do Chrome cookies decrypting correctly? I had a working script for opening and decrypting Google Chrome cookies which looked like: decrypted = win32crypt.CryptUnprotectData(enctypted_cookie_value, None, None, None, 0) ![]()
0 Comments
Leave a Reply. |