Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:45

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 
Author Message
 Post subject: Anybody got any Information About Google Chrome??
PostPosted: 05 May 2009 06:27 

Joined: 03 May 2009 05:10
Posts: 16
i googled alot but with no hope, no information at all, but nirsofer did it :S


Top
 Profile  
 
 
 Post subject: Re: Anybody got any Information About Google Chrome??
PostPosted: 05 May 2009 10:09 

Joined: 27 Apr 2009 20:59
Posts: 9
nir sofer is awesome


Top
 Profile  
 
 Post subject: Re: Anybody got any Information About Google Chrome??
PostPosted: 05 May 2009 16:19 

Joined: 03 May 2009 05:10
Posts: 16
Luigi is better, he believes in sharing and open source :D


Top
 Profile  
 
 Post subject: Re: Anybody got any Information About Google Chrome??
PostPosted: 05 May 2009 17:00 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
luckily it's a quick and easy job :)
the passwords are stored in a sqlite file called "Web Data" and located in the folder:
Code:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
where, obviously, instead of Administrator you will have your windows username.

now all the passwords are stored in the "logins" table under the "BLOB" column.
as the name suggests the BLOB values are exactly the classical encrypted sequences of bytes generated with CryptProtectData, so if you call CryptUnprotectData with one of the BLOB values you will get the clear-text password.

the only boring thing is navigating through the "Web Data" database and accessing the blob bytes, because SQLiteSpy (http://www.yunqa.de/delphi/doku.php/products/sqlitespy/) allows to explore the file easily but not to dump the BLOB bytes and sqlite3 (http://www.sqlite.org) is too boring to use (at least for me because I have zero experience with databases so it's my fault only).

so I have opted for the most lame and stupid solution (afterall it's only a test), I have opened "Web Data" with a hex editor and I have searched all the sequences of bytes starting with the bytes visualized by sqlitespy in the BLOB columns (01 00 00 00 ...) and have dumped each one of them (at least 146 bytes) in a different file and then I have simply called cunprot (http://aluigi.org/pwdrec.htm#cunprot):

cunprot.exe dumped_file.dat

which shows the password in clear text plus some additional bytes (for example 0x01 0x01 and "LMEM")
hope it helps


Top
 Profile  
 
 Post subject: Re: Anybody got any Information About Google Chrome??
PostPosted: 05 May 2009 22:08 

Joined: 03 May 2009 05:10
Posts: 16
well im still new, so little help??
how can i dump this data?
i fould the part that says siteusernamepass but i dunno what to do then? im using HexWorkshop
thanks


Top
 Profile  
 
 Post subject: Re: Anybody got any Information About Google Chrome??
PostPosted: 06 May 2009 00:19 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
fastest step-by-step:
- download sqlite: http://www.sqlite.org/sqlite-3_6_13.zip
- sqlite.exe "Web Data"
- .dump logins
- copy the long hexadecimal string (010000000...) in the clipboard or in a new file
- cunprot.exe LONG_STRING


Top
 Profile  
 
 Post subject: Re: Anybody got any Information About Google Chrome??
PostPosted: 06 May 2009 05:02 

Joined: 03 May 2009 05:10
Posts: 16
thanks, got it now, ill start from there :D


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: