mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-07-06 21:37:47 +02:00
refactor: rename keys package to masterkey
"keys" was too generic — it collided with the keys local var, the keys.MasterKeys field, and the CLI keys subcommand. Folds in PickOptions→DiscoverOptions and browser/ comment cleanup.
This commit is contained in:
+9
-3
@@ -79,15 +79,21 @@ linters:
|
|||||||
funlen:
|
funlen:
|
||||||
lines: -1
|
lines: -1
|
||||||
statements: 50
|
statements: 50
|
||||||
|
# goconst kept deliberately lenient (above the default min-occurrences: 3) — short, repeated
|
||||||
|
# literals like test fixtures and scheme strings aren't worth extracting into named constants.
|
||||||
goconst:
|
goconst:
|
||||||
min-len: 2
|
min-len: 5
|
||||||
min-occurrences: 3
|
min-occurrences: 5
|
||||||
ignore-string-values:
|
ignore-string-values:
|
||||||
- "all"
|
- "all"
|
||||||
- "csv"
|
- "csv"
|
||||||
- "json"
|
- "json"
|
||||||
- "https"
|
- "https"
|
||||||
- "http"
|
- "http"
|
||||||
|
# browser registry keys/names — declarative table, not worth constants
|
||||||
|
- "chrome"
|
||||||
|
- "Chrome"
|
||||||
|
- "firefox"
|
||||||
gocritic:
|
gocritic:
|
||||||
enabled-tags:
|
enabled-tags:
|
||||||
- diagnostic
|
- diagnostic
|
||||||
@@ -174,7 +180,7 @@ linters:
|
|||||||
- path: "cmd/hack-browser-data/main.go"
|
- path: "cmd/hack-browser-data/main.go"
|
||||||
linters:
|
linters:
|
||||||
- lll
|
- lll
|
||||||
- path: "keys/gcoredump_darwin.go"
|
- path: "masterkey/gcoredump_darwin.go"
|
||||||
linters:
|
linters:
|
||||||
- gocognit
|
- gocognit
|
||||||
|
|
||||||
|
|||||||
@@ -63,7 +63,7 @@ make payload-clean # rm crypto/*.bin
|
|||||||
- **Error handling**: `fmt.Errorf("context: %w", err)` for wrapping, never `_ =` to ignore errors
|
- **Error handling**: `fmt.Errorf("context: %w", err)` for wrapping, never `_ =` to ignore errors
|
||||||
- **Logging**: `log.Debugf` for record-level diagnostics, `log.Infof` for user-facing progress/status, `log.Warnf` for unexpected conditions. Extract methods should return errors, not log them.
|
- **Logging**: `log.Debugf` for record-level diagnostics, `log.Infof` for user-facing progress/status, `log.Warnf` for unexpected conditions. Extract methods should return errors, not log them.
|
||||||
- **Naming**: follow Go conventions — `Config` not `BrowserConfig`, `Extract` not `BrowsingData`
|
- **Naming**: follow Go conventions — `Config` not `BrowserConfig`, `Extract` not `BrowsingData`
|
||||||
- **Comment width**: wrap comments at 120 columns (matches `.golangci.yml` `lll.line-length`)
|
- **Comment width**: wrap comments at 140 columns (matches `.golangci.yml` `lll.line-length`)
|
||||||
- **Tests**: use `t.TempDir()` for filesystem tests, `go-sqlmock` for database tests
|
- **Tests**: use `t.TempDir()` for filesystem tests, `go-sqlmock` for database tests
|
||||||
- **Architecture**: see `rfcs/` for design documents
|
- **Architecture**: see `rfcs/` for design documents
|
||||||
|
|
||||||
|
|||||||
+21
-57
@@ -9,14 +9,12 @@ import (
|
|||||||
"github.com/moond4rk/hackbrowserdata/browser/chromium"
|
"github.com/moond4rk/hackbrowserdata/browser/chromium"
|
||||||
"github.com/moond4rk/hackbrowserdata/browser/firefox"
|
"github.com/moond4rk/hackbrowserdata/browser/firefox"
|
||||||
"github.com/moond4rk/hackbrowserdata/browser/safari"
|
"github.com/moond4rk/hackbrowserdata/browser/safari"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Browser is one installation: a single resolved UserDataDir that holds its
|
// Browser is one installation: a UserDataDir holding profiles that (for Chromium) share one master key.
|
||||||
// profiles and, for Chromium, owns the master key shared across them. It is
|
|
||||||
// implemented by chromium.Browser, firefox.Browser, and safari.Browser.
|
|
||||||
type Browser interface {
|
type Browser interface {
|
||||||
BrowserName() string
|
BrowserName() string
|
||||||
UserDataDir() string
|
UserDataDir() string
|
||||||
@@ -25,31 +23,18 @@ type Browser interface {
|
|||||||
CountEntries(categories []types.Category) ([]types.CountResult, error)
|
CountEntries(categories []types.Category) ([]types.CountResult, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// PickOptions configures which browsers to pick.
|
type DiscoverOptions struct {
|
||||||
type PickOptions struct {
|
Name string // "all"|"chrome"|"firefox"|...
|
||||||
Name string // browser name filter: "all"|"chrome"|"firefox"|...
|
ProfilePath string // custom profile dir override
|
||||||
ProfilePath string // custom profile directory override
|
|
||||||
KeychainPassword string // macOS only — see browser_darwin.go
|
KeychainPassword string // macOS only — see browser_darwin.go
|
||||||
}
|
}
|
||||||
|
|
||||||
// browserInjector wires decryption credentials (key retrievers and, on macOS,
|
// browserInjector injects decryption credentials into a Browser; built per-platform by newCredentialInjector.
|
||||||
// the Keychain password) into a discovered Browser. Its construction is
|
|
||||||
// platform-specific; see newCredentialInjector in browser_{darwin,linux,windows}.go.
|
|
||||||
type browserInjector func(Browser)
|
type browserInjector func(Browser)
|
||||||
|
|
||||||
// DiscoverBrowsersWithKeys returns installations that are fully wired up for Extract: the
|
// DiscoverBrowsersWithKeys is DiscoverBrowsers plus credential injection, so the returned installations are ready for Extract.
|
||||||
// key retriever chain and (on macOS) the Keychain password are already
|
// On macOS it may prompt for the login password — metadata-only callers should use DiscoverBrowsers to avoid the prompt.
|
||||||
// injected, so the caller can call b.Extract directly. This is the entry
|
func DiscoverBrowsersWithKeys(opts DiscoverOptions) ([]Browser, error) {
|
||||||
// point for extraction workflows like `dump`.
|
|
||||||
//
|
|
||||||
// On macOS this may trigger an interactive prompt for the login password
|
|
||||||
// when the target set includes a Chromium variant or Safari. Commands that
|
|
||||||
// only need metadata (name, profile path, per-category counts) should use
|
|
||||||
// DiscoverBrowsers instead to skip injection — and thereby the prompt.
|
|
||||||
//
|
|
||||||
// When Name is "all", all known browsers are tried. ProfilePath overrides
|
|
||||||
// the default user data directory (only when targeting a specific browser).
|
|
||||||
func DiscoverBrowsersWithKeys(opts PickOptions) ([]Browser, error) {
|
|
||||||
browsers, err := DiscoverBrowsers(opts)
|
browsers, err := DiscoverBrowsers(opts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -61,24 +46,14 @@ func DiscoverBrowsersWithKeys(opts PickOptions) ([]Browser, error) {
|
|||||||
return browsers, nil
|
return browsers, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// DiscoverBrowsers returns installations for metadata-only workflows — listing,
|
// DiscoverBrowsers skips credential injection: metadata (Profiles, CountEntries) works, Extract won't decrypt protected data,
|
||||||
// profile paths, per-category counts. Decryption dependencies are NOT
|
// and macOS never prompts. Use it for list-style commands.
|
||||||
// injected, so calling b.Extract on the returned browsers will not
|
func DiscoverBrowsers(opts DiscoverOptions) ([]Browser, error) {
|
||||||
// successfully decrypt protected data (passwords, cookies, credit cards).
|
return discoverFromConfigs(platformBrowsers(), opts)
|
||||||
// CountEntries, BrowserName, and Profiles all work correctly without injection.
|
|
||||||
//
|
|
||||||
// Unlike DiscoverBrowsersWithKeys, DiscoverBrowsers never prompts for the macOS
|
|
||||||
// Keychain password, making it the correct choice for `list`-style
|
|
||||||
// commands that have no use for the credential.
|
|
||||||
func DiscoverBrowsers(opts PickOptions) ([]Browser, error) {
|
|
||||||
return pickFromConfigs(platformBrowsers(), opts)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// pickFromConfigs is the testable core of DiscoverBrowsers: it filters the
|
// discoverFromConfigs is the testable core of DiscoverBrowsers; it deliberately does no credential injection.
|
||||||
// platform browser list and discovers each matching installation (one Browser
|
func discoverFromConfigs(configs []types.BrowserConfig, opts DiscoverOptions) ([]Browser, error) {
|
||||||
// per UserDataDir, holding its profiles). Dependency injection (key retrievers,
|
|
||||||
// keychain credentials) is intentionally NOT done here.
|
|
||||||
func pickFromConfigs(configs []types.BrowserConfig, opts PickOptions) ([]Browser, error) {
|
|
||||||
name := strings.ToLower(opts.Name)
|
name := strings.ToLower(opts.Name)
|
||||||
if name == "" {
|
if name == "" {
|
||||||
name = "all"
|
name = "all"
|
||||||
@@ -92,7 +67,6 @@ func pickFromConfigs(configs []types.BrowserConfig, opts PickOptions) ([]Browser
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// Override profile directory when targeting a specific browser.
|
|
||||||
if opts.ProfilePath != "" && name != "all" {
|
if opts.ProfilePath != "" && name != "all" {
|
||||||
if cfg.Kind == types.Firefox {
|
if cfg.Kind == types.Firefox {
|
||||||
cfg.UserDataDir = filepath.Dir(filepath.Clean(opts.ProfilePath))
|
cfg.UserDataDir = filepath.Dir(filepath.Clean(opts.ProfilePath))
|
||||||
@@ -116,10 +90,10 @@ func pickFromConfigs(configs []types.BrowserConfig, opts PickOptions) ([]Browser
|
|||||||
return browsers, nil
|
return browsers, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// KeyManager is implemented by installations that accept externally-provided master-key retrievers (Chromium family only).
|
// KeyManager is implemented by installations accepting external master-key retrievers (Chromium only).
|
||||||
type KeyManager interface {
|
type KeyManager interface {
|
||||||
SetRetrievers(keys.Retrievers)
|
SetRetrievers(masterkey.Retrievers)
|
||||||
ExportKeys() (keys.MasterKeys, error)
|
ExportKeys() (masterkey.MasterKeys, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// KeychainPasswordReceiver is implemented by installations that need the macOS login password (Safari only).
|
// KeychainPasswordReceiver is implemented by installations that need the macOS login password (Safari only).
|
||||||
@@ -127,17 +101,8 @@ type KeychainPasswordReceiver interface {
|
|||||||
SetKeychainPassword(string)
|
SetKeychainPassword(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
// resolveGlobs expands glob patterns in browser configs' UserDataDir.
|
// resolveGlobs expands UserDataDir glob patterns for Windows MSIX/UWP browsers whose package dirs carry a dynamic
|
||||||
// This supports MSIX/UWP browsers on Windows whose package directories
|
// publisher-hash suffix (e.g. "TheBrowserCompany.Arc_*"). A glob matching N dirs yields N configs.
|
||||||
// contain a dynamic publisher hash suffix (e.g., "TheBrowserCompany.Arc_*").
|
|
||||||
//
|
|
||||||
// For literal paths (no glob metacharacters), Glob returns the path itself
|
|
||||||
// when it exists, so the config passes through unchanged. When a path does
|
|
||||||
// not exist and contains no metacharacters, Glob returns nil and the
|
|
||||||
// original config is preserved — the main loop handles "not found" as usual.
|
|
||||||
//
|
|
||||||
// When a glob matches multiple directories, the config is duplicated so
|
|
||||||
// each resolved path is treated as a separate browser data directory.
|
|
||||||
func resolveGlobs(configs []types.BrowserConfig) []types.BrowserConfig {
|
func resolveGlobs(configs []types.BrowserConfig) []types.BrowserConfig {
|
||||||
var out []types.BrowserConfig
|
var out []types.BrowserConfig
|
||||||
for _, cfg := range configs {
|
for _, cfg := range configs {
|
||||||
@@ -155,8 +120,7 @@ func resolveGlobs(configs []types.BrowserConfig) []types.BrowserConfig {
|
|||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// newBrowser dispatches to the correct engine based on BrowserKind and returns
|
// newBrowser dispatches on BrowserKind, returning a nil Browser when no profile is found.
|
||||||
// one installation, or a nil Browser when no profile was found.
|
|
||||||
func newBrowser(cfg types.BrowserConfig) (Browser, error) {
|
func newBrowser(cfg types.BrowserConfig) (Browser, error) {
|
||||||
switch cfg.Kind {
|
switch cfg.Kind {
|
||||||
case types.Chromium, types.ChromiumYandex, types.ChromiumOpera:
|
case types.Chromium, types.ChromiumYandex, types.ChromiumOpera:
|
||||||
|
|||||||
@@ -9,8 +9,8 @@ import (
|
|||||||
"github.com/moond4rk/keychainbreaker"
|
"github.com/moond4rk/keychainbreaker"
|
||||||
"golang.org/x/term"
|
"golang.org/x/term"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -108,13 +108,8 @@ func platformBrowsers() []types.BrowserConfig {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// resolveKeychainPassword returns the keychain password for macOS.
|
// resolveKeychainPassword resolves the macOS login password (CLI flag, else TTY prompt) and verifies it against
|
||||||
// If not provided via CLI flag, it prompts interactively when stdin is a TTY.
|
// keychainbreaker. On any failure it returns "" so callers fall back to no-password mode rather than a known-bad credential.
|
||||||
// After obtaining the password, it verifies against keychainbreaker; on any
|
|
||||||
// failure it returns "" so downstream code enters "no password" mode rather
|
|
||||||
// than propagating a known-bad credential. Safari then exports
|
|
||||||
// keychain-protected entries as metadata-only via keychainbreaker's partial
|
|
||||||
// extraction mode; Chromium falls back to SecurityCmdRetriever.
|
|
||||||
func resolveKeychainPassword(flagPassword string) string {
|
func resolveKeychainPassword(flagPassword string) string {
|
||||||
password := flagPassword
|
password := flagPassword
|
||||||
if password == "" {
|
if password == "" {
|
||||||
@@ -137,10 +132,6 @@ func resolveKeychainPassword(flagPassword string) string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify early: try to unlock keychain with keychainbreaker. On failure
|
|
||||||
// return "" so KeychainPasswordRetriever and Safari both skip the credential
|
|
||||||
// and rely on their respective fallback paths (SecurityCmdRetriever for
|
|
||||||
// Chromium, metadata-only export for Safari).
|
|
||||||
kc, err := keychainbreaker.Open()
|
kc, err := keychainbreaker.Open()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warnf("keychain open failed: %v; keychain-protected data will be exported as metadata only", err)
|
log.Warnf("keychain open failed: %v; keychain-protected data will be exported as metadata only", err)
|
||||||
@@ -157,10 +148,10 @@ func resolveKeychainPassword(flagPassword string) string {
|
|||||||
|
|
||||||
// newCredentialInjector lazily wires retrievers (and the macOS keychain password) into each Browser;
|
// newCredentialInjector lazily wires retrievers (and the macOS keychain password) into each Browser;
|
||||||
// `-b firefox` never triggers a keychain prompt because lazy resolution skips browsers that need neither.
|
// `-b firefox` never triggers a keychain prompt because lazy resolution skips browsers that need neither.
|
||||||
func newCredentialInjector(opts PickOptions) browserInjector {
|
func newCredentialInjector(opts DiscoverOptions) browserInjector {
|
||||||
var (
|
var (
|
||||||
password string
|
password string
|
||||||
retrievers keys.Retrievers
|
retrievers masterkey.Retrievers
|
||||||
resolved bool
|
resolved bool
|
||||||
)
|
)
|
||||||
return func(b Browser) {
|
return func(b Browser) {
|
||||||
@@ -171,7 +162,7 @@ func newCredentialInjector(opts PickOptions) browserInjector {
|
|||||||
}
|
}
|
||||||
if !resolved {
|
if !resolved {
|
||||||
password = resolveKeychainPassword(opts.KeychainPassword)
|
password = resolveKeychainPassword(opts.KeychainPassword)
|
||||||
retrievers = keys.DefaultRetrievers(password)
|
retrievers = masterkey.DefaultRetrievers(password)
|
||||||
resolved = true
|
resolved = true
|
||||||
}
|
}
|
||||||
if needsRetrievers {
|
if needsRetrievers {
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
package browser
|
package browser
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -67,13 +67,10 @@ func platformBrowsers() []types.BrowserConfig {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// newCredentialInjector returns a closure that wires the Linux Chromium master-key retrievers into
|
// newCredentialInjector wires the Linux Chromium retrievers: V10 ("peanuts" hardcoded) and V11 (D-Bus Secret Service),
|
||||||
// each Browser. Linux has two tiers: V10 uses the "peanuts" hardcoded password (kV10Key); V11
|
// run independently for mixed-cipher profiles. V20 is nil — App-Bound Encryption is Windows-only.
|
||||||
// uses the D-Bus Secret Service keyring (kV11Key). V20 is nil — App-Bound Encryption is Windows-
|
func newCredentialInjector(_ DiscoverOptions) browserInjector {
|
||||||
// only. Both V10 and V11 run independently so a profile carrying mixed cipher prefixes decrypts
|
retrievers := masterkey.DefaultRetrievers()
|
||||||
// both tiers.
|
|
||||||
func newCredentialInjector(_ PickOptions) browserInjector {
|
|
||||||
retrievers := keys.DefaultRetrievers()
|
|
||||||
return func(b Browser) {
|
return func(b Browser) {
|
||||||
if km, ok := b.(KeyManager); ok {
|
if km, ok := b.(KeyManager); ok {
|
||||||
km.SetRetrievers(retrievers)
|
km.SetRetrievers(retrievers)
|
||||||
|
|||||||
+18
-18
@@ -28,7 +28,7 @@ func TestListBrowsers(t *testing.T) {
|
|||||||
type pickTest struct {
|
type pickTest struct {
|
||||||
name string
|
name string
|
||||||
configs []types.BrowserConfig
|
configs []types.BrowserConfig
|
||||||
opts PickOptions
|
opts DiscoverOptions
|
||||||
wantNames []string
|
wantNames []string
|
||||||
wantProfiles []string
|
wantProfiles []string
|
||||||
}
|
}
|
||||||
@@ -37,7 +37,7 @@ func runPickTests(t *testing.T, tests []pickTest) {
|
|||||||
t.Helper()
|
t.Helper()
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
browsers, err := pickFromConfigs(tt.configs, tt.opts)
|
browsers, err := discoverFromConfigs(tt.configs, tt.opts)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assertBrowsers(t, browsers, tt.wantNames, tt.wantProfiles)
|
assertBrowsers(t, browsers, tt.wantNames, tt.wantProfiles)
|
||||||
})
|
})
|
||||||
@@ -90,28 +90,28 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
{
|
{
|
||||||
name: "exact match",
|
name: "exact match",
|
||||||
configs: nameFilterConfigs,
|
configs: nameFilterConfigs,
|
||||||
opts: PickOptions{Name: "chrome"},
|
opts: DiscoverOptions{Name: "chrome"},
|
||||||
wantNames: []string{"Chrome"},
|
wantNames: []string{"Chrome"},
|
||||||
wantProfiles: []string{"Default"},
|
wantProfiles: []string{"Default"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "case insensitive",
|
name: "case insensitive",
|
||||||
configs: nameFilterConfigs,
|
configs: nameFilterConfigs,
|
||||||
opts: PickOptions{Name: "Chrome"},
|
opts: DiscoverOptions{Name: "Chrome"},
|
||||||
wantNames: []string{"Chrome"},
|
wantNames: []string{"Chrome"},
|
||||||
wantProfiles: []string{"Default"},
|
wantProfiles: []string{"Default"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "all returns both",
|
name: "all returns both",
|
||||||
configs: nameFilterConfigs,
|
configs: nameFilterConfigs,
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Chrome", "Edge"},
|
wantNames: []string{"Chrome", "Edge"},
|
||||||
wantProfiles: []string{"Default", "Default"},
|
wantProfiles: []string{"Default", "Default"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "unknown returns empty",
|
name: "unknown returns empty",
|
||||||
configs: nameFilterConfigs,
|
configs: nameFilterConfigs,
|
||||||
opts: PickOptions{Name: "safari"},
|
opts: DiscoverOptions{Name: "safari"},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
@@ -123,7 +123,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: chromeDir},
|
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: chromeDir},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Chrome", "Chrome"},
|
wantNames: []string{"Chrome", "Chrome"},
|
||||||
wantProfiles: []string{"Default", "Profile 1"},
|
wantProfiles: []string{"Default", "Profile 1"},
|
||||||
},
|
},
|
||||||
@@ -132,7 +132,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "firefox", Name: "Firefox", Kind: types.Firefox, UserDataDir: firefoxDir},
|
{Key: "firefox", Name: "Firefox", Kind: types.Firefox, UserDataDir: firefoxDir},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Firefox"},
|
wantNames: []string{"Firefox"},
|
||||||
wantProfiles: []string{"abc123.default-release"},
|
wantProfiles: []string{"abc123.default-release"},
|
||||||
},
|
},
|
||||||
@@ -141,7 +141,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "yandex", Name: "Yandex", Kind: types.ChromiumYandex, UserDataDir: yandexDir},
|
{Key: "yandex", Name: "Yandex", Kind: types.ChromiumYandex, UserDataDir: yandexDir},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Yandex"},
|
wantNames: []string{"Yandex"},
|
||||||
wantProfiles: []string{"Default"},
|
wantProfiles: []string{"Default"},
|
||||||
},
|
},
|
||||||
@@ -150,7 +150,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: "/nonexistent"},
|
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: "/nonexistent"},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
@@ -162,7 +162,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: "/wrong"},
|
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: "/wrong"},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "chrome", ProfilePath: filepath.Join(chromeDir, "Default")},
|
opts: DiscoverOptions{Name: "chrome", ProfilePath: filepath.Join(chromeDir, "Default")},
|
||||||
wantNames: []string{"Chrome"},
|
wantNames: []string{"Chrome"},
|
||||||
wantProfiles: []string{"Default"},
|
wantProfiles: []string{"Default"},
|
||||||
},
|
},
|
||||||
@@ -171,7 +171,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "firefox", Name: "Firefox", Kind: types.Firefox, UserDataDir: "/wrong"},
|
{Key: "firefox", Name: "Firefox", Kind: types.Firefox, UserDataDir: "/wrong"},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "firefox", ProfilePath: filepath.Join(firefoxDir, "abc123.default-release")},
|
opts: DiscoverOptions{Name: "firefox", ProfilePath: filepath.Join(firefoxDir, "abc123.default-release")},
|
||||||
wantNames: []string{"Firefox"},
|
wantNames: []string{"Firefox"},
|
||||||
wantProfiles: []string{"abc123.default-release"},
|
wantProfiles: []string{"abc123.default-release"},
|
||||||
},
|
},
|
||||||
@@ -180,7 +180,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: chromeDir},
|
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: chromeDir},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all", ProfilePath: "/some/override"},
|
opts: DiscoverOptions{Name: "all", ProfilePath: "/some/override"},
|
||||||
wantNames: []string{"Chrome", "Chrome"},
|
wantNames: []string{"Chrome", "Chrome"},
|
||||||
wantProfiles: []string{"Default", "Profile 1"},
|
wantProfiles: []string{"Default", "Profile 1"},
|
||||||
},
|
},
|
||||||
@@ -194,7 +194,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "solo", Name: "Solo", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "Solo.Browser_*", "UserData")},
|
{Key: "solo", Name: "Solo", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "Solo.Browser_*", "UserData")},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Solo"},
|
wantNames: []string{"Solo"},
|
||||||
wantProfiles: []string{"Default"},
|
wantProfiles: []string{"Default"},
|
||||||
},
|
},
|
||||||
@@ -203,7 +203,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "arc", Name: "Arc", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "App.Browser_*", "UserData")},
|
{Key: "arc", Name: "Arc", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "App.Browser_*", "UserData")},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Arc", "Arc"},
|
wantNames: []string{"Arc", "Arc"},
|
||||||
wantProfiles: []string{"Default", "Default"},
|
wantProfiles: []string{"Default", "Default"},
|
||||||
},
|
},
|
||||||
@@ -212,7 +212,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
configs: []types.BrowserConfig{
|
configs: []types.BrowserConfig{
|
||||||
{Key: "missing", Name: "Missing", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "NoSuch_*", "UserData")},
|
{Key: "missing", Name: "Missing", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "NoSuch_*", "UserData")},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "mixed with literal",
|
name: "mixed with literal",
|
||||||
@@ -220,7 +220,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: singleDir},
|
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: singleDir},
|
||||||
{Key: "arc", Name: "Arc", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "Solo.Browser_*", "UserData")},
|
{Key: "arc", Name: "Arc", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "Solo.Browser_*", "UserData")},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "all"},
|
opts: DiscoverOptions{Name: "all"},
|
||||||
wantNames: []string{"Arc", "Chrome"},
|
wantNames: []string{"Arc", "Chrome"},
|
||||||
wantProfiles: []string{"Default", "Default"},
|
wantProfiles: []string{"Default", "Default"},
|
||||||
},
|
},
|
||||||
@@ -230,7 +230,7 @@ func TestPickFromConfigs(t *testing.T) {
|
|||||||
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: singleDir},
|
{Key: "chrome", Name: "Chrome", Kind: types.Chromium, UserDataDir: singleDir},
|
||||||
{Key: "arc", Name: "Arc", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "App.Browser_*", "UserData")},
|
{Key: "arc", Name: "Arc", Kind: types.Chromium, UserDataDir: filepath.Join(globBase, "App.Browser_*", "UserData")},
|
||||||
},
|
},
|
||||||
opts: PickOptions{Name: "arc"},
|
opts: DiscoverOptions{Name: "arc"},
|
||||||
wantNames: []string{"Arc", "Arc"},
|
wantNames: []string{"Arc", "Arc"},
|
||||||
wantProfiles: []string{"Default", "Default"},
|
wantProfiles: []string{"Default", "Default"},
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
package browser
|
package browser
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -125,12 +125,10 @@ func platformBrowsers() []types.BrowserConfig {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// newCredentialInjector returns a closure that wires the Windows v10 (DPAPI) and v20 (ABE) Chromium
|
// newCredentialInjector wires the Windows Chromium retrievers: v10 (DPAPI) and v20 (ABE). The two tiers are orthogonal
|
||||||
// master-key retrievers into each Browser. Per issue #578 the two tiers are orthogonal — a single
|
// — a pre-127-upgraded profile carries v20 cookies alongside v10 passwords — so both run independently, not as a chain.
|
||||||
// Chrome profile upgraded from pre-127 carries v20 cookies alongside v10 passwords — so both
|
func newCredentialInjector(_ DiscoverOptions) browserInjector {
|
||||||
// retrievers run independently rather than as a first-success chain.
|
retrievers := masterkey.DefaultRetrievers()
|
||||||
func newCredentialInjector(_ PickOptions) browserInjector {
|
|
||||||
retrievers := keys.DefaultRetrievers()
|
|
||||||
return func(b Browser) {
|
return func(b Browser) {
|
||||||
if km, ok := b.(KeyManager); ok {
|
if km, ok := b.(KeyManager); ok {
|
||||||
km.SetRetrievers(retrievers)
|
km.SetRetrievers(retrievers)
|
||||||
|
|||||||
@@ -7,8 +7,8 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/filemanager"
|
"github.com/moond4rk/hackbrowserdata/filemanager"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
|
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
|
||||||
)
|
)
|
||||||
@@ -17,11 +17,11 @@ import (
|
|||||||
// that share a master key. The key is derived once and reused across profiles.
|
// that share a master key. The key is derived once and reused across profiles.
|
||||||
type Browser struct {
|
type Browser struct {
|
||||||
cfg types.BrowserConfig
|
cfg types.BrowserConfig
|
||||||
retrievers keys.Retrievers
|
retrievers masterkey.Retrievers
|
||||||
profiles []*profile
|
profiles []*profile
|
||||||
|
|
||||||
keysOnce sync.Once
|
keysOnce sync.Once
|
||||||
keys keys.MasterKeys
|
keys masterkey.MasterKeys
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewBrowser discovers the profiles under cfg.UserDataDir, or returns nil if none resolve.
|
// NewBrowser discovers the profiles under cfg.UserDataDir, or returns nil if none resolve.
|
||||||
@@ -52,7 +52,7 @@ func NewBrowser(cfg types.BrowserConfig) (*Browser, error) {
|
|||||||
|
|
||||||
// SetRetrievers wires the per-tier master-key retrievers (V10/V11/V20) used by
|
// SetRetrievers wires the per-tier master-key retrievers (V10/V11/V20) used by
|
||||||
// Extract; unused tiers stay nil.
|
// Extract; unused tiers stay nil.
|
||||||
func (b *Browser) SetRetrievers(r keys.Retrievers) { b.retrievers = r }
|
func (b *Browser) SetRetrievers(r masterkey.Retrievers) { b.retrievers = r }
|
||||||
|
|
||||||
func (b *Browser) BrowserName() string { return b.cfg.Name }
|
func (b *Browser) BrowserName() string { return b.cfg.Name }
|
||||||
func (b *Browser) UserDataDir() string { return b.cfg.UserDataDir }
|
func (b *Browser) UserDataDir() string { return b.cfg.UserDataDir }
|
||||||
@@ -93,19 +93,19 @@ func (b *Browser) CountEntries(categories []types.Category) ([]types.CountResult
|
|||||||
|
|
||||||
// ExportKeys derives the master keys without extracting. Returns the tiers that succeeded plus a
|
// ExportKeys derives the master keys without extracting. Returns the tiers that succeeded plus a
|
||||||
// joined error for those that failed — partial results matter (a v20-only failure keeps the v10 key).
|
// joined error for those that failed — partial results matter (a v20-only failure keeps the v10 key).
|
||||||
func (b *Browser) ExportKeys() (keys.MasterKeys, error) {
|
func (b *Browser) ExportKeys() (masterkey.MasterKeys, error) {
|
||||||
session, err := filemanager.NewSession()
|
session, err := filemanager.NewSession()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return keys.MasterKeys{}, err
|
return masterkey.MasterKeys{}, err
|
||||||
}
|
}
|
||||||
defer session.Cleanup()
|
defer session.Cleanup()
|
||||||
|
|
||||||
return keys.NewMasterKeys(b.retrievers, b.buildHints(session))
|
return masterkey.NewMasterKeys(b.retrievers, b.buildHints(session))
|
||||||
}
|
}
|
||||||
|
|
||||||
// masterKeys derives and caches the installation's keys exactly once (sync.Once), so a failure is
|
// masterKeys derives and caches the installation's keys exactly once (sync.Once), so a failure is
|
||||||
// warned once — no cross-profile dedup state needed.
|
// warned once — no cross-profile dedup state needed.
|
||||||
func (b *Browser) masterKeys() keys.MasterKeys {
|
func (b *Browser) masterKeys() masterkey.MasterKeys {
|
||||||
b.keysOnce.Do(func() {
|
b.keysOnce.Do(func() {
|
||||||
masterKeys, err := b.ExportKeys()
|
masterKeys, err := b.ExportKeys()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -118,7 +118,7 @@ func (b *Browser) masterKeys() keys.MasterKeys {
|
|||||||
|
|
||||||
// buildHints copies Local State into the session temp dir (so Windows DPAPI/ABE retrievers read it
|
// buildHints copies Local State into the session temp dir (so Windows DPAPI/ABE retrievers read it
|
||||||
// from a process-owned path) and assembles the Hints. Local State sits at the installation root.
|
// from a process-owned path) and assembles the Hints. Local State sits at the installation root.
|
||||||
func (b *Browser) buildHints(session *filemanager.Session) keys.Hints {
|
func (b *Browser) buildHints(session *filemanager.Session) masterkey.Hints {
|
||||||
var localStateDst string
|
var localStateDst string
|
||||||
candidate := filepath.Join(b.cfg.UserDataDir, "Local State")
|
candidate := filepath.Join(b.cfg.UserDataDir, "Local State")
|
||||||
if fileutil.FileExists(candidate) {
|
if fileutil.FileExists(candidate) {
|
||||||
@@ -134,7 +134,7 @@ func (b *Browser) buildHints(session *filemanager.Session) keys.Hints {
|
|||||||
if b.cfg.WindowsABE {
|
if b.cfg.WindowsABE {
|
||||||
abeKey = b.cfg.Key
|
abeKey = b.cfg.Key
|
||||||
}
|
}
|
||||||
return keys.Hints{
|
return masterkey.Hints{
|
||||||
KeychainLabel: b.cfg.KeychainLabel,
|
KeychainLabel: b.cfg.KeychainLabel,
|
||||||
WindowsABEKey: abeKey,
|
WindowsABEKey: abeKey,
|
||||||
LocalStatePath: localStateDst,
|
LocalStatePath: localStateDst,
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ import (
|
|||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -380,20 +380,20 @@ func TestLocalStatePath(t *testing.T) {
|
|||||||
|
|
||||||
// mockRetriever records the arguments passed to RetrieveKey.
|
// mockRetriever records the arguments passed to RetrieveKey.
|
||||||
type mockRetriever struct {
|
type mockRetriever struct {
|
||||||
hints keys.Hints
|
hints masterkey.Hints
|
||||||
key []byte
|
key []byte
|
||||||
err error
|
err error
|
||||||
called bool
|
called bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockRetriever) RetrieveKey(hints keys.Hints) ([]byte, error) {
|
func (m *mockRetriever) RetrieveKey(hints masterkey.Hints) ([]byte, error) {
|
||||||
m.called = true
|
m.called = true
|
||||||
m.hints = hints
|
m.hints = hints
|
||||||
return m.key, m.err
|
return m.key, m.err
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGetMasterKeys(t *testing.T) {
|
func TestGetMasterKeys(t *testing.T) {
|
||||||
// getMasterKeys routes through keys.NewMasterKeys on every platform — the V10 mock
|
// getMasterKeys routes through masterkey.NewMasterKeys on every platform — the V10 mock
|
||||||
// wired via SetRetrievers(Retrievers{V10: mock}) is consulted cross-platform.
|
// wired via SetRetrievers(Retrievers{V10: mock}) is consulted cross-platform.
|
||||||
|
|
||||||
// Profile directory without Local State file.
|
// Profile directory without Local State file.
|
||||||
@@ -405,7 +405,7 @@ func TestGetMasterKeys(t *testing.T) {
|
|||||||
name string
|
name string
|
||||||
dir string
|
dir string
|
||||||
keychainLabel string
|
keychainLabel string
|
||||||
retriever keys.Retriever // nil → don't call SetRetrievers
|
retriever masterkey.Retriever // nil → don't call SetRetrievers
|
||||||
wantV10 []byte
|
wantV10 []byte
|
||||||
wantKeychainLabel string
|
wantKeychainLabel string
|
||||||
wantLocalState bool // whether localStatePath passed to retriever is non-empty
|
wantLocalState bool // whether localStatePath passed to retriever is non-empty
|
||||||
@@ -442,7 +442,7 @@ func TestGetMasterKeys(t *testing.T) {
|
|||||||
require.NotNil(t, b)
|
require.NotNil(t, b)
|
||||||
|
|
||||||
if tt.retriever != nil {
|
if tt.retriever != nil {
|
||||||
b.SetRetrievers(keys.Retrievers{V10: tt.retriever})
|
b.SetRetrievers(masterkey.Retrievers{V10: tt.retriever})
|
||||||
}
|
}
|
||||||
|
|
||||||
mk := b.masterKeys()
|
mk := b.masterKeys()
|
||||||
@@ -470,7 +470,7 @@ func TestGetMasterKeys(t *testing.T) {
|
|||||||
// Before the refactor a Windows-only bypass meant only one tier's retriever was consulted, so a
|
// Before the refactor a Windows-only bypass meant only one tier's retriever was consulted, so a
|
||||||
// profile mixing prefixes silently lost the un-retrieved tier. After the refactor every
|
// profile mixing prefixes silently lost the un-retrieved tier. After the refactor every
|
||||||
// configured tier must be called exactly once and its key must land in the matching MasterKeys
|
// configured tier must be called exactly once and its key must land in the matching MasterKeys
|
||||||
// slot. This catches any future "bypass the keys package for a faster path" regression and covers the
|
// slot. This catches any future "bypass the masterkey package for a faster path" regression and covers the
|
||||||
// analogous Linux v10/v11 case — no platform silently drops a tier any more.
|
// analogous Linux v10/v11 case — no platform silently drops a tier any more.
|
||||||
func TestGetMasterKeys_AllTiersInvoked(t *testing.T) {
|
func TestGetMasterKeys_AllTiersInvoked(t *testing.T) {
|
||||||
v10mock := &mockRetriever{key: []byte("fake-v10-key")}
|
v10mock := &mockRetriever{key: []byte("fake-v10-key")}
|
||||||
@@ -483,7 +483,7 @@ func TestGetMasterKeys_AllTiersInvoked(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.NotNil(t, b)
|
require.NotNil(t, b)
|
||||||
|
|
||||||
b.SetRetrievers(keys.Retrievers{V10: v10mock, V11: v11mock, V20: v20mock})
|
b.SetRetrievers(masterkey.Retrievers{V10: v10mock, V11: v11mock, V20: v20mock})
|
||||||
|
|
||||||
mk := b.masterKeys()
|
mk := b.masterKeys()
|
||||||
assert.Equal(t, []byte("fake-v10-key"), mk.V10, "V10 slot must be populated")
|
assert.Equal(t, []byte("fake-v10-key"), mk.V10, "V10 slot must be populated")
|
||||||
@@ -521,7 +521,7 @@ func TestGetMasterKeys_WindowsABEThreading(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.NotNil(t, b)
|
require.NotNil(t, b)
|
||||||
|
|
||||||
b.SetRetrievers(keys.Retrievers{V20: mock})
|
b.SetRetrievers(masterkey.Retrievers{V20: mock})
|
||||||
|
|
||||||
b.masterKeys()
|
b.masterKeys()
|
||||||
assert.Equal(t, tt.wantABEKey, mock.hints.WindowsABEKey)
|
assert.Equal(t, tt.wantABEKey, mock.hints.WindowsABEKey)
|
||||||
@@ -540,8 +540,8 @@ func TestExtract(t *testing.T) {
|
|||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
name string
|
name string
|
||||||
retriever keys.Retriever // nil → don't call SetRetriever
|
retriever masterkey.Retriever // nil → don't call SetRetriever
|
||||||
wantRetriever bool // whether retriever should be called
|
wantRetriever bool // whether retriever should be called
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "without retriever extracts unencrypted data",
|
name: "without retriever extracts unencrypted data",
|
||||||
@@ -562,7 +562,7 @@ func TestExtract(t *testing.T) {
|
|||||||
require.NotNil(t, b)
|
require.NotNil(t, b)
|
||||||
|
|
||||||
if tt.retriever != nil {
|
if tt.retriever != nil {
|
||||||
b.SetRetrievers(keys.Retrievers{V10: tt.retriever})
|
b.SetRetrievers(masterkey.Retrievers{V10: tt.retriever})
|
||||||
}
|
}
|
||||||
|
|
||||||
results, err := b.Extract([]types.Category{types.History})
|
results, err := b.Extract([]types.Category{types.History})
|
||||||
@@ -630,12 +630,12 @@ func TestCountEntries_NoRetrieverNeeded(t *testing.T) {
|
|||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
// SetRetrievers: verify *Browser satisfies the interface used by
|
// SetRetrievers: verify *Browser satisfies the interface used by
|
||||||
// browser.pickFromConfigs for post-construction retriever injection.
|
// browser.discoverFromConfigs for post-construction retriever injection.
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
func TestSetRetrievers_SatisfiesInterface(t *testing.T) {
|
func TestSetRetrievers_SatisfiesInterface(t *testing.T) {
|
||||||
var _ interface {
|
var _ interface {
|
||||||
SetRetrievers(keys.Retrievers)
|
SetRetrievers(masterkey.Retrievers)
|
||||||
} = (*Browser)(nil)
|
} = (*Browser)(nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
// decryptValue decrypts a Chromium-encrypted value by dispatching on the ciphertext's version
|
// decryptValue decrypts a Chromium-encrypted value by dispatching on the ciphertext's version
|
||||||
@@ -18,7 +18,7 @@ import (
|
|||||||
// changes), so every applicable key must be populated upstream for lossless extraction. Missing
|
// changes), so every applicable key must be populated upstream for lossless extraction. Missing
|
||||||
// tier keys surface as decrypt errors at the ciphertext level; the extract layer treats those as
|
// tier keys surface as decrypt errors at the ciphertext level; the extract layer treats those as
|
||||||
// empty plaintexts rather than fatal errors.
|
// empty plaintexts rather than fatal errors.
|
||||||
func decryptValue(masterKeys keys.MasterKeys, ciphertext []byte) ([]byte, error) {
|
func decryptValue(masterKeys masterkey.MasterKeys, ciphertext []byte) ([]byte, error) {
|
||||||
if len(ciphertext) == 0 {
|
if len(ciphertext) == 0 {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TestDecryptValue_MixedTier is the regression test for mixed-cipher profiles (issue #578 on
|
// TestDecryptValue_MixedTier is the regression test for mixed-cipher profiles (issue #578 on
|
||||||
@@ -33,7 +33,7 @@ func TestDecryptValue_MixedTier(t *testing.T) {
|
|||||||
v20Ciphertext := append([]byte("v20"), append(nonce, gcmEnc...)...)
|
v20Ciphertext := append([]byte("v20"), append(nonce, gcmEnc...)...)
|
||||||
|
|
||||||
t.Run("all tiers populated: v20 picks V20, decrypts", func(t *testing.T) {
|
t.Run("all tiers populated: v20 picks V20, decrypts", func(t *testing.T) {
|
||||||
got, err := decryptValue(keys.MasterKeys{V10: k10, V11: k11, V20: k20}, v20Ciphertext)
|
got, err := decryptValue(masterkey.MasterKeys{V10: k10, V11: k11, V20: k20}, v20Ciphertext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, plaintext, got)
|
assert.Equal(t, plaintext, got)
|
||||||
})
|
})
|
||||||
@@ -41,20 +41,20 @@ func TestDecryptValue_MixedTier(t *testing.T) {
|
|||||||
t.Run("V20 holds wrong key: v20 still picks V20 slot (not V10/V11), errors", func(t *testing.T) {
|
t.Run("V20 holds wrong key: v20 still picks V20 slot (not V10/V11), errors", func(t *testing.T) {
|
||||||
// If the dispatcher incorrectly fell back to V10 or V11 when V20 had a wrong key, this
|
// If the dispatcher incorrectly fell back to V10 or V11 when V20 had a wrong key, this
|
||||||
// would succeed. Proves the router uses prefix-based selection, not first-usable-key.
|
// would succeed. Proves the router uses prefix-based selection, not first-usable-key.
|
||||||
_, err := decryptValue(keys.MasterKeys{V10: k20, V11: k20, V20: k10}, v20Ciphertext)
|
_, err := decryptValue(masterkey.MasterKeys{V10: k20, V11: k20, V20: k10}, v20Ciphertext)
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("only V20 populated: v20 still decrypts", func(t *testing.T) {
|
t.Run("only V20 populated: v20 still decrypts", func(t *testing.T) {
|
||||||
// The pre-#578 symmetric regression: when DPAPI/keyring failed and only V20 was retrieved,
|
// The pre-#578 symmetric regression: when DPAPI/keyring failed and only V20 was retrieved,
|
||||||
// v20 cookies had to still decrypt. This asserts V10 and V11 being nil doesn't block v20.
|
// v20 cookies had to still decrypt. This asserts V10 and V11 being nil doesn't block v20.
|
||||||
got, err := decryptValue(keys.MasterKeys{V20: k20}, v20Ciphertext)
|
got, err := decryptValue(masterkey.MasterKeys{V20: k20}, v20Ciphertext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, plaintext, got)
|
assert.Equal(t, plaintext, got)
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("V20 slot unpopulated: v20 errors (no key to use)", func(t *testing.T) {
|
t.Run("V20 slot unpopulated: v20 errors (no key to use)", func(t *testing.T) {
|
||||||
_, err := decryptValue(keys.MasterKeys{V10: k10, V11: k11}, v20Ciphertext)
|
_, err := decryptValue(masterkey.MasterKeys{V10: k10, V11: k11}, v20Ciphertext)
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestDecryptValue_V10(t *testing.T) {
|
func TestDecryptValue_V10(t *testing.T) {
|
||||||
@@ -40,7 +40,7 @@ func TestDecryptValue_V10(t *testing.T) {
|
|||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
got, err := decryptValue(keys.MasterKeys{V10: tt.key}, v10Ciphertext)
|
got, err := decryptValue(masterkey.MasterKeys{V10: tt.key}, v10Ciphertext)
|
||||||
if tt.wantErrMsg != "" {
|
if tt.wantErrMsg != "" {
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
assert.Contains(t, err.Error(), tt.wantErrMsg)
|
assert.Contains(t, err.Error(), tt.wantErrMsg)
|
||||||
@@ -61,7 +61,7 @@ func TestDecryptValue_V11(t *testing.T) {
|
|||||||
v11Ciphertext := append([]byte("v11"), cbcEncrypted...)
|
v11Ciphertext := append([]byte("v11"), cbcEncrypted...)
|
||||||
|
|
||||||
// v11 ciphertexts route to the V11 slot (Linux's keyring-derived kV11Key) — not V10 (peanuts).
|
// v11 ciphertexts route to the V11 slot (Linux's keyring-derived kV11Key) — not V10 (peanuts).
|
||||||
got, err := decryptValue(keys.MasterKeys{V11: testAESKey}, v11Ciphertext)
|
got, err := decryptValue(masterkey.MasterKeys{V11: testAESKey}, v11Ciphertext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, plaintext, got)
|
assert.Equal(t, plaintext, got)
|
||||||
}
|
}
|
||||||
@@ -87,7 +87,7 @@ func TestDecryptValue_V10_V11_SlotSeparation(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
v11Ciphertext := append([]byte("v11"), v11Enc...)
|
v11Ciphertext := append([]byte("v11"), v11Enc...)
|
||||||
|
|
||||||
mk := keys.MasterKeys{V10: k10, V11: k11}
|
mk := masterkey.MasterKeys{V10: k10, V11: k11}
|
||||||
|
|
||||||
t.Run("v10 ciphertext decrypts via V10 slot", func(t *testing.T) {
|
t.Run("v10 ciphertext decrypts via V10 slot", func(t *testing.T) {
|
||||||
got, err := decryptValue(mk, v10Ciphertext)
|
got, err := decryptValue(mk, v10Ciphertext)
|
||||||
@@ -102,7 +102,7 @@ func TestDecryptValue_V10_V11_SlotSeparation(t *testing.T) {
|
|||||||
})
|
})
|
||||||
|
|
||||||
t.Run("swapped keys fail both directions", func(t *testing.T) {
|
t.Run("swapped keys fail both directions", func(t *testing.T) {
|
||||||
swapped := keys.MasterKeys{V10: k11, V11: k10}
|
swapped := masterkey.MasterKeys{V10: k11, V11: k10}
|
||||||
_, err := decryptValue(swapped, v10Ciphertext)
|
_, err := decryptValue(swapped, v10Ciphertext)
|
||||||
require.Error(t, err, "v10 with V11's key must fail")
|
require.Error(t, err, "v10 with V11's key must fail")
|
||||||
_, err = decryptValue(swapped, v11Ciphertext)
|
_, err = decryptValue(swapped, v11Ciphertext)
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TestDecryptValue_V20 is cross-platform because v20's ciphertext format
|
// TestDecryptValue_V20 is cross-platform because v20's ciphertext format
|
||||||
@@ -24,13 +24,13 @@ func TestDecryptValue_V20(t *testing.T) {
|
|||||||
// v20 layout: "v20" (3B) + nonce (12B) + ciphertext+tag
|
// v20 layout: "v20" (3B) + nonce (12B) + ciphertext+tag
|
||||||
ciphertext := append([]byte("v20"), append(nonce, gcm...)...)
|
ciphertext := append([]byte("v20"), append(nonce, gcm...)...)
|
||||||
|
|
||||||
got, err := decryptValue(keys.MasterKeys{V20: testAESKey}, ciphertext)
|
got, err := decryptValue(masterkey.MasterKeys{V20: testAESKey}, ciphertext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, plaintext, got)
|
assert.Equal(t, plaintext, got)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDecryptValue_V20_ShortCiphertext(t *testing.T) {
|
func TestDecryptValue_V20_ShortCiphertext(t *testing.T) {
|
||||||
// Missing nonce (prefix only) must error, not panic.
|
// Missing nonce (prefix only) must error, not panic.
|
||||||
_, err := decryptValue(keys.MasterKeys{V20: testAESKey}, []byte("v20"))
|
_, err := decryptValue(masterkey.MasterKeys{V20: testAESKey}, []byte("v20"))
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
// encryptWithDPAPI encrypts data using Windows DPAPI (CryptProtectData).
|
// encryptWithDPAPI encrypts data using Windows DPAPI (CryptProtectData).
|
||||||
@@ -64,7 +64,7 @@ func TestDecryptValue_V10_Windows(t *testing.T) {
|
|||||||
// v10 format on Windows: "v10" + nonce(12) + encrypted
|
// v10 format on Windows: "v10" + nonce(12) + encrypted
|
||||||
ciphertext := append([]byte("v10"), append(nonce, gcmEncrypted...)...)
|
ciphertext := append([]byte("v10"), append(nonce, gcmEncrypted...)...)
|
||||||
|
|
||||||
got, err := decryptValue(keys.MasterKeys{V10: testAESKey}, ciphertext)
|
got, err := decryptValue(masterkey.MasterKeys{V10: testAESKey}, ciphertext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, plaintext, got)
|
assert.Equal(t, plaintext, got)
|
||||||
}
|
}
|
||||||
@@ -78,7 +78,7 @@ func TestDecryptValue_DPAPI_Windows(t *testing.T) {
|
|||||||
require.NotEmpty(t, encrypted)
|
require.NotEmpty(t, encrypted)
|
||||||
|
|
||||||
// No v10/v20 prefix → decryptValue routes to DPAPI path; no per-tier key needed.
|
// No v10/v20 prefix → decryptValue routes to DPAPI path; no per-tier key needed.
|
||||||
got, err := decryptValue(keys.MasterKeys{}, encrypted)
|
got, err := decryptValue(masterkey.MasterKeys{}, encrypted)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Equal(t, plaintext, got)
|
assert.Equal(t, plaintext, got)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ import (
|
|||||||
"database/sql"
|
"database/sql"
|
||||||
"sort"
|
"sort"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
||||||
)
|
)
|
||||||
@@ -18,7 +18,7 @@ const (
|
|||||||
countCookieQuery = `SELECT COUNT(*) FROM cookies`
|
countCookieQuery = `SELECT COUNT(*) FROM cookies`
|
||||||
)
|
)
|
||||||
|
|
||||||
func extractCookies(masterKeys keys.MasterKeys, path string) ([]types.CookieEntry, error) {
|
func extractCookies(masterKeys masterkey.MasterKeys, path string) ([]types.CookieEntry, error) {
|
||||||
cookies, err := sqliteutil.QueryRows(path, false, defaultCookieQuery,
|
cookies, err := sqliteutil.QueryRows(path, false, defaultCookieQuery,
|
||||||
func(rows *sql.Rows) (types.CookieEntry, error) {
|
func(rows *sql.Rows) (types.CookieEntry, error) {
|
||||||
var (
|
var (
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ import (
|
|||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
func setupCookieDB(t *testing.T) string {
|
func setupCookieDB(t *testing.T) string {
|
||||||
@@ -21,7 +21,7 @@ func setupCookieDB(t *testing.T) string {
|
|||||||
func TestExtractCookies(t *testing.T) {
|
func TestExtractCookies(t *testing.T) {
|
||||||
path := setupCookieDB(t)
|
path := setupCookieDB(t)
|
||||||
|
|
||||||
got, err := extractCookies(keys.MasterKeys{}, path)
|
got, err := extractCookies(masterkey.MasterKeys{}, path)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Len(t, got, 2)
|
require.Len(t, got, 2)
|
||||||
|
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
||||||
)
|
)
|
||||||
@@ -36,7 +36,7 @@ type yandexPrivateData struct {
|
|||||||
SecretComment string `json:"secret_comment"`
|
SecretComment string `json:"secret_comment"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func extractCreditCards(masterKeys keys.MasterKeys, path string) ([]types.CreditCardEntry, error) {
|
func extractCreditCards(masterKeys masterkey.MasterKeys, path string) ([]types.CreditCardEntry, error) {
|
||||||
cards, err := sqliteutil.QueryRows(path, false, defaultCreditCardQuery,
|
cards, err := sqliteutil.QueryRows(path, false, defaultCreditCardQuery,
|
||||||
func(rows *sql.Rows) (types.CreditCardEntry, error) {
|
func(rows *sql.Rows) (types.CreditCardEntry, error) {
|
||||||
var guid, name, month, year, nickname, address string
|
var guid, name, month, year, nickname, address string
|
||||||
@@ -62,7 +62,7 @@ func extractCreditCards(masterKeys keys.MasterKeys, path string) ([]types.Credit
|
|||||||
}
|
}
|
||||||
|
|
||||||
// extractYandexCreditCards reads the records table (not Chromium's credit_cards). AAD = guid. See RFC-012 §4.
|
// extractYandexCreditCards reads the records table (not Chromium's credit_cards). AAD = guid. See RFC-012 §4.
|
||||||
func extractYandexCreditCards(masterKeys keys.MasterKeys, path string) ([]types.CreditCardEntry, error) {
|
func extractYandexCreditCards(masterKeys masterkey.MasterKeys, path string) ([]types.CreditCardEntry, error) {
|
||||||
dataKey, err := loadYandexDataKey(path, masterKeys.V10)
|
dataKey, err := loadYandexDataKey(path, masterKeys.V10)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, errYandexMasterPasswordSet) {
|
if errors.Is(err, errYandexMasterPasswordSet) {
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ import (
|
|||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
func setupCreditCardDB(t *testing.T) string {
|
func setupCreditCardDB(t *testing.T) string {
|
||||||
@@ -21,7 +21,7 @@ func setupCreditCardDB(t *testing.T) string {
|
|||||||
func TestExtractCreditCards(t *testing.T) {
|
func TestExtractCreditCards(t *testing.T) {
|
||||||
path := setupCreditCardDB(t)
|
path := setupCreditCardDB(t)
|
||||||
|
|
||||||
got, err := extractCreditCards(keys.MasterKeys{}, path)
|
got, err := extractCreditCards(masterkey.MasterKeys{}, path)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Len(t, got, 2)
|
require.Len(t, got, 2)
|
||||||
|
|
||||||
@@ -80,7 +80,7 @@ func TestExtractYandexCreditCards(t *testing.T) {
|
|||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
got, err := extractYandexCreditCards(keys.MasterKeys{V10: masterKey}, path)
|
got, err := extractYandexCreditCards(masterkey.MasterKeys{V10: masterKey}, path)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Len(t, got, 2)
|
require.Len(t, got, 2)
|
||||||
|
|
||||||
@@ -128,7 +128,7 @@ func TestExtractYandexCreditCards_WrongMasterKey(t *testing.T) {
|
|||||||
yandexCreditCard{GUID: "g1", FullCardNumber: "4111"},
|
yandexCreditCard{GUID: "g1", FullCardNumber: "4111"},
|
||||||
)
|
)
|
||||||
|
|
||||||
_, err := extractYandexCreditCards(keys.MasterKeys{V10: wrongKey}, path)
|
_, err := extractYandexCreditCards(masterkey.MasterKeys{V10: wrongKey}, path)
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,8 +6,8 @@ import (
|
|||||||
"sort"
|
"sort"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/crypto"
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
"github.com/moond4rk/hackbrowserdata/utils/sqliteutil"
|
||||||
)
|
)
|
||||||
@@ -20,11 +20,11 @@ const (
|
|||||||
password_element, password_value, signon_realm, date_created FROM logins`
|
password_element, password_value, signon_realm, date_created FROM logins`
|
||||||
)
|
)
|
||||||
|
|
||||||
func extractPasswords(masterKeys keys.MasterKeys, path string) ([]types.LoginEntry, error) {
|
func extractPasswords(masterKeys masterkey.MasterKeys, path string) ([]types.LoginEntry, error) {
|
||||||
return extractPasswordsWithQuery(masterKeys, path, defaultLoginQuery)
|
return extractPasswordsWithQuery(masterKeys, path, defaultLoginQuery)
|
||||||
}
|
}
|
||||||
|
|
||||||
func extractPasswordsWithQuery(masterKeys keys.MasterKeys, path, query string) ([]types.LoginEntry, error) {
|
func extractPasswordsWithQuery(masterKeys masterkey.MasterKeys, path, query string) ([]types.LoginEntry, error) {
|
||||||
logins, err := sqliteutil.QueryRows(path, false, query,
|
logins, err := sqliteutil.QueryRows(path, false, query,
|
||||||
func(rows *sql.Rows) (types.LoginEntry, error) {
|
func(rows *sql.Rows) (types.LoginEntry, error) {
|
||||||
var url, username string
|
var url, username string
|
||||||
@@ -53,7 +53,7 @@ func extractPasswordsWithQuery(masterKeys keys.MasterKeys, path, query string) (
|
|||||||
|
|
||||||
// extractYandexPasswords walks Ya Passman Data; protocol in RFC-012 §4.
|
// extractYandexPasswords walks Ya Passman Data; protocol in RFC-012 §4.
|
||||||
// Note: URL column is origin_url — it's what the per-row AAD is computed over (not action_url).
|
// Note: URL column is origin_url — it's what the per-row AAD is computed over (not action_url).
|
||||||
func extractYandexPasswords(masterKeys keys.MasterKeys, path string) ([]types.LoginEntry, error) {
|
func extractYandexPasswords(masterKeys masterkey.MasterKeys, path string) ([]types.LoginEntry, error) {
|
||||||
dataKey, err := loadYandexDataKey(path, masterKeys.V10)
|
dataKey, err := loadYandexDataKey(path, masterKeys.V10)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, errYandexMasterPasswordSet) {
|
if errors.Is(err, errYandexMasterPasswordSet) {
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ import (
|
|||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
func setupLoginDB(t *testing.T) string {
|
func setupLoginDB(t *testing.T) string {
|
||||||
@@ -22,7 +22,7 @@ func setupLoginDB(t *testing.T) string {
|
|||||||
func TestExtractPasswords(t *testing.T) {
|
func TestExtractPasswords(t *testing.T) {
|
||||||
path := setupLoginDB(t)
|
path := setupLoginDB(t)
|
||||||
|
|
||||||
got, err := extractPasswords(keys.MasterKeys{}, path)
|
got, err := extractPasswords(masterkey.MasterKeys{}, path)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Len(t, got, 2)
|
require.Len(t, got, 2)
|
||||||
|
|
||||||
@@ -70,7 +70,7 @@ func TestExtractYandexPasswords(t *testing.T) {
|
|||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
got, err := extractYandexPasswords(keys.MasterKeys{V10: masterKey}, path)
|
got, err := extractYandexPasswords(masterkey.MasterKeys{V10: masterKey}, path)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Len(t, got, 2)
|
require.Len(t, got, 2)
|
||||||
|
|
||||||
@@ -93,7 +93,7 @@ func TestExtractYandexPasswords_MasterPasswordSkipped(t *testing.T) {
|
|||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
got, err := extractYandexPasswords(keys.MasterKeys{V10: masterKey}, path)
|
got, err := extractYandexPasswords(masterkey.MasterKeys{V10: masterKey}, path)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
assert.Empty(t, got, "master-password profiles should be skipped in v1")
|
assert.Empty(t, got, "master-password profiles should be skipped in v1")
|
||||||
}
|
}
|
||||||
@@ -112,7 +112,7 @@ func TestExtractYandexPasswords_WrongMasterKey(t *testing.T) {
|
|||||||
|
|
||||||
// A wrong master key fails at the intermediate step, surfacing as an error
|
// A wrong master key fails at the intermediate step, surfacing as an error
|
||||||
// from the extractor.
|
// from the extractor.
|
||||||
_, err := extractYandexPasswords(keys.MasterKeys{V10: wrongKey}, path)
|
_, err := extractYandexPasswords(masterkey.MasterKeys{V10: wrongKey}, path)
|
||||||
require.Error(t, err)
|
require.Error(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -4,8 +4,8 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/filemanager"
|
"github.com/moond4rk/hackbrowserdata/filemanager"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -30,7 +30,7 @@ func (p *profile) label() string { return p.browserName + "/" + p.name() }
|
|||||||
|
|
||||||
// extract copies the profile's source files to a temp directory and extracts the
|
// extract copies the profile's source files to a temp directory and extracts the
|
||||||
// requested categories, decrypting with the installation's master keys.
|
// requested categories, decrypting with the installation's master keys.
|
||||||
func (p *profile) extract(masterKeys keys.MasterKeys, categories []types.Category) *types.BrowserData {
|
func (p *profile) extract(masterKeys masterkey.MasterKeys, categories []types.Category) *types.BrowserData {
|
||||||
session, err := filemanager.NewSession()
|
session, err := filemanager.NewSession()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debugf("new session for %s: %v", p.label(), err)
|
log.Debugf("new session for %s: %v", p.label(), err)
|
||||||
@@ -91,7 +91,7 @@ func (p *profile) acquireFiles(session *filemanager.Session, categories []types.
|
|||||||
|
|
||||||
// extractCategory calls the appropriate extract function for a category. A custom
|
// extractCategory calls the appropriate extract function for a category. A custom
|
||||||
// extractor (registered via extractorsForKind) takes precedence over the switch.
|
// extractor (registered via extractorsForKind) takes precedence over the switch.
|
||||||
func (p *profile) extractCategory(data *types.BrowserData, cat types.Category, masterKeys keys.MasterKeys, path string) {
|
func (p *profile) extractCategory(data *types.BrowserData, cat types.Category, masterKeys masterkey.MasterKeys, path string) {
|
||||||
if ext, ok := p.extractors[cat]; ok {
|
if ext, ok := p.extractors[cat]; ok {
|
||||||
if err := ext.extract(masterKeys, path, data); err != nil {
|
if err := ext.extract(masterKeys, path, data); err != nil {
|
||||||
log.Debugf("extract %s for %s: %v", cat, p.label(), err)
|
log.Debugf("extract %s for %s: %v", cat, p.label(), err)
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/filemanager"
|
"github.com/moond4rk/hackbrowserdata/filemanager"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -32,7 +32,7 @@ func TestExtractCategory_CustomExtractor(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
data := &types.BrowserData{}
|
data := &types.BrowserData{}
|
||||||
p.extractCategory(data, types.Extension, keys.MasterKeys{}, "unused-path")
|
p.extractCategory(data, types.Extension, masterkey.MasterKeys{}, "unused-path")
|
||||||
|
|
||||||
assert.True(t, called, "custom extractor should be called")
|
assert.True(t, called, "custom extractor should be called")
|
||||||
require.Len(t, data.Extensions, 1)
|
require.Len(t, data.Extensions, 1)
|
||||||
@@ -51,7 +51,7 @@ func TestExtractCategory_DefaultFallback(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
data := &types.BrowserData{}
|
data := &types.BrowserData{}
|
||||||
p.extractCategory(data, types.History, keys.MasterKeys{}, path)
|
p.extractCategory(data, types.History, masterkey.MasterKeys{}, path)
|
||||||
|
|
||||||
require.Len(t, data.Histories, 1)
|
require.Len(t, data.Histories, 1)
|
||||||
assert.Equal(t, "Example", data.Histories[0].Title)
|
assert.Equal(t, "Example", data.Histories[0].Title)
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ package chromium
|
|||||||
import (
|
import (
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -51,15 +51,15 @@ func sourcesForKind(kind types.BrowserKind) map[types.Category][]sourcePath {
|
|||||||
// switch logic, enabling browser-specific parsing (e.g. Opera's opsettings
|
// switch logic, enabling browser-specific parsing (e.g. Opera's opsettings
|
||||||
// for extensions, Yandex's credit card table, QBCI-encrypted bookmarks).
|
// for extensions, Yandex's credit card table, QBCI-encrypted bookmarks).
|
||||||
type categoryExtractor interface {
|
type categoryExtractor interface {
|
||||||
extract(masterKeys keys.MasterKeys, path string, data *types.BrowserData) error
|
extract(masterKeys masterkey.MasterKeys, path string, data *types.BrowserData) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// passwordExtractor wraps a custom password extract function.
|
// passwordExtractor wraps a custom password extract function.
|
||||||
type passwordExtractor struct {
|
type passwordExtractor struct {
|
||||||
fn func(masterKeys keys.MasterKeys, path string) ([]types.LoginEntry, error)
|
fn func(masterKeys masterkey.MasterKeys, path string) ([]types.LoginEntry, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e passwordExtractor) extract(masterKeys keys.MasterKeys, path string, data *types.BrowserData) error {
|
func (e passwordExtractor) extract(masterKeys masterkey.MasterKeys, path string, data *types.BrowserData) error {
|
||||||
var err error
|
var err error
|
||||||
data.Passwords, err = e.fn(masterKeys, path)
|
data.Passwords, err = e.fn(masterKeys, path)
|
||||||
return err
|
return err
|
||||||
@@ -70,7 +70,7 @@ type extensionExtractor struct {
|
|||||||
fn func(path string) ([]types.ExtensionEntry, error)
|
fn func(path string) ([]types.ExtensionEntry, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e extensionExtractor) extract(_ keys.MasterKeys, path string, data *types.BrowserData) error {
|
func (e extensionExtractor) extract(_ masterkey.MasterKeys, path string, data *types.BrowserData) error {
|
||||||
var err error
|
var err error
|
||||||
data.Extensions, err = e.fn(path)
|
data.Extensions, err = e.fn(path)
|
||||||
return err
|
return err
|
||||||
@@ -79,10 +79,10 @@ func (e extensionExtractor) extract(_ keys.MasterKeys, path string, data *types.
|
|||||||
// creditCardExtractor wraps a custom credit-card extract function, used by Yandex whose Ya Credit Cards DB stores
|
// creditCardExtractor wraps a custom credit-card extract function, used by Yandex whose Ya Credit Cards DB stores
|
||||||
// rows as records(guid, public_data, private_data) with JSON blobs rather than Chromium's flat credit_cards table.
|
// rows as records(guid, public_data, private_data) with JSON blobs rather than Chromium's flat credit_cards table.
|
||||||
type creditCardExtractor struct {
|
type creditCardExtractor struct {
|
||||||
fn func(masterKeys keys.MasterKeys, path string) ([]types.CreditCardEntry, error)
|
fn func(masterKeys masterkey.MasterKeys, path string) ([]types.CreditCardEntry, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e creditCardExtractor) extract(masterKeys keys.MasterKeys, path string, data *types.BrowserData) error {
|
func (e creditCardExtractor) extract(masterKeys masterkey.MasterKeys, path string, data *types.BrowserData) error {
|
||||||
var err error
|
var err error
|
||||||
data.CreditCards, err = e.fn(masterKeys, path)
|
data.CreditCards, err = e.fn(masterKeys, path)
|
||||||
return err
|
return err
|
||||||
|
|||||||
+10
-10
@@ -3,15 +3,15 @@ package browser
|
|||||||
import (
|
import (
|
||||||
"runtime"
|
"runtime"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
// BuildDump exports one Vault per installation (Firefox/Safari, lacking KeyManager, are skipped).
|
// BuildDump exports one Vault per installation (Firefox/Safari, lacking KeyManager, are skipped).
|
||||||
// Partial results are kept — a Chrome 127+ profile mixes v10+v20, so a v20-only failure must not
|
// Partial results are kept — a Chrome 127+ profile mixes v10+v20, so a v20-only failure must not
|
||||||
// discard a usable v10 key.
|
// discard a usable v10 key.
|
||||||
func BuildDump(browsers []Browser) keys.Dump {
|
func BuildDump(browsers []Browser) masterkey.Dump {
|
||||||
dump := keys.NewDump()
|
dump := masterkey.NewDump()
|
||||||
for _, b := range browsers {
|
for _, b := range browsers {
|
||||||
km, ok := b.(KeyManager)
|
km, ok := b.(KeyManager)
|
||||||
if !ok {
|
if !ok {
|
||||||
@@ -28,7 +28,7 @@ func BuildDump(browsers []Browser) keys.Dump {
|
|||||||
if !mk.HasAny() {
|
if !mk.HasAny() {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
dump.Vaults = append(dump.Vaults, keys.Vault{
|
dump.Vaults = append(dump.Vaults, masterkey.Vault{
|
||||||
Browser: b.BrowserName(),
|
Browser: b.BrowserName(),
|
||||||
UserDataDir: b.UserDataDir(),
|
UserDataDir: b.UserDataDir(),
|
||||||
Profiles: profileNames(b),
|
Profiles: profileNames(b),
|
||||||
@@ -51,13 +51,13 @@ func profileNames(b Browser) []string {
|
|||||||
// Match is by (BrowserName, UserDataDir); on miss — commonly a cross-host path mismatch (Windows vs
|
// Match is by (BrowserName, UserDataDir); on miss — commonly a cross-host path mismatch (Windows vs
|
||||||
// POSIX, or a relocated dir via -p) — it falls back to the sole vault for that browser name. No match
|
// POSIX, or a relocated dir via -p) — it falls back to the sole vault for that browser name. No match
|
||||||
// → warn and leave the platform retrievers in place.
|
// → warn and leave the platform retrievers in place.
|
||||||
func ApplyDump(browsers []Browser, dump keys.Dump) {
|
func ApplyDump(browsers []Browser, dump masterkey.Dump) {
|
||||||
if dump.Host.OS != "" && dump.Host.OS != runtime.GOOS {
|
if dump.Host.OS != "" && dump.Host.OS != runtime.GOOS {
|
||||||
log.Infof("apply-keys: dump created on %s/%s; current host is %s/%s",
|
log.Infof("apply-keys: dump created on %s/%s; current host is %s/%s",
|
||||||
dump.Host.OS, dump.Host.Arch, runtime.GOOS, runtime.GOARCH)
|
dump.Host.OS, dump.Host.Arch, runtime.GOOS, runtime.GOARCH)
|
||||||
}
|
}
|
||||||
vaultIndex := make(map[string]*keys.Vault, len(dump.Vaults))
|
vaultIndex := make(map[string]*masterkey.Vault, len(dump.Vaults))
|
||||||
vaultsByBrowser := make(map[string][]*keys.Vault)
|
vaultsByBrowser := make(map[string][]*masterkey.Vault)
|
||||||
for i := range dump.Vaults {
|
for i := range dump.Vaults {
|
||||||
v := &dump.Vaults[i]
|
v := &dump.Vaults[i]
|
||||||
vaultIndex[v.Browser+"|"+v.UserDataDir] = v
|
vaultIndex[v.Browser+"|"+v.UserDataDir] = v
|
||||||
@@ -81,7 +81,7 @@ func ApplyDump(browsers []Browser, dump keys.Dump) {
|
|||||||
log.Warnf("apply-keys: %s no matching vault in dump", b.BrowserName())
|
log.Warnf("apply-keys: %s no matching vault in dump", b.BrowserName())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
km.SetRetrievers(keys.Retrievers{
|
km.SetRetrievers(masterkey.Retrievers{
|
||||||
V10: maybeStaticRetriever(v.Keys.V10),
|
V10: maybeStaticRetriever(v.Keys.V10),
|
||||||
V11: maybeStaticRetriever(v.Keys.V11),
|
V11: maybeStaticRetriever(v.Keys.V11),
|
||||||
V20: maybeStaticRetriever(v.Keys.V20),
|
V20: maybeStaticRetriever(v.Keys.V20),
|
||||||
@@ -91,9 +91,9 @@ func ApplyDump(browsers []Browser, dump keys.Dump) {
|
|||||||
|
|
||||||
// maybeStaticRetriever wraps non-empty key bytes as a StaticRetriever; an empty/nil key returns nil
|
// maybeStaticRetriever wraps non-empty key bytes as a StaticRetriever; an empty/nil key returns nil
|
||||||
// to preserve the "tier not applicable" signal NewMasterKeys expects.
|
// to preserve the "tier not applicable" signal NewMasterKeys expects.
|
||||||
func maybeStaticRetriever(key []byte) keys.Retriever {
|
func maybeStaticRetriever(key []byte) masterkey.Retriever {
|
||||||
if len(key) == 0 {
|
if len(key) == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return keys.NewStaticRetriever(key)
|
return masterkey.NewStaticRetriever(key)
|
||||||
}
|
}
|
||||||
|
|||||||
+35
-35
@@ -6,7 +6,7 @@ import (
|
|||||||
"runtime"
|
"runtime"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
"github.com/moond4rk/hackbrowserdata/types"
|
"github.com/moond4rk/hackbrowserdata/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -44,25 +44,25 @@ func (m *mockBrowser) CountEntries(_ []types.Category) ([]types.CountResult, err
|
|||||||
|
|
||||||
type mockChromiumBrowser struct {
|
type mockChromiumBrowser struct {
|
||||||
mockBrowser
|
mockBrowser
|
||||||
keys keys.MasterKeys
|
keys masterkey.MasterKeys
|
||||||
exportErr error
|
exportErr error
|
||||||
calls int
|
calls int
|
||||||
receivedRetrievers keys.Retrievers
|
receivedRetrievers masterkey.Retrievers
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockChromiumBrowser) SetRetrievers(r keys.Retrievers) {
|
func (m *mockChromiumBrowser) SetRetrievers(r masterkey.Retrievers) {
|
||||||
m.receivedRetrievers = r
|
m.receivedRetrievers = r
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockChromiumBrowser) ExportKeys() (keys.MasterKeys, error) {
|
func (m *mockChromiumBrowser) ExportKeys() (masterkey.MasterKeys, error) {
|
||||||
m.calls++
|
m.calls++
|
||||||
return m.keys, m.exportErr
|
return m.keys, m.exportErr
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBuildDump_Empty(t *testing.T) {
|
func TestBuildDump_Empty(t *testing.T) {
|
||||||
dump := BuildDump(nil)
|
dump := BuildDump(nil)
|
||||||
if dump.Version != keys.DumpVersion {
|
if dump.Version != masterkey.DumpVersion {
|
||||||
t.Errorf("Version = %q, want %q", dump.Version, keys.DumpVersion)
|
t.Errorf("Version = %q, want %q", dump.Version, masterkey.DumpVersion)
|
||||||
}
|
}
|
||||||
if dump.Host.OS != runtime.GOOS {
|
if dump.Host.OS != runtime.GOOS {
|
||||||
t.Errorf("Host.OS = %q, want %q", dump.Host.OS, runtime.GOOS)
|
t.Errorf("Host.OS = %q, want %q", dump.Host.OS, runtime.GOOS)
|
||||||
@@ -75,7 +75,7 @@ func TestBuildDump_Empty(t *testing.T) {
|
|||||||
func TestBuildDump_SingleChromium(t *testing.T) {
|
func TestBuildDump_SingleChromium(t *testing.T) {
|
||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
||||||
keys: keys.MasterKeys{V10: []byte("v10-key")},
|
keys: masterkey.MasterKeys{V10: []byte("v10-key")},
|
||||||
}
|
}
|
||||||
|
|
||||||
dump := BuildDump([]Browser{b})
|
dump := BuildDump([]Browser{b})
|
||||||
@@ -101,7 +101,7 @@ func TestBuildDump_SingleChromium(t *testing.T) {
|
|||||||
func TestBuildDump_MultipleProfilesOneVault(t *testing.T) {
|
func TestBuildDump_MultipleProfilesOneVault(t *testing.T) {
|
||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault, testProfile1}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault, testProfile1}},
|
||||||
keys: keys.MasterKeys{V10: []byte("v10")},
|
keys: masterkey.MasterKeys{V10: []byte("v10")},
|
||||||
}
|
}
|
||||||
|
|
||||||
dump := BuildDump([]Browser{b})
|
dump := BuildDump([]Browser{b})
|
||||||
@@ -120,7 +120,7 @@ func TestBuildDump_MultipleProfilesOneVault(t *testing.T) {
|
|||||||
func TestBuildDump_SkipsNonKeyManager(t *testing.T) {
|
func TestBuildDump_SkipsNonKeyManager(t *testing.T) {
|
||||||
chrome := &mockChromiumBrowser{
|
chrome := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/chrome", profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/chrome", profiles: []string{testProfileDefault}},
|
||||||
keys: keys.MasterKeys{V10: []byte("v10")},
|
keys: masterkey.MasterKeys{V10: []byte("v10")},
|
||||||
}
|
}
|
||||||
firefox := &mockBrowser{name: firefoxName, userDataDir: "/ff", profiles: []string{"default-release"}}
|
firefox := &mockBrowser{name: firefoxName, userDataDir: "/ff", profiles: []string{"default-release"}}
|
||||||
|
|
||||||
@@ -137,7 +137,7 @@ func TestBuildDump_SkipsNonKeyManager(t *testing.T) {
|
|||||||
func TestBuildDump_SkipsExportError(t *testing.T) {
|
func TestBuildDump_SkipsExportError(t *testing.T) {
|
||||||
good := &mockChromiumBrowser{
|
good := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/chrome", profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/chrome", profiles: []string{testProfileDefault}},
|
||||||
keys: keys.MasterKeys{V10: []byte("v10")},
|
keys: masterkey.MasterKeys{V10: []byte("v10")},
|
||||||
}
|
}
|
||||||
failing := &mockChromiumBrowser{
|
failing := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: testEdgeName, userDataDir: "/edge", profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: testEdgeName, userDataDir: "/edge", profiles: []string{testProfileDefault}},
|
||||||
@@ -157,7 +157,7 @@ func TestBuildDump_SkipsExportError(t *testing.T) {
|
|||||||
func TestBuildDump_JSONRoundTrip(t *testing.T) {
|
func TestBuildDump_JSONRoundTrip(t *testing.T) {
|
||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
||||||
keys: keys.MasterKeys{V10: []byte{0x01, 0x02, 0x03}, V20: []byte{0xff, 0xee}},
|
keys: masterkey.MasterKeys{V10: []byte{0x01, 0x02, 0x03}, V20: []byte{0xff, 0xee}},
|
||||||
}
|
}
|
||||||
|
|
||||||
dump := BuildDump([]Browser{b})
|
dump := BuildDump([]Browser{b})
|
||||||
@@ -167,7 +167,7 @@ func TestBuildDump_JSONRoundTrip(t *testing.T) {
|
|||||||
t.Fatalf("WriteJSON: %v", err)
|
t.Fatalf("WriteJSON: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
parsed, err := keys.ReadJSON(&buf)
|
parsed, err := masterkey.ReadJSON(&buf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("ReadJSON: %v", err)
|
t.Fatalf("ReadJSON: %v", err)
|
||||||
}
|
}
|
||||||
@@ -192,7 +192,7 @@ func TestBuildDump_JSONRoundTrip(t *testing.T) {
|
|||||||
func TestBuildDump_PartialKeys(t *testing.T) {
|
func TestBuildDump_PartialKeys(t *testing.T) {
|
||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
||||||
keys: keys.MasterKeys{V10: []byte("v10")},
|
keys: masterkey.MasterKeys{V10: []byte("v10")},
|
||||||
exportErr: errors.New("v20: ABE failed"),
|
exportErr: errors.New("v20: ABE failed"),
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -213,9 +213,9 @@ func TestApplyDump_Match(t *testing.T) {
|
|||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
||||||
}
|
}
|
||||||
dump := keys.Dump{
|
dump := masterkey.Dump{
|
||||||
Vaults: []keys.Vault{
|
Vaults: []masterkey.Vault{
|
||||||
{Browser: chromeName, UserDataDir: testUDD, Keys: keys.MasterKeys{V10: []byte("v10-from-dump")}},
|
{Browser: chromeName, UserDataDir: testUDD, Keys: masterkey.MasterKeys{V10: []byte("v10-from-dump")}},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
ApplyDump([]Browser{b}, dump)
|
ApplyDump([]Browser{b}, dump)
|
||||||
@@ -223,7 +223,7 @@ func TestApplyDump_Match(t *testing.T) {
|
|||||||
if b.receivedRetrievers.V10 == nil {
|
if b.receivedRetrievers.V10 == nil {
|
||||||
t.Fatal("V10 retriever should be set from matching vault")
|
t.Fatal("V10 retriever should be set from matching vault")
|
||||||
}
|
}
|
||||||
got, err := b.receivedRetrievers.V10.RetrieveKey(keys.Hints{})
|
got, err := b.receivedRetrievers.V10.RetrieveKey(masterkey.Hints{})
|
||||||
if err != nil || string(got) != "v10-from-dump" {
|
if err != nil || string(got) != "v10-from-dump" {
|
||||||
t.Errorf("V10.RetrieveKey() = %q, err = %v, want %q", got, err, "v10-from-dump")
|
t.Errorf("V10.RetrieveKey() = %q, err = %v, want %q", got, err, "v10-from-dump")
|
||||||
}
|
}
|
||||||
@@ -236,9 +236,9 @@ func TestApplyDump_MissingVault(t *testing.T) {
|
|||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
||||||
}
|
}
|
||||||
dump := keys.Dump{
|
dump := masterkey.Dump{
|
||||||
Vaults: []keys.Vault{
|
Vaults: []masterkey.Vault{
|
||||||
{Browser: testEdgeName, UserDataDir: "/edge", Keys: keys.MasterKeys{V10: []byte("v10")}},
|
{Browser: testEdgeName, UserDataDir: "/edge", Keys: masterkey.MasterKeys{V10: []byte("v10")}},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
ApplyDump([]Browser{b}, dump)
|
ApplyDump([]Browser{b}, dump)
|
||||||
@@ -250,9 +250,9 @@ func TestApplyDump_MissingVault(t *testing.T) {
|
|||||||
|
|
||||||
func TestApplyDump_NonKeyManagerSkipped(t *testing.T) {
|
func TestApplyDump_NonKeyManagerSkipped(t *testing.T) {
|
||||||
firefox := &mockBrowser{name: firefoxName, userDataDir: "/ff", profiles: []string{"default-release"}}
|
firefox := &mockBrowser{name: firefoxName, userDataDir: "/ff", profiles: []string{"default-release"}}
|
||||||
dump := keys.Dump{
|
dump := masterkey.Dump{
|
||||||
Vaults: []keys.Vault{
|
Vaults: []masterkey.Vault{
|
||||||
{Browser: firefoxName, UserDataDir: "/ff", Keys: keys.MasterKeys{V10: []byte("v10")}},
|
{Browser: firefoxName, UserDataDir: "/ff", Keys: masterkey.MasterKeys{V10: []byte("v10")}},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
// firefox does not implement KeyManager; ApplyDump must not panic and must not attempt injection.
|
// firefox does not implement KeyManager; ApplyDump must not panic and must not attempt injection.
|
||||||
@@ -262,7 +262,7 @@ func TestApplyDump_NonKeyManagerSkipped(t *testing.T) {
|
|||||||
func TestApplyDump_RoundTrip(t *testing.T) {
|
func TestApplyDump_RoundTrip(t *testing.T) {
|
||||||
src := &mockChromiumBrowser{
|
src := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: testUDD, profiles: []string{testProfileDefault}},
|
||||||
keys: keys.MasterKeys{V10: []byte("v10-rt"), V20: []byte("v20-rt")},
|
keys: masterkey.MasterKeys{V10: []byte("v10-rt"), V20: []byte("v20-rt")},
|
||||||
}
|
}
|
||||||
dump := BuildDump([]Browser{src})
|
dump := BuildDump([]Browser{src})
|
||||||
|
|
||||||
@@ -271,11 +271,11 @@ func TestApplyDump_RoundTrip(t *testing.T) {
|
|||||||
}
|
}
|
||||||
ApplyDump([]Browser{dst}, dump)
|
ApplyDump([]Browser{dst}, dump)
|
||||||
|
|
||||||
v10, _ := dst.receivedRetrievers.V10.RetrieveKey(keys.Hints{})
|
v10, _ := dst.receivedRetrievers.V10.RetrieveKey(masterkey.Hints{})
|
||||||
if string(v10) != "v10-rt" {
|
if string(v10) != "v10-rt" {
|
||||||
t.Errorf("V10 round-trip: got %q, want v10-rt", v10)
|
t.Errorf("V10 round-trip: got %q, want v10-rt", v10)
|
||||||
}
|
}
|
||||||
v20, _ := dst.receivedRetrievers.V20.RetrieveKey(keys.Hints{})
|
v20, _ := dst.receivedRetrievers.V20.RetrieveKey(masterkey.Hints{})
|
||||||
if string(v20) != "v20-rt" {
|
if string(v20) != "v20-rt" {
|
||||||
t.Errorf("V20 round-trip: got %q, want v20-rt", v20)
|
t.Errorf("V20 round-trip: got %q, want v20-rt", v20)
|
||||||
}
|
}
|
||||||
@@ -291,12 +291,12 @@ func TestApplyDump_FallbackOnPathMismatch(t *testing.T) {
|
|||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/local/chrome", profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/local/chrome", profiles: []string{testProfileDefault}},
|
||||||
}
|
}
|
||||||
dump := keys.Dump{
|
dump := masterkey.Dump{
|
||||||
Vaults: []keys.Vault{
|
Vaults: []masterkey.Vault{
|
||||||
{
|
{
|
||||||
Browser: chromeName,
|
Browser: chromeName,
|
||||||
UserDataDir: `C:\Users\foo\AppData\Local\Google\Chrome\User Data`,
|
UserDataDir: `C:\Users\foo\AppData\Local\Google\Chrome\User Data`,
|
||||||
Keys: keys.MasterKeys{V10: []byte("v10-fallback")},
|
Keys: masterkey.MasterKeys{V10: []byte("v10-fallback")},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@@ -305,7 +305,7 @@ func TestApplyDump_FallbackOnPathMismatch(t *testing.T) {
|
|||||||
if b.receivedRetrievers.V10 == nil {
|
if b.receivedRetrievers.V10 == nil {
|
||||||
t.Fatal("V10 retriever should be set via single-vault fallback")
|
t.Fatal("V10 retriever should be set via single-vault fallback")
|
||||||
}
|
}
|
||||||
got, err := b.receivedRetrievers.V10.RetrieveKey(keys.Hints{})
|
got, err := b.receivedRetrievers.V10.RetrieveKey(masterkey.Hints{})
|
||||||
if err != nil || string(got) != "v10-fallback" {
|
if err != nil || string(got) != "v10-fallback" {
|
||||||
t.Errorf("V10.RetrieveKey() = %q, err = %v, want %q", got, err, "v10-fallback")
|
t.Errorf("V10.RetrieveKey() = %q, err = %v, want %q", got, err, "v10-fallback")
|
||||||
}
|
}
|
||||||
@@ -317,10 +317,10 @@ func TestApplyDump_NoFallbackWhenAmbiguous(t *testing.T) {
|
|||||||
b := &mockChromiumBrowser{
|
b := &mockChromiumBrowser{
|
||||||
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/local/chrome", profiles: []string{testProfileDefault}},
|
mockBrowser: mockBrowser{name: chromeName, userDataDir: "/local/chrome", profiles: []string{testProfileDefault}},
|
||||||
}
|
}
|
||||||
dump := keys.Dump{
|
dump := masterkey.Dump{
|
||||||
Vaults: []keys.Vault{
|
Vaults: []masterkey.Vault{
|
||||||
{Browser: chromeName, UserDataDir: "/path/a", Keys: keys.MasterKeys{V10: []byte("a")}},
|
{Browser: chromeName, UserDataDir: "/path/a", Keys: masterkey.MasterKeys{V10: []byte("a")}},
|
||||||
{Browser: chromeName, UserDataDir: "/path/b", Keys: keys.MasterKeys{V10: []byte("b")}},
|
{Browser: chromeName, UserDataDir: "/path/b", Keys: masterkey.MasterKeys{V10: []byte("b")}},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
ApplyDump([]Browser{b}, dump)
|
ApplyDump([]Browser{b}, dump)
|
||||||
|
|||||||
@@ -45,16 +45,9 @@ func countPasswords(keychainPassword string) (int, error) {
|
|||||||
return len(passwords), nil
|
return len(passwords), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// getInternetPasswords reads InternetPassword records directly from the
|
// getInternetPasswords reads InternetPassword records straight from the macOS login keychain (Safari owns its own key
|
||||||
// macOS login keychain. See rfcs/006-key-retrieval-mechanisms.md §7 for why
|
// path, separate from the masterkey package). TryUnlock always runs — even without a password — so a locked keychain
|
||||||
// Safari owns this path instead of routing through the keys package.
|
// still yields metadata-only records (URL, account, blank password) instead of failing with ErrLocked.
|
||||||
//
|
|
||||||
// TryUnlock is always invoked — with the user-supplied password when one is
|
|
||||||
// available, otherwise with no options — to enable keychainbreaker's partial
|
|
||||||
// extraction mode. With a valid password we get fully decrypted entries; with
|
|
||||||
// empty or wrong password we still get metadata records (URL, account,
|
|
||||||
// timestamps) and PlainPassword left blank, which Safari can export as
|
|
||||||
// metadata-only output instead of failing with ErrLocked.
|
|
||||||
func getInternetPasswords(keychainPassword string) ([]keychainbreaker.InternetPassword, error) {
|
func getInternetPasswords(keychainPassword string) ([]keychainbreaker.InternetPassword, error) {
|
||||||
kc, err := keychainbreaker.Open()
|
kc, err := keychainbreaker.Open()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -82,8 +75,7 @@ func buildURL(protocol, server string, port uint32, path string) string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert macOS Keychain FourCC protocol code to URL scheme.
|
// macOS Keychain stores the protocol as a FourCC code; only "htps" needs remapping, others just trim padding.
|
||||||
// Only "htps" needs special mapping; others just need space trimming.
|
|
||||||
scheme := strings.TrimRight(protocol, " ")
|
scheme := strings.TrimRight(protocol, " ")
|
||||||
if scheme == "" || scheme == "htps" {
|
if scheme == "" || scheme == "htps" {
|
||||||
scheme = "https"
|
scheme = "https"
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ func dumpCmd() *cobra.Command {
|
|||||||
hack-browser-data dump -f cookie-editor
|
hack-browser-data dump -f cookie-editor
|
||||||
hack-browser-data dump --zip`,
|
hack-browser-data dump --zip`,
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
browsers, err := browser.DiscoverBrowsersWithKeys(browser.PickOptions{
|
browsers, err := browser.DiscoverBrowsersWithKeys(browser.DiscoverOptions{
|
||||||
Name: browserName,
|
Name: browserName,
|
||||||
ProfilePath: profilePath,
|
ProfilePath: profilePath,
|
||||||
KeychainPassword: keychainPw,
|
KeychainPassword: keychainPw,
|
||||||
|
|||||||
@@ -9,8 +9,8 @@ import (
|
|||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
|
||||||
"github.com/moond4rk/hackbrowserdata/browser"
|
"github.com/moond4rk/hackbrowserdata/browser"
|
||||||
"github.com/moond4rk/hackbrowserdata/keys"
|
|
||||||
"github.com/moond4rk/hackbrowserdata/log"
|
"github.com/moond4rk/hackbrowserdata/log"
|
||||||
|
"github.com/moond4rk/hackbrowserdata/masterkey"
|
||||||
)
|
)
|
||||||
|
|
||||||
func keysCmd() *cobra.Command {
|
func keysCmd() *cobra.Command {
|
||||||
@@ -35,7 +35,7 @@ func keysExportCmd() *cobra.Command {
|
|||||||
Example: ` hack-browser-data keys export -o dump.json
|
Example: ` hack-browser-data keys export -o dump.json
|
||||||
hack-browser-data keys export -b chrome`,
|
hack-browser-data keys export -b chrome`,
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
browsers, err := browser.DiscoverBrowsersWithKeys(browser.PickOptions{
|
browsers, err := browser.DiscoverBrowsersWithKeys(browser.DiscoverOptions{
|
||||||
Name: browserName,
|
Name: browserName,
|
||||||
KeychainPassword: keychainPw,
|
KeychainPassword: keychainPw,
|
||||||
})
|
})
|
||||||
@@ -135,12 +135,12 @@ func loadAndApplyKeys(browserName, profilePath, keysPath string) ([]browser.Brow
|
|||||||
defer f.Close()
|
defer f.Close()
|
||||||
r = f
|
r = f
|
||||||
}
|
}
|
||||||
dump, err := keys.ReadJSON(r)
|
dump, err := masterkey.ReadJSON(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("read keys file %q: %w", keysPath, err)
|
return nil, fmt.Errorf("read keys file %q: %w", keysPath, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
browsers, err := browser.DiscoverBrowsers(browser.PickOptions{
|
browsers, err := browser.DiscoverBrowsers(browser.DiscoverOptions{
|
||||||
Name: browserName,
|
Name: browserName,
|
||||||
ProfilePath: profilePath,
|
ProfilePath: profilePath,
|
||||||
})
|
})
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ func listCmd() *cobra.Command {
|
|||||||
Example: ` hack-browser-data list
|
Example: ` hack-browser-data list
|
||||||
hack-browser-data list --detail`,
|
hack-browser-data list --detail`,
|
||||||
RunE: func(cmd *cobra.Command, args []string) error {
|
RunE: func(cmd *cobra.Command, args []string) error {
|
||||||
browsers, err := browser.DiscoverBrowsers(browser.PickOptions{Name: "all"})
|
browsers, err := browser.DiscoverBrowsers(browser.DiscoverOptions{Name: "all"})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build windows
|
//go:build windows
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build darwin
|
//go:build darwin
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
// CVE-2025-24204: gcore holds the com.apple.system-task-ports.read entitlement, so a root process can
|
// CVE-2025-24204: gcore holds the com.apple.system-task-ports.read entitlement, so a root process can
|
||||||
// dump securityd memory without a TCC prompt; we scan the dump for the 24-byte keychain master key.
|
// dump securityd memory without a TCC prompt; we scan the dump for the 24-byte keychain master key.
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build darwin || linux
|
//go:build darwin || linux
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"hash"
|
"hash"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
// Package keys retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format).
|
// Package keys retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format).
|
||||||
// Firefox and Safari own their own key paths and don't route through here.
|
// Firefox and Safari own their own key paths and don't route through here.
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build darwin
|
//go:build darwin
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build darwin
|
//go:build darwin
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build linux
|
//go:build linux
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/sha1"
|
"crypto/sha1"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build linux
|
//go:build linux
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
@@ -1,6 +1,6 @@
|
|||||||
//go:build windows
|
//go:build windows
|
||||||
|
|
||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
package keys
|
package masterkey
|
||||||
|
|
||||||
// StaticRetriever returns pre-supplied key bytes (from a Dump) instead of platform retrieval, ignoring
|
// StaticRetriever returns pre-supplied key bytes (from a Dump) instead of platform retrieval, ignoring
|
||||||
// Hints. An empty key returns (nil, nil) — the "tier not applicable" signal NewMasterKeys expects.
|
// Hints. An empty key returns (nil, nil) — the "tier not applicable" signal NewMasterKeys expects.
|
||||||
Reference in New Issue
Block a user