refactor(windows): clean up Chrome ABE module (#574)

* refactor(abe): remove --abe-key flag and its global state
* refactor(abe): rework scratch protocol and Go/C structure

browser/chromium/decrypt.go

@@ -20,7 +20,9 @@ func decryptValue(masterKey, ciphertext []byte) ([]byte, error) {
 		// v11 is Linux-only and shares v10's AES-CBC path; only the key source differs.
 		return crypto.DecryptChromium(masterKey, ciphertext)
 	case crypto.CipherV20:
-		return crypto.DecryptChromium(masterKey, ciphertext)
+		// v20 is cross-platform AES-GCM; routed through a dedicated function so
+		// Linux/macOS CI can exercise the same decryption path as Windows.
+		return crypto.DecryptChromiumV20(masterKey, ciphertext)
 	case crypto.CipherDPAPI:
 		return crypto.DecryptDPAPI(ciphertext)
 	default:

browser/chromium/decrypt_v20_test.go

@@ -0,0 +1,35 @@
+package chromium
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/moond4rk/hackbrowserdata/crypto"
+)
+
+// TestDecryptValue_V20 is cross-platform because v20's ciphertext format
+// (AES-GCM with 12-byte nonce) is platform-independent; only the key source
+// (Chrome ABE on Windows) differs by OS. Running on Linux/macOS CI protects
+// the routing in decryptValue + crypto.DecryptChromiumV20 from regressions.
+func TestDecryptValue_V20(t *testing.T) {
+	plaintext := []byte("v20_test_value")
+	nonce := []byte("v20_nonce_12") // 12-byte AES-GCM nonce
+
+	gcm, err := crypto.AESGCMEncrypt(testAESKey, nonce, plaintext)
+	require.NoError(t, err)
+
+	// v20 layout: "v20" (3B) + nonce (12B) + ciphertext+tag
+	ciphertext := append([]byte("v20"), append(nonce, gcm...)...)
+
+	got, err := decryptValue(testAESKey, ciphertext)
+	require.NoError(t, err)
+	assert.Equal(t, plaintext, got)
+}
+
+func TestDecryptValue_V20_ShortCiphertext(t *testing.T) {
+	// Missing nonce (prefix only) must error, not panic.
+	_, err := decryptValue(testAESKey, []byte("v20"))
+	require.Error(t, err)
+}