feat: add crypto/keyretriever with keychainbreaker integration (#518)

* feat: add crypto/keyretriever package for Chromium master key retrieval * feat: complete keyretriever with gcoredump, chainbreaker, and tests * refactor: replace internal chainbreaker with keychainbreaker v0.1.0 Replace the incomplete internal chainbreaker implementation (~1400 lines of duplicated code) with the external keychainbreaker package, which provides a complete, well-tested keychain parsing library. Changes: - Add github.com/moond4rk/keychainbreaker v0.1.0 dependency - Update gcoredump_darwin.go to use keychainbreaker API (Open/Unlock/GenericPasswords) - Add KeychainPasswordRetriever for password-based keychain unlocking with sync.Once caching across multiple browser queries - Unify DefaultRetriever(keychainPassword string) signature across all platforms - Delete utils/chainbreaker/ (696 lines + test + testdata) - Delete crypto/keyretriever/chainbreaker_darwin.go (696 lines duplicate) - Delete browser/exploit/gcoredump/ (duplicate of keyretriever version) - Update chromium_darwin.go to use keyretriever.DecryptKeychain - Clean up .golangci.yml lint exceptions and .gitignore entries - Use errors.Is() instead of == for context.DeadlineExceeded check * refactor: improve gcoredump exploit code quality and add comments * fix: address Copilot review feedback on keyretriever
2026-05-29 19:29:28 +02:00 · 2026-03-28 21:13:10 +08:00
parent 12436217ae
commit 9fb5165fcb
16 changed files with 654 additions and 965 deletions
@@ -11,8 +11,8 @@ import (
 	"os/exec"
 	"strings"

-	"github.com/moond4rk/hackbrowserdata/browser/exploit/gcoredump"
 	"github.com/moond4rk/hackbrowserdata/crypto"
+	"github.com/moond4rk/hackbrowserdata/crypto/keyretriever"
 	"github.com/moond4rk/hackbrowserdata/log"
 	"github.com/moond4rk/hackbrowserdata/types"
 )
@@ -27,7 +27,7 @@ func (c *Chromium) GetMasterKey() ([]byte, error) {
 	defer os.Remove(types.ChromiumKey.TempFilename())

 	// Try get the master key via gcoredump(CVE-2025-24204)
-	secret, err := gcoredump.DecryptKeychain(c.storage)
+	secret, err := keyretriever.DecryptKeychain(c.storage)
 	if err == nil && secret != "" {
 		log.Debugf("get master key via gcoredump(CVE-2025-24204) success, browser %s", c.name)
 		if key, err := c.parseSecret([]byte(secret)); err == nil {