refactor: format project layout

2026-05-19 18:58:03 +02:00 · 2022-03-26 14:03:40 +08:00
parent a341928926
commit c2bc33e2fe
28 changed files with 214 additions and 94 deletions
@@ -0,0 +1,214 @@
+package decrypter
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/des"
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"encoding/asn1"
+	"errors"
+
+	"golang.org/x/crypto/pbkdf2"
+)
+
+var (
+	errSecurityKeyIsEmpty = errors.New("input [security find-generic-password -wa 'Chrome'] in terminal")
+	errPasswordIsEmpty    = errors.New("password is empty")
+	errDecryptFailed      = errors.New("decrypter encrypt value failed")
+	errDecodeASN1Failed   = errors.New("decode ASN1 data failed")
+	errEncryptedLength    = errors.New("length of encrypted password less than block size")
+)
+
+type ASN1PBE interface {
+	Decrypt(globalSalt, masterPwd []byte) (key []byte, err error)
+}
+
+func NewASN1PBE(b []byte) (pbe ASN1PBE, err error) {
+	var (
+		n NssPBE
+		m MetaPBE
+		l LoginPBE
+	)
+	if _, err := asn1.Unmarshal(b, &n); err == nil {
+		return n, nil
+	}
+	if _, err := asn1.Unmarshal(b, &m); err == nil {
+		return m, nil
+	}
+	if _, err := asn1.Unmarshal(b, &l); err == nil {
+		return l, nil
+	}
+	return nil, errDecodeASN1Failed
+}
+
+// NssPBE Struct
+// SEQUENCE (2 elem)
+// 	SEQUENCE (2 elem)
+// 		OBJECT IDENTIFIER
+// 		SEQUENCE (2 elem)
+// 			OCTET STRING (20 byte)
+// 			INTEGER 1
+// 	OCTET STRING (16 byte)
+type NssPBE struct {
+	NssSequenceA
+	Encrypted []byte
+}
+
+type NssSequenceA struct {
+	DecryptMethod asn1.ObjectIdentifier
+	NssSequenceB
+}
+
+type NssSequenceB struct {
+	EntrySalt []byte
+	Len       int
+}
+
+func (n NssPBE) Decrypt(globalSalt, masterPwd []byte) (key []byte, err error) {
+	glmp := append(globalSalt, masterPwd...)
+	hp := sha1.Sum(glmp)
+	s := append(hp[:], n.EntrySalt...)
+	chp := sha1.Sum(s)
+	pes := paddingZero(n.EntrySalt, 20)
+	tk := hmac.New(sha1.New, chp[:])
+	tk.Write(pes)
+	pes = append(pes, n.EntrySalt...)
+	k1 := hmac.New(sha1.New, chp[:])
+	k1.Write(pes)
+	tkPlus := append(tk.Sum(nil), n.EntrySalt...)
+	k2 := hmac.New(sha1.New, chp[:])
+	k2.Write(tkPlus)
+	k := append(k1.Sum(nil), k2.Sum(nil)...)
+	iv := k[len(k)-8:]
+	return des3Decrypt(k[:24], iv, n.Encrypted)
+}
+
+// MetaPBE Struct
+// SEQUENCE (2 elem)
+// 	SEQUENCE (2 elem)
+//     	OBJECT IDENTIFIER
+//     	SEQUENCE (2 elem)
+//       	SEQUENCE (2 elem)
+//         	OBJECT IDENTIFIER
+//         	SEQUENCE (4 elem)
+//           	OCTET STRING (32 byte)
+//           		INTEGER 1
+//           		INTEGER 32
+//           		SEQUENCE (1 elem)
+//             	OBJECT IDENTIFIER
+//       	SEQUENCE (2 elem)
+//         	OBJECT IDENTIFIER
+//         	OCTET STRING (14 byte)
+//   	OCTET STRING (16 byte)
+type MetaPBE struct {
+	MetaSequenceA
+	Encrypted []byte
+}
+
+type MetaSequenceA struct {
+	PKCS5PBES2 asn1.ObjectIdentifier
+	MetaSequenceB
+}
+type MetaSequenceB struct {
+	MetaSequenceC
+	MetaSequenceD
+}
+
+type MetaSequenceC struct {
+	PKCS5PBKDF2 asn1.ObjectIdentifier
+	MetaSequenceE
+}
+
+type MetaSequenceD struct {
+	AES256CBC asn1.ObjectIdentifier
+	IV        []byte
+}
+
+type MetaSequenceE struct {
+	EntrySalt      []byte
+	IterationCount int
+	KeySize        int
+	MetaSequenceF
+}
+
+type MetaSequenceF struct {
+	HMACWithSHA256 asn1.ObjectIdentifier
+}
+
+func (m MetaPBE) Decrypt(globalSalt, masterPwd []byte) (key2 []byte, err error) {
+	k := sha1.Sum(globalSalt)
+	key := pbkdf2.Key(k[:], m.EntrySalt, m.IterationCount, m.KeySize, sha256.New)
+	iv := append([]byte{4, 14}, m.IV...)
+	return aes128CBCDecrypt(key, iv, m.Encrypted)
+}
+
+// LoginPBE Struct
+// SEQUENCE (3 elem)
+// 	OCTET STRING (16 byte)
+// 	SEQUENCE (2 elem)
+// 		OBJECT IDENTIFIER
+// 		OCTET STRING (8 byte)
+// 	OCTET STRING (16 byte)
+type LoginPBE struct {
+	CipherText []byte
+	LoginSequence
+	Encrypted []byte
+}
+
+type LoginSequence struct {
+	asn1.ObjectIdentifier
+	IV []byte
+}
+
+func (l LoginPBE) Decrypt(globalSalt, masterPwd []byte) (key []byte, err error) {
+	return des3Decrypt(globalSalt, l.IV, l.Encrypted)
+}
+
+func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	encryptLen := len(encryptPass)
+	if encryptLen < block.BlockSize() {
+		return nil, errEncryptedLength
+	}
+
+	dst := make([]byte, encryptLen)
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(dst, encryptPass)
+	dst = PKCS5UnPadding(dst)
+	return dst, nil
+}
+
+func PKCS5UnPadding(src []byte) []byte {
+	length := len(src)
+	unpad := int(src[length-1])
+	return src[:(length - unpad)]
+}
+
+// des3Decrypt use for decrypter firefox PBE
+func des3Decrypt(key, iv []byte, src []byte) ([]byte, error) {
+	block, err := des.NewTripleDESCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	blockMode := cipher.NewCBCDecrypter(block, iv)
+	sq := make([]byte, len(src))
+	blockMode.CryptBlocks(sq, src)
+	return sq, nil
+}
+
+func paddingZero(s []byte, l int) []byte {
+	h := l - len(s)
+	if h <= 0 {
+		return s
+	} else {
+		for i := len(s); i < l; i++ {
+			s = append(s, 0)
+		}
+		return s
+	}
+}
@@ -0,0 +1,17 @@
+package decrypter
+
+func ChromePass(key, encryptPass []byte) ([]byte, error) {
+	if len(encryptPass) > 3 {
+		if len(key) == 0 {
+			return nil, errSecurityKeyIsEmpty
+		}
+		var chromeIV = []byte{32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32}
+		return aes128CBCDecrypt(key, chromeIV, encryptPass[3:])
+	} else {
+		return nil, errDecryptFailed
+	}
+}
+
+func DPApi(data []byte) ([]byte, error) {
+	return nil, nil
+}
@@ -0,0 +1,17 @@
+package decrypter
+
+func ChromePass(key, encryptPass []byte) ([]byte, error) {
+	var chromeIV = []byte{32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32}
+	if len(encryptPass) > 3 {
+		if len(key) == 0 {
+			return nil, errSecurityKeyIsEmpty
+		}
+		return aes128CBCDecrypt(key, chromeIV, encryptPass[3:])
+	} else {
+		return nil, errDecryptFailed
+	}
+}
+
+func DPApi(data []byte) ([]byte, error) {
+	return nil, nil
+}
@@ -0,0 +1,71 @@
+package decrypter
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"syscall"
+	"unsafe"
+)
+
+func ChromePass(key, encryptPass []byte) ([]byte, error) {
+	if len(encryptPass) > 15 {
+		// remove Prefix 'v10'
+		return aesGCMDecrypt(encryptPass[15:], key, encryptPass[3:15])
+	} else {
+		return nil, errPasswordIsEmpty
+	}
+}
+
+// chromium > 80 https://source.chromium.org/chromium/chromium/src/+/master:components/os_crypt/os_crypt_win.cc
+func aesGCMDecrypt(crypted, key, nounce []byte) ([]byte, error) {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	blockMode, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+	origData, err := blockMode.Open(nil, nounce, crypted, nil)
+	if err != nil {
+		return nil, err
+	}
+	return origData, nil
+}
+
+type dataBlob struct {
+	cbData uint32
+	pbData *byte
+}
+
+func NewBlob(d []byte) *dataBlob {
+	if len(d) == 0 {
+		return &dataBlob{}
+	}
+	return &dataBlob{
+		pbData: &d[0],
+		cbData: uint32(len(d)),
+	}
+}
+
+func (b *dataBlob) ToByteArray() []byte {
+	d := make([]byte, b.cbData)
+	copy(d, (*[1 << 30]byte)(unsafe.Pointer(b.pbData))[:])
+	return d
+}
+
+// DPApi
+// chrome < 80 https://chromium.googlesource.com/chromium/src/+/76f496a7235c3432983421402951d73905c8be96/components/os_crypt/os_crypt_win.cc#82
+func DPApi(data []byte) ([]byte, error) {
+	dllCrypt := syscall.NewLazyDLL("Crypt32.dll")
+	dllKernel := syscall.NewLazyDLL("Kernel32.dll")
+	procDecryptData := dllCrypt.NewProc("CryptUnprotectData")
+	procLocalFree := dllKernel.NewProc("LocalFree")
+	var outBlob dataBlob
+	r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(NewBlob(data))), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outBlob)))
+	if r == 0 {
+		return nil, err
+	}
+	defer procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData)))
+	return outBlob.ToByteArray(), nil
+}