feat(windows): Chrome App-Bound Encryption implementation (#573)

* build(abe): add zig-cc payload build system + C reflective loader
* feat(abe): add reflective injector and Go ABE key-retriever primitives
* feat(abe): wire ABERetriever into DefaultRetriever chain + --abe-key CLI
* feat(abe): route Chromium v20 ciphertext through AES-GCM with ABE key
This commit is contained in:
slimwang
2026-04-18 23:25:59 +08:00
committed by GitHub
parent eb58ebbbf4
commit c3d30b9e8a
24 changed files with 1481 additions and 14 deletions
+1 -2
View File
@@ -20,8 +20,7 @@ func decryptValue(masterKey, ciphertext []byte) ([]byte, error) {
// v11 is Linux-only and shares v10's AES-CBC path; only the key source differs.
return crypto.DecryptChromium(masterKey, ciphertext)
case crypto.CipherV20:
// TODO: implement App-Bound Encryption (Chrome 127+)
return nil, fmt.Errorf("v20 App-Bound Encryption not yet supported")
return crypto.DecryptChromium(masterKey, ciphertext)
case crypto.CipherDPAPI:
return crypto.DecryptDPAPI(ciphertext)
default:
-9
View File
@@ -63,12 +63,3 @@ func TestDecryptValue_V11(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, plaintext, got)
}
func TestDecryptValue_V20(t *testing.T) {
// v20 App-Bound Encryption is not yet implemented.
// TODO: add successful decryption cases when implemented.
ciphertext := append([]byte("v20"), make([]byte, 32)...)
_, err := decryptValue(nil, ciphertext)
require.Error(t, err)
assert.Contains(t, err.Error(), "v20")
}