feat: decrypt Chromium v10/v11 across host OS

Chromium's v10 means AES-GCM on Windows but AES-CBC on macOS/Linux.
Dispatch the cipher by master-key length (32B GCM, 16B CBC) so one
binary can decrypt a key dumped from a different OS.
This commit is contained in:
moonD4rk
2026-06-01 22:44:35 +08:00
parent c444314832
commit d720762595
8 changed files with 124 additions and 117 deletions
-12
View File
@@ -6,18 +6,6 @@ import (
"github.com/moond4rk/hackbrowserdata/utils/winapi"
)
// gcmNonceSize is defined in crypto.go (cross-platform).
const minGCMDataSize = versionPrefixLen + gcmNonceSize // "v10" + nonce = 15 bytes minimum
func DecryptChromium(key, ciphertext []byte) ([]byte, error) {
if len(ciphertext) < minGCMDataSize {
return nil, errShortCiphertext
}
nonce := ciphertext[versionPrefixLen : versionPrefixLen+gcmNonceSize]
payload := ciphertext[versionPrefixLen+gcmNonceSize:]
return AESGCMDecrypt(key, nonce, payload)
}
// DecryptDPAPI decrypts a DPAPI-protected blob using the current user's
// master key. The actual Win32 call (and its DATA_BLOB / LocalFree dance)
// lives in utils/winapi so every package that needs a syscall handle