CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

refactor: remove dead code and rename V2 files (#541)

Browse Source 
* refactor: remove V1 dead code and rename V2 files

- Delete extractor/ package (V1 Extractor interface and registry)
- Delete browserdata/ package (V1 orchestrator, outputter, 9 sub-packages)
- Delete V1 browser implementations (chromium.go, chromium_{platform}.go, firefox.go)
- Delete types/types.go (V1 DataType enum) and utils/byteutil/
- Remove gocsv and go-sqlmock dependencies, demote x/text to indirect
- Upgrade keychainbreaker v0.1.0 → v0.2.5
- Rename chromium_new.go → chromium.go, firefox_new.go → firefox.go

* refactor: remove unused V1 utility functions

Remove functions no longer called by V2 code:
- fileutil: IsDirExists, CopyDir, BrowserName, ReadFile, CopyFile,
  Filename, ParentDir, ParentBaseDir, BaseDir
- typeutil: Keys, IntToBool
This commit is contained in:
Roger
2026-04-04 15:51:54 +08:00
committed by GitHub
parent 0ace27ce9a
commit e35907de6f
33 changed files with 412 additions and 3430 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browser/chromium/chromium.go
+201 -140
View File
@@ -1,183 +1,244 @@
package chromium
import (
"io/fs"
"os"
"path/filepath"
"strings"
"github.com/moond4rk/hackbrowserdata/browserdata"
"github.com/moond4rk/hackbrowserdata/crypto/keyretriever"
"github.com/moond4rk/hackbrowserdata/filemanager"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
"github.com/moond4rk/hackbrowserdata/utils/typeutil"
)
type Chromium struct {
name string
storage string
profilePath string
masterKey []byte
dataTypes []types.DataType
Paths map[types.DataType]string
// Browser represents a single Chromium profile ready for extraction.
type Browser struct {
cfg types.BrowserConfig
profileDir string // absolute path to profile directory
sources map[types.Category][]sourcePath // Category → candidate paths (priority order)
extractors map[types.Category]categoryExtractor // Category → custom extract function override
sourcePaths map[types.Category]resolvedPath // Category → discovered absolute path
}
// New create instance of Chromium browser, fill item's path if item is existed.
func New(name, storage, profilePath string, dataTypes []types.DataType) ([]*Chromium, error) {
c := &Chromium{
name: name,
storage: storage,
profilePath: profilePath,
dataTypes: dataTypes,
// NewBrowsers discovers Chromium profiles under cfg.UserDataDir and returns
// one Browser per profile. Uses ReadDir to find profile directories,
// then Stat to check which data sources exist in each profile.
func NewBrowsers(cfg types.BrowserConfig) ([]*Browser, error) {
sources := sourcesForKind(cfg.Kind)
extractors := extractorsForKind(cfg.Kind)
profileDirs := discoverProfiles(cfg.UserDataDir, sources)
if len(profileDirs) == 0 {
return nil, nil
}
multiDataTypePaths, err := c.userDataTypePaths(c.profilePath, c.dataTypes)
if err != nil {
return nil, err
}
chromiumList := make([]*Chromium, 0, len(multiDataTypePaths))
for user, itemPaths := range multiDataTypePaths {
chromiumList = append(chromiumList, &Chromium{
name: fileutil.BrowserName(name, user),
dataTypes: typeutil.Keys(itemPaths),
Paths: itemPaths,
storage: storage,
var browsers []*Browser
for _, profileDir := range profileDirs {
sourcePaths := resolveSourcePaths(sources, profileDir)
if len(sourcePaths) == 0 {
continue
}
browsers = append(browsers, &Browser{
cfg: cfg,
profileDir: profileDir,
sources: sources,
extractors: extractors,
sourcePaths: sourcePaths,
})
}
return chromiumList, nil
return browsers, nil
}
func (c *Chromium) Name() string {
return c.name
func (b *Browser) BrowserName() string { return b.cfg.Name }
func (b *Browser) ProfileName() string {
if b.profileDir == "" {
return ""
}
return filepath.Base(b.profileDir)
}
func (c *Chromium) BrowsingData(isFullExport bool) (*browserdata.BrowserData, error) {
// delete chromiumKey from dataTypes, doesn't need to export key
var dataTypes []types.DataType
for _, dt := range c.dataTypes {
if dt != types.ChromiumKey {
dataTypes = append(dataTypes, dt)
}
}
if !isFullExport {
dataTypes = types.FilterSensitiveItems(c.dataTypes)
}
data := browserdata.New(dataTypes)
if err := c.copyItemToLocal(); err != nil {
return nil, err
}
masterKey, err := c.GetMasterKey()
// Extract copies browser files to a temp directory, retrieves the master key,
// and extracts data for the requested categories.
func (b *Browser) Extract(categories []types.Category) (*types.BrowserData, error) {
session, err := filemanager.NewSession()
if err != nil {
return nil, err
}
defer session.Cleanup()
c.masterKey = masterKey
if err := data.Recovery(c.masterKey); err != nil {
return nil, err
tempPaths := b.acquireFiles(session, categories)
masterKey, err := b.getMasterKey(session)
if err != nil {
log.Debugf("get master key for %s: %v", b.BrowserName()+"/"+b.ProfileName(), err)
}
data := &types.BrowserData{}
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
b.extractCategory(data, cat, masterKey, path)
}
return data, nil
}
func (c *Chromium) copyItemToLocal() error {
for i, path := range c.Paths {
filename := i.TempFilename()
var err error
switch {
case fileutil.IsDirExists(path):
if i == types.ChromiumLocalStorage {
err = fileutil.CopyDir(path, filename, "lock")
}
if i == types.ChromiumSessionStorage {
err = fileutil.CopyDir(path, filename, "lock")
}
default:
err = fileutil.CopyFile(path, filename)
}
if err != nil {
log.Errorf("copy item to local, path %s, filename %s err %v", path, filename, err)
// acquireFiles copies source files to the session temp directory.
func (b *Browser) acquireFiles(session *filemanager.Session, categories []types.Category) map[types.Category]string {
tempPaths := make(map[types.Category]string)
for _, cat := range categories {
rp, ok := b.sourcePaths[cat]
if !ok {
continue
}
dst := filepath.Join(session.TempDir(), cat.String())
if err := session.Acquire(rp.absPath, dst, rp.isDir); err != nil {
log.Debugf("acquire %s: %v", cat, err)
continue
}
tempPaths[cat] = dst
}
return nil
return tempPaths
}
// userDataTypePaths return a map of user to item path, map[profile 1][item's name & path key pair]
func (c *Chromium) userDataTypePaths(profilePath string, items []types.DataType) (map[string]map[types.DataType]string, error) {
multiItemPaths := make(map[string]map[types.DataType]string)
parentDir := fileutil.ParentDir(profilePath)
err := filepath.Walk(parentDir, chromiumWalkFunc(items, multiItemPaths))
if err != nil {
return nil, err
// getMasterKey retrieves the Chromium master encryption key.
//
// On Windows, the key is read from the Local State file and decrypted via DPAPI.
// On macOS, the key is derived from Keychain (Local State is not needed).
// On Linux, the key is derived from D-Bus Secret Service or a fallback password.
//
// The retriever is always called regardless of whether Local State exists,
// because macOS/Linux retrievers don't need it.
func (b *Browser) getMasterKey(session *filemanager.Session) ([]byte, error) {
// Try to locate and copy Local State (needed on Windows, ignored on macOS/Linux).
// Multi-profile layout: Local State is in the parent of profileDir.
// Flat layout (Opera): Local State is alongside data files in profileDir.
var localStateDst string
for _, dir := range []string{filepath.Dir(b.profileDir), b.profileDir} {
candidate := filepath.Join(dir, "Local State")
if fileutil.IsFileExists(candidate) {
localStateDst = filepath.Join(session.TempDir(), "Local State")
if err := session.Acquire(candidate, localStateDst, false); err != nil {
return nil, err
}
break
}
}
var keyPath string
var dir string
for userDir, profiles := range multiItemPaths {
for _, profile := range profiles {
if strings.HasSuffix(profile, types.ChromiumKey.Filename()) {
keyPath = profile
dir = userDir
retriever := keyretriever.DefaultRetriever(b.cfg.KeychainPassword)
return retriever.RetrieveKey(b.cfg.Storage, localStateDst)
}
// extractCategory calls the appropriate extract function for a category.
// If a custom extractor is registered for this category (via extractorsForKind),
// it is used instead of the default switch logic.
func (b *Browser) extractCategory(data *types.BrowserData, cat types.Category, masterKey []byte, path string) {
if ext, ok := b.extractors[cat]; ok {
if err := ext.extract(masterKey, path, data); err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
return
}
var err error
switch cat {
case types.Password:
data.Passwords, err = extractPasswords(masterKey, path)
case types.Cookie:
data.Cookies, err = extractCookies(masterKey, path)
case types.History:
data.Histories, err = extractHistories(path)
case types.Download:
data.Downloads, err = extractDownloads(path)
case types.Bookmark:
data.Bookmarks, err = extractBookmarks(path)
case types.CreditCard:
data.CreditCards, err = extractCreditCards(masterKey, path)
case types.Extension:
data.Extensions, err = extractExtensions(path)
case types.LocalStorage:
data.LocalStorage, err = extractLocalStorage(path)
case types.SessionStorage:
data.SessionStorage, err = extractSessionStorage(path)
}
if err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
}
// discoverProfiles lists subdirectories of userDataDir that contain at least
// one known data source. Each such directory is a browser profile.
func discoverProfiles(userDataDir string, sources map[types.Category][]sourcePath) []string {
entries, err := os.ReadDir(userDataDir)
if err != nil {
log.Debugf("read user data dir %s: %v", userDataDir, err)
return nil
}
var profiles []string
for _, e := range entries {
if !e.IsDir() || isSkippedDir(e.Name()) {
continue
}
dir := filepath.Join(userDataDir, e.Name())
if hasAnySource(sources, dir) {
profiles = append(profiles, dir)
}
}
// Flat layout fallback (older Opera): data files directly in userDataDir
if len(profiles) == 0 && hasAnySource(sources, userDataDir) {
profiles = append(profiles, userDataDir)
}
return profiles
}
// hasAnySource checks if dir contains at least one source file or directory.
func hasAnySource(sources map[types.Category][]sourcePath, dir string) bool {
for _, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(dir, sp.rel)
if _, err := os.Stat(abs); err == nil {
return true
}
}
}
return false
}
// resolvedPath holds the absolute path and type for a discovered source.
type resolvedPath struct {
absPath string
isDir bool
}
// resolveSourcePaths checks which sources actually exist in profileDir.
// Candidates are tried in priority order; the first existing path wins.
func resolveSourcePaths(sources map[types.Category][]sourcePath, profileDir string) map[types.Category]resolvedPath {
resolved := make(map[types.Category]resolvedPath)
for cat, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(profileDir, sp.rel)
info, err := os.Stat(abs)
if err != nil {
continue
}
if sp.isDir == info.IsDir() {
resolved[cat] = resolvedPath{abs, sp.isDir}
break
}
}
}
t := make(map[string]map[types.DataType]string)
for userDir, v := range multiItemPaths {
if userDir == dir {
continue
}
t[userDir] = v
t[userDir][types.ChromiumKey] = keyPath
fillLocalStoragePath(t[userDir], types.ChromiumLocalStorage)
}
return t, nil
return resolved
}
// chromiumWalkFunc return a filepath.WalkFunc to find item's path
func chromiumWalkFunc(items []types.DataType, multiItemPaths map[string]map[types.DataType]string) filepath.WalkFunc {
return func(path string, info fs.FileInfo, err error) error {
if err != nil {
if os.IsPermission(err) {
log.Warnf("skipping walk chromium path permission error, path %s, err %v", path, err)
return nil
}
return err
}
for _, v := range items {
if info.Name() != v.Filename() {
continue
}
if strings.Contains(path, "System Profile") {
continue
}
if strings.Contains(path, "Snapshot") {
continue
}
if strings.Contains(path, "def") {
continue
}
profileFolder := fileutil.ParentBaseDir(path)
if strings.Contains(filepath.ToSlash(path), "/Network/Cookies") {
profileFolder = fileutil.BaseDir(strings.ReplaceAll(filepath.ToSlash(path), "/Network/Cookies", ""))
}
if _, exist := multiItemPaths[profileFolder]; exist {
multiItemPaths[profileFolder][v] = path
} else {
multiItemPaths[profileFolder] = map[types.DataType]string{v: path}
}
}
return nil
}
}
func fillLocalStoragePath(itemPaths map[types.DataType]string, storage types.DataType) {
if p, ok := itemPaths[types.ChromiumHistory]; ok {
lsp := filepath.Join(filepath.Dir(p), storage.Filename())
if fileutil.IsDirExists(lsp) {
itemPaths[types.ChromiumLocalStorage] = lsp
}
// isSkippedDir returns true for directory names that should never be
// treated as browser profiles.
func isSkippedDir(name string) bool {
switch name {
case "System Profile", "Guest Profile", "Snapshot":
return true
}
return false
}
browser/chromium/chromium_darwin.go
-77
View File
@@ -1,77 +0,0 @@
//go:build darwin
package chromium
import (
"bytes"
"crypto/sha1"
"errors"
"fmt"
"os"
"os/exec"
"strings"
"github.com/moond4rk/hackbrowserdata/crypto"
"github.com/moond4rk/hackbrowserdata/crypto/keyretriever"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
)
var (
errWrongSecurityCommand = errors.New("wrong security command")
errCouldNotFindInKeychain = errors.New("could not be find in keychain")
)
func (c *Chromium) GetMasterKey() ([]byte, error) {
// don't need chromium key file for macOS
defer os.Remove(types.ChromiumKey.TempFilename())
// Try get the master key via gcoredump(CVE-2025-24204)
secret, err := keyretriever.DecryptKeychain(c.storage)
if err == nil && secret != "" {
log.Debugf("get master key via gcoredump(CVE-2025-24204) success, browser %s", c.name)
if key, err := c.parseSecret([]byte(secret)); err == nil {
return key, nil
}
} else {
log.Warnf("get master key via gcoredump(CVE-2025-24204) failed: %v, skipping...", err)
}
// Get the master key from the keychain
// $ security find-generic-password -wa 'Chrome'
var (
stdout, stderr bytes.Buffer
)
cmd := exec.Command("security", "find-generic-password", "-wa", strings.TrimSpace(c.storage)) //nolint:gosec
cmd.Stdout = &stdout
cmd.Stderr = &stderr
if err := cmd.Run(); err != nil {
return nil, fmt.Errorf("run security command failed: %w, message %s", err, stderr.String())
}
if stderr.Len() > 0 {
if strings.Contains(stderr.String(), "could not be found") {
return nil, errCouldNotFindInKeychain
}
return nil, errors.New(stderr.String())
}
return c.parseSecret(stdout.Bytes())
}
func (c *Chromium) parseSecret(secret []byte) ([]byte, error) {
secret = bytes.TrimSpace(secret)
if len(secret) == 0 {
return nil, errWrongSecurityCommand
}
salt := []byte("saltysalt")
// @https://source.chromium.org/chromium/chromium/src/+/master:components/os_crypt/os_crypt_mac.mm;l=157
key := crypto.PBKDF2Key(secret, salt, 1003, 16, sha1.New)
if key == nil {
return nil, errWrongSecurityCommand
}
c.masterKey = key
log.Debugf("get master key success, browser %s", c.name)
return key, nil
}
browser/chromium/chromium_linux.go
-76
View File
@@ -1,76 +0,0 @@
//go:build linux
package chromium
import (
"crypto/sha1"
"fmt"
"os"
"github.com/godbus/dbus/v5"
keyring "github.com/ppacher/go-dbus-keyring"
"github.com/moond4rk/hackbrowserdata/crypto"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
)
func (c *Chromium) GetMasterKey() ([]byte, error) {
// what is d-bus @https://dbus.freedesktop.org/
// don't need chromium key file for Linux
defer os.Remove(types.ChromiumKey.TempFilename())
conn, err := dbus.SessionBus()
if err != nil {
return nil, err
}
svc, err := keyring.GetSecretService(conn)
if err != nil {
return nil, err
}
session, err := svc.OpenSession()
if err != nil {
return nil, err
}
defer func() {
if err := session.Close(); err != nil {
log.Errorf("close dbus session error: %v", err)
}
}()
collections, err := svc.GetAllCollections()
if err != nil {
return nil, err
}
var secret []byte
for _, col := range collections {
items, err := col.GetAllItems()
if err != nil {
return nil, err
}
for _, i := range items {
label, err := i.GetLabel()
if err != nil {
log.Warnf("get label from dbus: %v", err)
continue
}
if label == c.storage {
se, err := i.GetSecret(session.Path())
if err != nil {
return nil, fmt.Errorf("get storage from dbus: %w", err)
}
secret = se.Value
}
}
}
if len(secret) == 0 {
// set default secret @https://source.chromium.org/chromium/chromium/src/+/main:components/os_crypt/os_crypt_linux.cc;l=100
secret = []byte("peanuts")
}
salt := []byte("saltysalt")
// @https://source.chromium.org/chromium/chromium/src/+/master:components/os_crypt/os_crypt_linux.cc
key := crypto.PBKDF2Key(secret, salt, 1, 16, sha1.New)
c.masterKey = key
log.Debugf("get master key success, browser %s", c.name)
return key, nil
}
browser/chromium/chromium_new.go
-244
View File
@@ -1,244 +0,0 @@
package chromium
import (
"os"
"path/filepath"
"github.com/moond4rk/hackbrowserdata/crypto/keyretriever"
"github.com/moond4rk/hackbrowserdata/filemanager"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
)
// Browser represents a single Chromium profile ready for extraction.
type Browser struct {
cfg types.BrowserConfig
profileDir string // absolute path to profile directory
sources map[types.Category][]sourcePath // Category → candidate paths (priority order)
extractors map[types.Category]categoryExtractor // Category → custom extract function override
sourcePaths map[types.Category]resolvedPath // Category → discovered absolute path
}
// NewBrowsers discovers Chromium profiles under cfg.UserDataDir and returns
// one Browser per profile. Uses ReadDir to find profile directories,
// then Stat to check which data sources exist in each profile.
func NewBrowsers(cfg types.BrowserConfig) ([]*Browser, error) {
sources := sourcesForKind(cfg.Kind)
extractors := extractorsForKind(cfg.Kind)
profileDirs := discoverProfiles(cfg.UserDataDir, sources)
if len(profileDirs) == 0 {
return nil, nil
}
var browsers []*Browser
for _, profileDir := range profileDirs {
sourcePaths := resolveSourcePaths(sources, profileDir)
if len(sourcePaths) == 0 {
continue
}
browsers = append(browsers, &Browser{
cfg: cfg,
profileDir: profileDir,
sources: sources,
extractors: extractors,
sourcePaths: sourcePaths,
})
}
return browsers, nil
}
func (b *Browser) BrowserName() string { return b.cfg.Name }
func (b *Browser) ProfileName() string {
if b.profileDir == "" {
return ""
}
return filepath.Base(b.profileDir)
}
// Extract copies browser files to a temp directory, retrieves the master key,
// and extracts data for the requested categories.
func (b *Browser) Extract(categories []types.Category) (*types.BrowserData, error) {
session, err := filemanager.NewSession()
if err != nil {
return nil, err
}
defer session.Cleanup()
tempPaths := b.acquireFiles(session, categories)
masterKey, err := b.getMasterKey(session)
if err != nil {
log.Debugf("get master key for %s: %v", b.BrowserName()+"/"+b.ProfileName(), err)
}
data := &types.BrowserData{}
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
b.extractCategory(data, cat, masterKey, path)
}
return data, nil
}
// acquireFiles copies source files to the session temp directory.
func (b *Browser) acquireFiles(session *filemanager.Session, categories []types.Category) map[types.Category]string {
tempPaths := make(map[types.Category]string)
for _, cat := range categories {
rp, ok := b.sourcePaths[cat]
if !ok {
continue
}
dst := filepath.Join(session.TempDir(), cat.String())
if err := session.Acquire(rp.absPath, dst, rp.isDir); err != nil {
log.Debugf("acquire %s: %v", cat, err)
continue
}
tempPaths[cat] = dst
}
return tempPaths
}
// getMasterKey retrieves the Chromium master encryption key.
//
// On Windows, the key is read from the Local State file and decrypted via DPAPI.
// On macOS, the key is derived from Keychain (Local State is not needed).
// On Linux, the key is derived from D-Bus Secret Service or a fallback password.
//
// The retriever is always called regardless of whether Local State exists,
// because macOS/Linux retrievers don't need it.
func (b *Browser) getMasterKey(session *filemanager.Session) ([]byte, error) {
// Try to locate and copy Local State (needed on Windows, ignored on macOS/Linux).
// Multi-profile layout: Local State is in the parent of profileDir.
// Flat layout (Opera): Local State is alongside data files in profileDir.
var localStateDst string
for _, dir := range []string{filepath.Dir(b.profileDir), b.profileDir} {
candidate := filepath.Join(dir, "Local State")
if fileutil.IsFileExists(candidate) {
localStateDst = filepath.Join(session.TempDir(), "Local State")
if err := session.Acquire(candidate, localStateDst, false); err != nil {
return nil, err
}
break
}
}
retriever := keyretriever.DefaultRetriever(b.cfg.KeychainPassword)
return retriever.RetrieveKey(b.cfg.Storage, localStateDst)
}
// extractCategory calls the appropriate extract function for a category.
// If a custom extractor is registered for this category (via extractorsForKind),
// it is used instead of the default switch logic.
func (b *Browser) extractCategory(data *types.BrowserData, cat types.Category, masterKey []byte, path string) {
if ext, ok := b.extractors[cat]; ok {
if err := ext.extract(masterKey, path, data); err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
return
}
var err error
switch cat {
case types.Password:
data.Passwords, err = extractPasswords(masterKey, path)
case types.Cookie:
data.Cookies, err = extractCookies(masterKey, path)
case types.History:
data.Histories, err = extractHistories(path)
case types.Download:
data.Downloads, err = extractDownloads(path)
case types.Bookmark:
data.Bookmarks, err = extractBookmarks(path)
case types.CreditCard:
data.CreditCards, err = extractCreditCards(masterKey, path)
case types.Extension:
data.Extensions, err = extractExtensions(path)
case types.LocalStorage:
data.LocalStorage, err = extractLocalStorage(path)
case types.SessionStorage:
data.SessionStorage, err = extractSessionStorage(path)
}
if err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
}
// discoverProfiles lists subdirectories of userDataDir that contain at least
// one known data source. Each such directory is a browser profile.
func discoverProfiles(userDataDir string, sources map[types.Category][]sourcePath) []string {
entries, err := os.ReadDir(userDataDir)
if err != nil {
log.Debugf("read user data dir %s: %v", userDataDir, err)
return nil
}
var profiles []string
for _, e := range entries {
if !e.IsDir() || isSkippedDir(e.Name()) {
continue
}
dir := filepath.Join(userDataDir, e.Name())
if hasAnySource(sources, dir) {
profiles = append(profiles, dir)
}
}
// Flat layout fallback (older Opera): data files directly in userDataDir
if len(profiles) == 0 && hasAnySource(sources, userDataDir) {
profiles = append(profiles, userDataDir)
}
return profiles
}
// hasAnySource checks if dir contains at least one source file or directory.
func hasAnySource(sources map[types.Category][]sourcePath, dir string) bool {
for _, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(dir, sp.rel)
if _, err := os.Stat(abs); err == nil {
return true
}
}
}
return false
}
// resolvedPath holds the absolute path and type for a discovered source.
type resolvedPath struct {
absPath string
isDir bool
}
// resolveSourcePaths checks which sources actually exist in profileDir.
// Candidates are tried in priority order; the first existing path wins.
func resolveSourcePaths(sources map[types.Category][]sourcePath, profileDir string) map[types.Category]resolvedPath {
resolved := make(map[types.Category]resolvedPath)
for cat, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(profileDir, sp.rel)
info, err := os.Stat(abs)
if err != nil {
continue
}
if sp.isDir == info.IsDir() {
resolved[cat] = resolvedPath{abs, sp.isDir}
break
}
}
}
return resolved
}
// isSkippedDir returns true for directory names that should never be
// treated as browser profiles.
func isSkippedDir(name string) bool {
switch name {
case "System Profile", "Guest Profile", "Snapshot":
return true
}
return false
}
browser/chromium/chromium_new_test.go → browser/chromium/chromium_test.go
View File
browser/chromium/chromium_windows.go
-43
View File
@@ -1,43 +0,0 @@
//go:build windows
package chromium
import (
"encoding/base64"
"errors"
"os"
"github.com/tidwall/gjson"
"github.com/moond4rk/hackbrowserdata/crypto"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
)
var errDecodeMasterKeyFailed = errors.New("decode master key failed")
func (c *Chromium) GetMasterKey() ([]byte, error) {
b, err := fileutil.ReadFile(types.ChromiumKey.TempFilename())
if err != nil {
return nil, err
}
defer os.Remove(types.ChromiumKey.TempFilename())
encryptedKey := gjson.Get(b, "os_crypt.encrypted_key")
if !encryptedKey.Exists() {
return nil, nil
}
key, err := base64.StdEncoding.DecodeString(encryptedKey.String())
if err != nil {
return nil, errDecodeMasterKeyFailed
}
c.masterKey, err = crypto.DecryptWithDPAPI(key[5:])
if err != nil {
log.Errorf("decrypt master key failed, err %v", err)
return nil, err
}
log.Debugf("get master key success, browser %s", c.name)
return c.masterKey, nil
}
browser/firefox/firefox.go
+204 -84
View File
@@ -3,115 +3,235 @@ package firefox
import (
"errors"
"fmt"
"io/fs"
"os"
"path/filepath"
_ "modernc.org/sqlite" // sqlite3 driver TODO: replace with chooseable driver
"github.com/moond4rk/hackbrowserdata/browserdata"
"github.com/moond4rk/hackbrowserdata/filemanager"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
"github.com/moond4rk/hackbrowserdata/utils/typeutil"
)
type Firefox struct {
name string
storage string
profilePath string
masterKey []byte
items []types.DataType
itemPaths map[types.DataType]string
// Browser represents a single Firefox profile ready for extraction.
type Browser struct {
cfg types.BrowserConfig
profileDir string // absolute path to profile directory
sources map[types.Category][]sourcePath // Category → candidate paths (priority order)
sourcePaths map[types.Category]resolvedPath // Category → discovered absolute path
}
var ErrProfilePathNotFound = errors.New("profile path not found")
// NewBrowsers discovers Firefox profiles under cfg.UserDataDir and returns
// one Browser per profile. Firefox profile directories have random names
// (e.g. "97nszz88.default-release"); any subdirectory containing known
// data files is treated as a valid profile.
func NewBrowsers(cfg types.BrowserConfig) ([]*Browser, error) {
profileDirs := discoverProfiles(cfg.UserDataDir, firefoxSources)
if len(profileDirs) == 0 {
return nil, nil
}
// New returns new Firefox instances.
func New(profilePath string, items []types.DataType) ([]*Firefox, error) {
multiItemPaths := make(map[string]map[types.DataType]string)
// ignore walk dir error since it can be produced by a single entry
_ = filepath.WalkDir(profilePath, firefoxWalkFunc(items, multiItemPaths))
firefoxList := make([]*Firefox, 0, len(multiItemPaths))
for name, itemPaths := range multiItemPaths {
firefoxList = append(firefoxList, &Firefox{
name: fmt.Sprintf("firefox-%s", name),
items: typeutil.Keys(itemPaths),
itemPaths: itemPaths,
var browsers []*Browser
for _, profileDir := range profileDirs {
sourcePaths := resolveSourcePaths(firefoxSources, profileDir)
if len(sourcePaths) == 0 {
continue
}
browsers = append(browsers, &Browser{
cfg: cfg,
profileDir: profileDir,
sources: firefoxSources,
sourcePaths: sourcePaths,
})
}
return firefoxList, nil
return browsers, nil
}
func (f *Firefox) copyItemToLocal() error {
for i, path := range f.itemPaths {
filename := i.TempFilename()
if err := fileutil.CopyFile(path, filename); err != nil {
return err
}
func (b *Browser) BrowserName() string { return b.cfg.Name }
func (b *Browser) ProfileName() string {
if b.profileDir == "" {
return ""
}
return nil
return filepath.Base(b.profileDir)
}
func firefoxWalkFunc(items []types.DataType, multiItemPaths map[string]map[types.DataType]string) fs.WalkDirFunc {
return func(path string, info fs.DirEntry, err error) error {
if err != nil {
if os.IsPermission(err) {
log.Warnf("skipping walk firefox path %s permission error: %v", path, err)
return nil
}
return err
}
for _, v := range items {
if info.Name() == v.Filename() {
parentBaseDir := fileutil.ParentBaseDir(path)
if _, exist := multiItemPaths[parentBaseDir]; exist {
multiItemPaths[parentBaseDir][v] = path
} else {
multiItemPaths[parentBaseDir] = map[types.DataType]string{v: path}
}
}
}
return nil
}
}
// GetMasterKey returns master key of Firefox. from key4.db
func (f *Firefox) GetMasterKey() ([]byte, error) {
tempFilename := types.FirefoxKey4.TempFilename()
defer os.Remove(tempFilename)
loginsPath := types.FirefoxPassword.TempFilename()
return retrieveMasterKey(tempFilename, loginsPath)
}
func (f *Firefox) Name() string {
return f.name
}
func (f *Firefox) BrowsingData(isFullExport bool) (*browserdata.BrowserData, error) {
dataTypes := f.items
if !isFullExport {
dataTypes = types.FilterSensitiveItems(f.items)
}
data := browserdata.New(dataTypes)
if err := f.copyItemToLocal(); err != nil {
// Extract copies browser files to a temp directory, retrieves the master key,
// and extracts data for the requested categories.
func (b *Browser) Extract(categories []types.Category) (*types.BrowserData, error) {
session, err := filemanager.NewSession()
if err != nil {
return nil, err
}
defer session.Cleanup()
masterKey, err := f.GetMasterKey()
tempPaths := b.acquireFiles(session, categories)
masterKey, err := b.getMasterKey(session, tempPaths)
if err != nil {
log.Debugf("get master key for %s: %v", b.BrowserName()+"/"+b.ProfileName(), err)
}
data := &types.BrowserData{}
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
b.extractCategory(data, cat, masterKey, path)
}
return data, nil
}
// acquireFiles copies source files to the session temp directory.
func (b *Browser) acquireFiles(session *filemanager.Session, categories []types.Category) map[types.Category]string {
tempPaths := make(map[types.Category]string)
for _, cat := range categories {
rp, ok := b.sourcePaths[cat]
if !ok {
continue
}
dst := filepath.Join(session.TempDir(), cat.String())
if err := session.Acquire(rp.absPath, dst, rp.isDir); err != nil {
log.Debugf("acquire %s: %v", cat, err)
continue
}
tempPaths[cat] = dst
}
return tempPaths
}
// getMasterKey retrieves the Firefox master encryption key from key4.db.
// The key is derived via NSS ASN1 PBE decryption (platform-agnostic).
// If logins.json was already acquired by acquireFiles, the derived key
// is validated by attempting to decrypt an actual login entry.
func (b *Browser) getMasterKey(session *filemanager.Session, tempPaths map[types.Category]string) ([]byte, error) {
key4Src := filepath.Join(b.profileDir, "key4.db")
if !fileutil.IsFileExists(key4Src) {
return nil, nil
}
key4Dst := filepath.Join(session.TempDir(), "key4.db")
if err := session.Acquire(key4Src, key4Dst, false); err != nil {
return nil, fmt.Errorf("acquire key4.db: %w", err)
}
// logins.json is already acquired by acquireFiles as the Password source;
// reuse it for master key validation if available.
loginsPath := tempPaths[types.Password]
return retrieveMasterKey(key4Dst, loginsPath)
}
// retrieveMasterKey reads key4.db and derives the master key using NSS.
// If loginsPath is non-empty, the derived key is validated against actual
// login data to ensure the correct candidate is selected.
func retrieveMasterKey(key4Path, loginsPath string) ([]byte, error) {
k4, err := readKey4DB(key4Path)
if err != nil {
return nil, err
}
f.masterKey = masterKey
if err := data.Recovery(f.masterKey); err != nil {
keys, err := k4.deriveKeys()
if err != nil {
return nil, err
}
return data, nil
if len(keys) == 0 {
return nil, errors.New("no valid master key candidates in key4.db")
}
// No logins to validate against — return the first derived key.
if loginsPath == "" {
return keys[0], nil
}
// Validate against actual login data.
if key := validateKeyWithLogins(keys, loginsPath); key != nil {
return key, nil
}
return nil, fmt.Errorf("derived %d key(s) but none could decrypt logins", len(keys))
}
// extractCategory calls the appropriate extract function for a category.
func (b *Browser) extractCategory(data *types.BrowserData, cat types.Category, masterKey []byte, path string) {
var err error
switch cat {
case types.Password:
data.Passwords, err = extractPasswords(masterKey, path)
case types.Cookie:
data.Cookies, err = extractCookies(path)
case types.History:
data.Histories, err = extractHistories(path)
case types.Download:
data.Downloads, err = extractDownloads(path)
case types.Bookmark:
data.Bookmarks, err = extractBookmarks(path)
case types.Extension:
data.Extensions, err = extractExtensions(path)
case types.LocalStorage:
data.LocalStorage, err = extractLocalStorage(path)
case types.CreditCard, types.SessionStorage:
// Firefox does not support CreditCard or SessionStorage extraction.
}
if err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
}
// resolvedPath holds the absolute path and type for a discovered source.
type resolvedPath struct {
absPath string
isDir bool
}
// discoverProfiles lists subdirectories of userDataDir that contain at least
// one known data source. Each such directory is a Firefox profile.
func discoverProfiles(userDataDir string, sources map[types.Category][]sourcePath) []string {
entries, err := os.ReadDir(userDataDir)
if err != nil {
log.Debugf("read user data dir %s: %v", userDataDir, err)
return nil
}
var profiles []string
for _, e := range entries {
if !e.IsDir() {
continue
}
dir := filepath.Join(userDataDir, e.Name())
if hasAnySource(sources, dir) {
profiles = append(profiles, dir)
}
}
return profiles
}
// hasAnySource checks if dir contains at least one source file or directory.
func hasAnySource(sources map[types.Category][]sourcePath, dir string) bool {
for _, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(dir, sp.rel)
if _, err := os.Stat(abs); err == nil {
return true
}
}
}
return false
}
// resolveSourcePaths checks which sources actually exist in profileDir.
// Candidates are tried in priority order; the first existing path wins.
func resolveSourcePaths(sources map[types.Category][]sourcePath, profileDir string) map[types.Category]resolvedPath {
resolved := make(map[types.Category]resolvedPath)
for cat, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(profileDir, sp.rel)
info, err := os.Stat(abs)
if err != nil {
continue
}
if sp.isDir == info.IsDir() {
resolved[cat] = resolvedPath{abs, sp.isDir}
break
}
}
}
return resolved
}
browser/firefox/firefox_new.go
-237
View File
@@ -1,237 +0,0 @@
package firefox
import (
"errors"
"fmt"
"os"
"path/filepath"
"github.com/moond4rk/hackbrowserdata/filemanager"
"github.com/moond4rk/hackbrowserdata/log"
"github.com/moond4rk/hackbrowserdata/types"
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
)
// Browser represents a single Firefox profile ready for extraction.
type Browser struct {
cfg types.BrowserConfig
profileDir string // absolute path to profile directory
sources map[types.Category][]sourcePath // Category → candidate paths (priority order)
sourcePaths map[types.Category]resolvedPath // Category → discovered absolute path
}
// NewBrowsers discovers Firefox profiles under cfg.UserDataDir and returns
// one Browser per profile. Firefox profile directories have random names
// (e.g. "97nszz88.default-release"); any subdirectory containing known
// data files is treated as a valid profile.
func NewBrowsers(cfg types.BrowserConfig) ([]*Browser, error) {
profileDirs := discoverProfiles(cfg.UserDataDir, firefoxSources)
if len(profileDirs) == 0 {
return nil, nil
}
var browsers []*Browser
for _, profileDir := range profileDirs {
sourcePaths := resolveSourcePaths(firefoxSources, profileDir)
if len(sourcePaths) == 0 {
continue
}
browsers = append(browsers, &Browser{
cfg: cfg,
profileDir: profileDir,
sources: firefoxSources,
sourcePaths: sourcePaths,
})
}
return browsers, nil
}
func (b *Browser) BrowserName() string { return b.cfg.Name }
func (b *Browser) ProfileName() string {
if b.profileDir == "" {
return ""
}
return filepath.Base(b.profileDir)
}
// Extract copies browser files to a temp directory, retrieves the master key,
// and extracts data for the requested categories.
func (b *Browser) Extract(categories []types.Category) (*types.BrowserData, error) {
session, err := filemanager.NewSession()
if err != nil {
return nil, err
}
defer session.Cleanup()
tempPaths := b.acquireFiles(session, categories)
masterKey, err := b.getMasterKey(session, tempPaths)
if err != nil {
log.Debugf("get master key for %s: %v", b.BrowserName()+"/"+b.ProfileName(), err)
}
data := &types.BrowserData{}
for _, cat := range categories {
path, ok := tempPaths[cat]
if !ok {
continue
}
b.extractCategory(data, cat, masterKey, path)
}
return data, nil
}
// acquireFiles copies source files to the session temp directory.
func (b *Browser) acquireFiles(session *filemanager.Session, categories []types.Category) map[types.Category]string {
tempPaths := make(map[types.Category]string)
for _, cat := range categories {
rp, ok := b.sourcePaths[cat]
if !ok {
continue
}
dst := filepath.Join(session.TempDir(), cat.String())
if err := session.Acquire(rp.absPath, dst, rp.isDir); err != nil {
log.Debugf("acquire %s: %v", cat, err)
continue
}
tempPaths[cat] = dst
}
return tempPaths
}
// getMasterKey retrieves the Firefox master encryption key from key4.db.
// The key is derived via NSS ASN1 PBE decryption (platform-agnostic).
// If logins.json was already acquired by acquireFiles, the derived key
// is validated by attempting to decrypt an actual login entry.
func (b *Browser) getMasterKey(session *filemanager.Session, tempPaths map[types.Category]string) ([]byte, error) {
key4Src := filepath.Join(b.profileDir, "key4.db")
if !fileutil.IsFileExists(key4Src) {
return nil, nil
}
key4Dst := filepath.Join(session.TempDir(), "key4.db")
if err := session.Acquire(key4Src, key4Dst, false); err != nil {
return nil, fmt.Errorf("acquire key4.db: %w", err)
}
// logins.json is already acquired by acquireFiles as the Password source;
// reuse it for master key validation if available.
loginsPath := tempPaths[types.Password]
return retrieveMasterKey(key4Dst, loginsPath)
}
// retrieveMasterKey reads key4.db and derives the master key using NSS.
// If loginsPath is non-empty, the derived key is validated against actual
// login data to ensure the correct candidate is selected.
func retrieveMasterKey(key4Path, loginsPath string) ([]byte, error) {
k4, err := readKey4DB(key4Path)
if err != nil {
return nil, err
}
keys, err := k4.deriveKeys()
if err != nil {
return nil, err
}
if len(keys) == 0 {
return nil, errors.New("no valid master key candidates in key4.db")
}
// No logins to validate against — return the first derived key.
if loginsPath == "" {
return keys[0], nil
}
// Validate against actual login data.
if key := validateKeyWithLogins(keys, loginsPath); key != nil {
return key, nil
}
return nil, fmt.Errorf("derived %d key(s) but none could decrypt logins", len(keys))
}
// extractCategory calls the appropriate extract function for a category.
func (b *Browser) extractCategory(data *types.BrowserData, cat types.Category, masterKey []byte, path string) {
var err error
switch cat {
case types.Password:
data.Passwords, err = extractPasswords(masterKey, path)
case types.Cookie:
data.Cookies, err = extractCookies(path)
case types.History:
data.Histories, err = extractHistories(path)
case types.Download:
data.Downloads, err = extractDownloads(path)
case types.Bookmark:
data.Bookmarks, err = extractBookmarks(path)
case types.Extension:
data.Extensions, err = extractExtensions(path)
case types.LocalStorage:
data.LocalStorage, err = extractLocalStorage(path)
case types.CreditCard, types.SessionStorage:
// Firefox does not support CreditCard or SessionStorage extraction.
}
if err != nil {
log.Debugf("extract %s for %s: %v", cat, b.BrowserName()+"/"+b.ProfileName(), err)
}
}
// resolvedPath holds the absolute path and type for a discovered source.
type resolvedPath struct {
absPath string
isDir bool
}
// discoverProfiles lists subdirectories of userDataDir that contain at least
// one known data source. Each such directory is a Firefox profile.
func discoverProfiles(userDataDir string, sources map[types.Category][]sourcePath) []string {
entries, err := os.ReadDir(userDataDir)
if err != nil {
log.Debugf("read user data dir %s: %v", userDataDir, err)
return nil
}
var profiles []string
for _, e := range entries {
if !e.IsDir() {
continue
}
dir := filepath.Join(userDataDir, e.Name())
if hasAnySource(sources, dir) {
profiles = append(profiles, dir)
}
}
return profiles
}
// hasAnySource checks if dir contains at least one source file or directory.
func hasAnySource(sources map[types.Category][]sourcePath, dir string) bool {
for _, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(dir, sp.rel)
if _, err := os.Stat(abs); err == nil {
return true
}
}
}
return false
}
// resolveSourcePaths checks which sources actually exist in profileDir.
// Candidates are tried in priority order; the first existing path wins.
func resolveSourcePaths(sources map[types.Category][]sourcePath, profileDir string) map[types.Category]resolvedPath {
resolved := make(map[types.Category]resolvedPath)
for cat, candidates := range sources {
for _, sp := range candidates {
abs := filepath.Join(profileDir, sp.rel)
info, err := os.Stat(abs)
if err != nil {
continue
}
if sp.isDir == info.IsDir() {
resolved[cat] = resolvedPath{abs, sp.isDir}
break
}
}
}
return resolved
}
browser/firefox/firefox_new_test.go → browser/firefox/firefox_test.go
View File