mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-06-08 20:03:52 +02:00
Roger
1a3aea553e
* feat: add Firefox Browser implementation with new v2 architecture Add Firefox NewBrowsers + Extract pipeline following the Chromium v2 pattern. Firefox-specific differences handled: - Profile discovery: random directory names (e.g. abc123.default-release) - Master key: NSS/ASN1PBE from key4.db (platform-agnostic, no DPAPI/Keychain) - Key validation: reuse logins.json from acquireFiles tempPaths - Extract: only Password needs masterKey; Cookie is plaintext - No CreditCard or SessionStorage support Files: - firefox_new.go: Browser struct, NewBrowsers, Extract, getMasterKey, extractCategory, deriveKeys, validateKeyWithLogins, profile discovery - masterkey.go: extracted shared NSS logic (processMasterKey, queryMetaData, queryNssPrivateCandidates, parseLoginCipherPairs, canDecryptAnyLoginCipherPair) - firefox_new_test.go: table-driven tests with shared fixtures - source.go: remove dataSource wrapper, use []sourcePath directly - firefox.go: remove functions moved to masterkey.go * fix: address Copilot review feedback on Firefox v2 - Fix stale comment referencing removed readLoginCipherPairs - Rename finallyKey to derivedKey for clarity in processMasterKey - Add sqlite driver import to masterkey.go for self-containedness * refactor: rewrite Firefox masterkey and improve naming Masterkey rewrite: - Replace raw SQL functions with structured key4DB type (globalSalt, passwordCheck, privateKeys) for clear data modeling - Split processMasterKey into verifyPasswordCheck + decryptPrivateKey - Add nssKeyTypeTag constant for the magic bytes - Rename finallyKey to derivedKey - Add sqlite driver import for self-containedness - Return error (not fallback) when logins validation explicitly fails Naming cleanup: - loginPair → encryptedLogin (clarify these are encrypted blobs) - parseLoginPairs → sampleEncryptedLogins (clarify sampling purpose) - canDecryptLogin → tryDecryptLogins (accurate verb, plural alignment) - Expand abbreviated variables: p→login, uPBE→userPBE, pPBE→pwdPBE Password extraction: - Keep entries when decryptPBE fails (URL preserved, user/pwd empty) - Align with Chromium behavior where decrypt failure doesn't skip records Old code cleanup: - firefox.go GetMasterKey now delegates to retrieveMasterKey - Remove functions moved to masterkey.go * docs: add RFC-003 for crypto package naming cleanup Track accumulated naming and structural issues in crypto/asn1pbe.go and cross-browser shared code for a future dedicated refactoring pass. * refactor: move masterkey tests to masterkey_test.go - Rename firefox_test.go to masterkey_test.go since all tests in this file test masterkey.go functions (readKey4DB, sampleEncryptedLogins) - Fix TestReadKey4DB to check nssPrivate rows as a set instead of assuming SQLite insertion order - Future deletion of firefox.go won't accidentally remove masterkey tests
54 lines
2.2 KiB
Markdown
54 lines
2.2 KiB
Markdown
# RFC-003: Crypto Package and Naming Cleanup
|
|
|
|
**Author**: moonD4rk
|
|
**Status**: Proposed
|
|
**Created**: 2026-04-03
|
|
|
|
## Abstract
|
|
|
|
The `crypto/` package and cross-browser shared code have accumulated naming
|
|
and structural issues over time. This RFC tracks them for a future dedicated
|
|
refactoring pass. No code changes are proposed here.
|
|
|
|
## 1. crypto/asn1pbe.go
|
|
|
|
### Naming
|
|
|
|
| Current | Issue | Suggested |
|
|
|---------|-------|-----------|
|
|
| `nssPBE` | Too generic — "NSS" covers all Firefox crypto | `privateKeyPBE` — decrypts key4.db nssPrivate entries |
|
|
| `metaPBE` | "meta" is vague | `passwordCheckPBE` — decrypts key4.db metaData check |
|
|
| `loginPBE` | Acceptable but inconsistent | `credentialPBE` — decrypts logins.json credentials |
|
|
| `ASN1PBE` interface | Too technical for callers | `Decryptor` or `PBEDecryptor` |
|
|
| `SlatAttr` | **Typo** — should be `Salt` | `SaltAttr` |
|
|
| `AlgoAttr.Data.Data` | Nested names are meaningless | Flatten with descriptive field names |
|
|
| `AES128CBCDecrypt` | Misnomer — supports all AES key lengths | `AESCBCDecrypt` |
|
|
|
|
### Structure
|
|
|
|
`NewASN1PBE` uses trial-and-error `asn1.Unmarshal` to detect the type.
|
|
ASN1 parsing is lenient, so multiple structs may succeed. A safer approach
|
|
would be to parse the OID first, then unmarshal into the matching struct.
|
|
|
|
## 2. crypto/crypto_*.go
|
|
|
|
| Current | Issue |
|
|
|---------|-------|
|
|
| `DecryptWithChromium` | Platform-specific (AES-CBC on darwin, AES-GCM on windows) — name doesn't reflect this |
|
|
| `DecryptWithYandex` | Nearly identical to `DecryptWithChromium` on Windows |
|
|
|
|
## 3. Shared code between Chromium and Firefox
|
|
|
|
`discoverProfiles`, `hasAnySource`, `resolveSourcePaths`, `resolvedPath`
|
|
are nearly identical in both packages (~40 lines duplicated). Currently
|
|
each package keeps its own copy for independence. If more browser engines
|
|
are added (e.g. Safari WebKit), consider extracting to a shared package.
|
|
|
|
## 4. Priority
|
|
|
|
1. **SlatAttr typo** — trivial fix, do anytime
|
|
2. **AES128CBCDecrypt rename** — grep + rename, low risk
|
|
3. **ASN1PBE type/naming cleanup** — medium effort, needs comprehensive tests
|
|
4. **NewASN1PBE OID-first detection** — higher effort, must not break any Firefox version
|
|
5. **Shared profile discovery** — only when a third browser engine is added
|