CalvinBackup/HackBrowserData
1
0
Fork 0
mirror of https://github.com/moonD4rk/HackBrowserData.git synced 2026-05-19 18:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
92053b85b062d3a46d3e708ec2ecb01fe87b442b
HackBrowserData/rfcs/003-crypto-naming-cleanup.md
T
Roger 1a3aea553e feat: add Firefox Browser with new v2 architecture (#536) 
* feat: add Firefox Browser implementation with new v2 architecture

Add Firefox NewBrowsers + Extract pipeline following the Chromium v2
pattern. Firefox-specific differences handled:
- Profile discovery: random directory names (e.g. abc123.default-release)
- Master key: NSS/ASN1PBE from key4.db (platform-agnostic, no DPAPI/Keychain)
- Key validation: reuse logins.json from acquireFiles tempPaths
- Extract: only Password needs masterKey; Cookie is plaintext
- No CreditCard or SessionStorage support

Files:
- firefox_new.go: Browser struct, NewBrowsers, Extract, getMasterKey,
  extractCategory, deriveKeys, validateKeyWithLogins, profile discovery
- masterkey.go: extracted shared NSS logic (processMasterKey, queryMetaData,
  queryNssPrivateCandidates, parseLoginCipherPairs, canDecryptAnyLoginCipherPair)
- firefox_new_test.go: table-driven tests with shared fixtures
- source.go: remove dataSource wrapper, use []sourcePath directly
- firefox.go: remove functions moved to masterkey.go

* fix: address Copilot review feedback on Firefox v2

- Fix stale comment referencing removed readLoginCipherPairs
- Rename finallyKey to derivedKey for clarity in processMasterKey
- Add sqlite driver import to masterkey.go for self-containedness

* refactor: rewrite Firefox masterkey and improve naming

Masterkey rewrite:
- Replace raw SQL functions with structured key4DB type (globalSalt,
  passwordCheck, privateKeys) for clear data modeling
- Split processMasterKey into verifyPasswordCheck + decryptPrivateKey
- Add nssKeyTypeTag constant for the magic bytes
- Rename finallyKey to derivedKey
- Add sqlite driver import for self-containedness
- Return error (not fallback) when logins validation explicitly fails

Naming cleanup:
- loginPair → encryptedLogin (clarify these are encrypted blobs)
- parseLoginPairs → sampleEncryptedLogins (clarify sampling purpose)
- canDecryptLogin → tryDecryptLogins (accurate verb, plural alignment)
- Expand abbreviated variables: p→login, uPBE→userPBE, pPBE→pwdPBE

Password extraction:
- Keep entries when decryptPBE fails (URL preserved, user/pwd empty)
- Align with Chromium behavior where decrypt failure doesn't skip records

Old code cleanup:
- firefox.go GetMasterKey now delegates to retrieveMasterKey
- Remove functions moved to masterkey.go

* docs: add RFC-003 for crypto package naming cleanup

Track accumulated naming and structural issues in crypto/asn1pbe.go
and cross-browser shared code for a future dedicated refactoring pass.

* refactor: move masterkey tests to masterkey_test.go

- Rename firefox_test.go to masterkey_test.go since all tests in
  this file test masterkey.go functions (readKey4DB, sampleEncryptedLogins)
- Fix TestReadKey4DB to check nssPrivate rows as a set instead of
  assuming SQLite insertion order
- Future deletion of firefox.go won't accidentally remove masterkey tests
2026-04-04 01:41:02 +08:00

2.2 KiB
Raw Blame History

RFC-003: Crypto Package and Naming Cleanup

Author: moonD4rk Status: Proposed Created: 2026-04-03

Abstract

The crypto/ package and cross-browser shared code have accumulated naming and structural issues over time. This RFC tracks them for a future dedicated refactoring pass. No code changes are proposed here.

1. crypto/asn1pbe.go

Naming

Current Issue Suggested
nssPBE Too generic — "NSS" covers all Firefox crypto privateKeyPBE — decrypts key4.db nssPrivate entries
metaPBE "meta" is vague passwordCheckPBE — decrypts key4.db metaData check
loginPBE Acceptable but inconsistent credentialPBE — decrypts logins.json credentials
ASN1PBE interface Too technical for callers Decryptor or PBEDecryptor
SlatAttr Typo — should be Salt SaltAttr
AlgoAttr.Data.Data Nested names are meaningless Flatten with descriptive field names
AES128CBCDecrypt Misnomer — supports all AES key lengths AESCBCDecrypt

Structure

NewASN1PBE uses trial-and-error asn1.Unmarshal to detect the type. ASN1 parsing is lenient, so multiple structs may succeed. A safer approach would be to parse the OID first, then unmarshal into the matching struct.

2. crypto/crypto_*.go

Current Issue
DecryptWithChromium Platform-specific (AES-CBC on darwin, AES-GCM on windows) — name doesn't reflect this
DecryptWithYandex Nearly identical to DecryptWithChromium on Windows

3. Shared code between Chromium and Firefox

discoverProfiles, hasAnySource, resolveSourcePaths, resolvedPath are nearly identical in both packages (~40 lines duplicated). Currently each package keeps its own copy for independence. If more browser engines are added (e.g. Safari WebKit), consider extracting to a shared package.

4. Priority

  1. SlatAttr typo — trivial fix, do anytime
  2. AES128CBCDecrypt rename — grep + rename, low risk
  3. ASN1PBE type/naming cleanup — medium effort, needs comprehensive tests
  4. NewASN1PBE OID-first detection — higher effort, must not break any Firefox version
  5. Shared profile discovery — only when a third browser engine is added
Reference in New Issue View Git Blame Copy Permalink