mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-05-19 18:58:03 +02:00
Roger
b3dd4ed6e4
* feat: add Chromium extract methods, source mapping, and tests Implement per-category data extraction for Chromium browsers as typed standalone functions, preparing for Phase 8 wiring into the new Chromium struct. New files: - source.go: dataSource struct, chromiumSources/yandexSources maps, yandexQueryOverrides for Yandex action_url variant - decrypt.go: decryptValue() wrapping platform-specific decryption - extract_password.go: SQLite + decrypt → []LoginEntry - extract_cookie.go: SQLite + decrypt → []CookieEntry - extract_creditcard.go: SQLite + decrypt → []CreditCardEntry - extract_history.go: SQLite → []HistoryEntry - extract_download.go: SQLite → []DownloadEntry - extract_bookmark.go: JSON recursive → []BookmarkEntry - extract_extension.go: JSON → []ExtensionEntry - extract_storage.go: LevelDB → []StorageEntry (local + session) - firefox/source.go: firefoxSources map Tests use real Chrome table schemas for SQLite fixtures, with INSERT helpers to keep test data readable and self-documenting. Ref #520 * fix: remove LevelDB invalid path test (Windows compatibility) leveldb.OpenFile creates the directory on Windows instead of returning an error, causing TestExtractLocalStorage_InvalidPath to fail in CI. This test was verifying LevelDB behavior, not our extraction logic. * refactor: remove unused query parameter from extract functions Only extractPasswords needs the query override (Yandex action_url). The other 7 SQLite extract functions always use their default query, so remove the unnecessary query parameter from their signatures. * refactor: use DetectVersion in decryptValue instead of blind fallback Replace try-then-fallback pattern with explicit version detection using crypto.DetectVersion. Routes v10 to DecryptWithChromium, DPAPI to DecryptWithDPAPI, and adds a TODO placeholder for v20 App-Bound Encryption. * chore: relax gocognit and gocritic linters for test files * revert: restore strict gocognit and gocritic linters for test files * fix: address review feedback on extract methods - Store DetectVersion result in local variable to avoid duplicate call - Scan credit card expiration_month/year as int then convert to string (matches INTEGER column type in real Chrome schema) - Add os.Stat check before leveldb.OpenFile to prevent creating empty directories for non-existent paths - Rename TestExtractExtensions_InvalidJSON to TestExtractExtensions_MissingSettingsPath (JSON is valid, path is missing) * fix: revert creditcard scan to string type for NULL safety modernc.org/sqlite handles INTEGER→string conversion automatically. Scanning into string is safer for nullable columns — NULL becomes "" instead of "0" which would be an invalid month/year.
30 lines
838 B
Go
30 lines
838 B
Go
package chromium
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/moond4rk/hackbrowserdata/crypto"
|
|
)
|
|
|
|
// decryptValue decrypts a Chromium-encrypted value using the master key.
|
|
// It detects the cipher version from the ciphertext prefix and routes
|
|
// to the appropriate decryption function.
|
|
func decryptValue(masterKey, ciphertext []byte) ([]byte, error) {
|
|
if len(ciphertext) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
version := crypto.DetectVersion(ciphertext)
|
|
switch version {
|
|
case crypto.CipherV10:
|
|
return crypto.DecryptWithChromium(masterKey, ciphertext)
|
|
case crypto.CipherV20:
|
|
// TODO: implement App-Bound Encryption (Chrome 127+)
|
|
return nil, fmt.Errorf("v20 App-Bound Encryption not yet supported")
|
|
case crypto.CipherDPAPI:
|
|
return crypto.DecryptWithDPAPI(ciphertext)
|
|
default:
|
|
return nil, fmt.Errorf("unsupported cipher version: %s", version)
|
|
}
|
|
}
|