mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-06-04 19:48:01 +02:00
Roger
b901f7dff0
* refactor(browser): split installation and profile abstractions A Chromium installation shares one master key across its profiles, but modeling each profile as its own Browser re-derived the key per profile. Browser now represents one installation holding its profiles and derives the key once; new types.Profile/ExtractResult/CountResult carry per-profile results. * style: gofumpt safari_test.go * test(chromium): rename shadowed loop var to path
265 lines
8.4 KiB
Go
265 lines
8.4 KiB
Go
package chromium
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/moond4rk/hackbrowserdata/crypto/keyretriever"
|
|
"github.com/moond4rk/hackbrowserdata/filemanager"
|
|
"github.com/moond4rk/hackbrowserdata/log"
|
|
"github.com/moond4rk/hackbrowserdata/types"
|
|
"github.com/moond4rk/hackbrowserdata/utils/fileutil"
|
|
)
|
|
|
|
// Browser is one Chromium installation: a single UserDataDir holding profiles
|
|
// that share a master key. The key is derived once and reused across profiles.
|
|
type Browser struct {
|
|
cfg types.BrowserConfig
|
|
retrievers keyretriever.Retrievers
|
|
profiles []*profile
|
|
|
|
keysOnce sync.Once
|
|
keys keyretriever.MasterKeys
|
|
}
|
|
|
|
// NewBrowser discovers the Chromium profiles under cfg.UserDataDir and returns
|
|
// the installation, or nil if no profile with resolvable sources exists. Call
|
|
// SetKeyRetrievers before Extract to enable decryption of sensitive data.
|
|
func NewBrowser(cfg types.BrowserConfig) (*Browser, error) {
|
|
sources := sourcesForKind(cfg.Kind)
|
|
extractors := extractorsForKind(cfg.Kind)
|
|
|
|
var profiles []*profile
|
|
for _, profileDir := range discoverProfiles(cfg.UserDataDir, sources) {
|
|
sourcePaths := resolveSourcePaths(sources, profileDir)
|
|
if len(sourcePaths) == 0 {
|
|
continue
|
|
}
|
|
profiles = append(profiles, &profile{
|
|
profileDir: profileDir,
|
|
browserName: cfg.Name,
|
|
kind: cfg.Kind,
|
|
extractors: extractors,
|
|
sourcePaths: sourcePaths,
|
|
})
|
|
}
|
|
if len(profiles) == 0 {
|
|
return nil, nil
|
|
}
|
|
return &Browser{cfg: cfg, profiles: profiles}, nil
|
|
}
|
|
|
|
// SetKeyRetrievers wires the per-tier master-key retrievers (V10/V11/V20) used by
|
|
// Extract; unused tiers stay nil.
|
|
func (b *Browser) SetKeyRetrievers(r keyretriever.Retrievers) { b.retrievers = r }
|
|
|
|
func (b *Browser) BrowserName() string { return b.cfg.Name }
|
|
func (b *Browser) UserDataDir() string { return b.cfg.UserDataDir }
|
|
|
|
// Profiles returns the identity of every profile in this installation.
|
|
func (b *Browser) Profiles() []types.Profile {
|
|
out := make([]types.Profile, 0, len(b.profiles))
|
|
for _, p := range b.profiles {
|
|
out = append(out, types.Profile{Name: p.name(), Dir: p.profileDir})
|
|
}
|
|
return out
|
|
}
|
|
|
|
// Extract derives the installation's master key once, then extracts every profile.
|
|
func (b *Browser) Extract(categories []types.Category) ([]types.ExtractResult, error) {
|
|
keys := b.masterKeys()
|
|
results := make([]types.ExtractResult, 0, len(b.profiles))
|
|
for _, p := range b.profiles {
|
|
results = append(results, types.ExtractResult{
|
|
Profile: types.Profile{Name: p.name(), Dir: p.profileDir},
|
|
Data: p.extract(keys, categories),
|
|
})
|
|
}
|
|
return results, nil
|
|
}
|
|
|
|
// CountEntries counts entries per category for every profile without decryption.
|
|
func (b *Browser) CountEntries(categories []types.Category) ([]types.CountResult, error) {
|
|
results := make([]types.CountResult, 0, len(b.profiles))
|
|
for _, p := range b.profiles {
|
|
results = append(results, types.CountResult{
|
|
Profile: types.Profile{Name: p.name(), Dir: p.profileDir},
|
|
Counts: p.count(categories),
|
|
})
|
|
}
|
|
return results, nil
|
|
}
|
|
|
|
// ExportKeys derives the installation's master keys without extraction. Returns
|
|
// whatever tiers succeeded plus a joined error describing any failed tiers;
|
|
// callers preserve partial results because a Chrome 127+ installation mixes
|
|
// v10 + v20 ciphertexts and a v20-only failure must not erase a usable v10 key.
|
|
func (b *Browser) ExportKeys() (keyretriever.MasterKeys, error) {
|
|
session, err := filemanager.NewSession()
|
|
if err != nil {
|
|
return keyretriever.MasterKeys{}, err
|
|
}
|
|
defer session.Cleanup()
|
|
|
|
return keyretriever.NewMasterKeys(b.retrievers, b.buildHints(session))
|
|
}
|
|
|
|
// masterKeys derives the installation's keys exactly once and caches them.
|
|
// Because derivation happens a single time per installation, a failure is warned
|
|
// exactly once — no cross-profile dedup state is needed.
|
|
func (b *Browser) masterKeys() keyretriever.MasterKeys {
|
|
b.keysOnce.Do(func() {
|
|
keys, err := b.ExportKeys()
|
|
if err != nil {
|
|
log.Warnf("%s: master key retrieval: %v", b.BrowserName(), err)
|
|
}
|
|
b.keys = keys
|
|
})
|
|
return b.keys
|
|
}
|
|
|
|
// buildHints acquires Local State (into session.TempDir so Windows DPAPI/ABE
|
|
// retrievers can read it from a path the process owns) and assembles per-tier
|
|
// retriever hints. Local State lives at the installation root (cfg.UserDataDir)
|
|
// in both the multi-profile and flat (Opera) layouts.
|
|
func (b *Browser) buildHints(session *filemanager.Session) keyretriever.Hints {
|
|
var localStateDst string
|
|
candidate := filepath.Join(b.cfg.UserDataDir, "Local State")
|
|
if fileutil.FileExists(candidate) {
|
|
dst := filepath.Join(session.TempDir(), "Local State")
|
|
if err := session.Acquire(candidate, dst, false); err != nil {
|
|
log.Debugf("acquire Local State for %s: %v", b.BrowserName(), err)
|
|
} else {
|
|
localStateDst = dst
|
|
}
|
|
}
|
|
|
|
abeKey := ""
|
|
if b.cfg.WindowsABE {
|
|
abeKey = b.cfg.Key
|
|
}
|
|
return keyretriever.Hints{
|
|
KeychainLabel: b.cfg.KeychainLabel,
|
|
WindowsABEKey: abeKey,
|
|
LocalStatePath: localStateDst,
|
|
}
|
|
}
|
|
|
|
// discoverProfiles lists subdirectories of userDataDir that are valid
|
|
// Chromium profile directories. A directory is considered a profile if it
|
|
// contains a "Preferences" file, which Chromium creates for every profile.
|
|
func discoverProfiles(userDataDir string, sources map[types.Category][]sourcePath) []string {
|
|
entries, err := os.ReadDir(userDataDir)
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
var profiles []string
|
|
for _, e := range entries {
|
|
if !e.IsDir() || isSkippedDir(e.Name()) {
|
|
continue
|
|
}
|
|
dir := filepath.Join(userDataDir, e.Name())
|
|
if isProfileDir(dir) {
|
|
profiles = append(profiles, dir)
|
|
}
|
|
}
|
|
|
|
// Flat layout fallback (older Opera): data files directly in userDataDir.
|
|
// Opera stores data alongside Local State in userDataDir itself, so check
|
|
// for any known source file instead of Preferences.
|
|
if len(profiles) == 0 && hasAnySource(sources, userDataDir) {
|
|
profiles = append(profiles, userDataDir)
|
|
}
|
|
return profiles
|
|
}
|
|
|
|
// profileMarkers are filenames that identify a directory as a Chromium profile.
|
|
// Chromium creates a per-profile preferences file on first use; checking for
|
|
// its existence filters out non-profile subdirectories (Crashpad, ShaderCache, etc.).
|
|
//
|
|
// - "Preferences" — standard Chromium and all major forks (Chrome, Edge, Brave, …)
|
|
// - "Preferences_02" — Tencent-based browsers (QQ Browser, Sogou Explorer)
|
|
var profileMarkers = []string{
|
|
"Preferences",
|
|
"Preferences_02",
|
|
}
|
|
|
|
// isProfileDir reports whether dir is a valid Chromium profile directory.
|
|
func isProfileDir(dir string) bool {
|
|
for _, name := range profileMarkers {
|
|
if _, err := os.Stat(filepath.Join(dir, name)); err == nil {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// hasAnySource checks if dir contains at least one source file or directory.
|
|
func hasAnySource(sources map[types.Category][]sourcePath, dir string) bool {
|
|
for _, candidates := range sources {
|
|
for _, sp := range candidates {
|
|
abs := filepath.Join(dir, sp.rel)
|
|
if _, err := os.Stat(abs); err == nil {
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// resolvedPath holds the absolute path and type for a discovered source.
|
|
type resolvedPath struct {
|
|
absPath string
|
|
isDir bool
|
|
}
|
|
|
|
// resolveSourcePaths checks which sources actually exist in profileDir.
|
|
// Candidates are tried in priority order; the first existing path wins.
|
|
func resolveSourcePaths(sources map[types.Category][]sourcePath, profileDir string) map[types.Category]resolvedPath {
|
|
resolved := make(map[types.Category]resolvedPath)
|
|
for cat, candidates := range sources {
|
|
for _, sp := range candidates {
|
|
abs := filepath.Join(profileDir, sp.rel)
|
|
info, err := os.Stat(abs)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if sp.isDir == info.IsDir() {
|
|
resolved[cat] = resolvedPath{abs, sp.isDir}
|
|
break
|
|
}
|
|
}
|
|
}
|
|
return resolved
|
|
}
|
|
|
|
// isSkippedDir returns true for directory names that should never be
|
|
// treated as browser profiles.
|
|
func isSkippedDir(name string) bool {
|
|
switch name {
|
|
case "System Profile", "Guest Profile", "Snapshot":
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Offset from the Chromium epoch (1601-01-01 UTC) to the Unix epoch,
|
|
// matching base::Time::kTimeTToMicrosecondsOffset in Chromium.
|
|
const chromiumEpochOffsetMicros int64 = 11644473600000000
|
|
|
|
// timeEpoch converts a Chromium base::Time (μs since 1601 UTC) to UTC.
|
|
// Returns zero for non-positive input or out-of-JSON-range values.
|
|
func timeEpoch(epoch int64) time.Time {
|
|
if epoch <= 0 {
|
|
return time.Time{}
|
|
}
|
|
t := time.UnixMicro(epoch - chromiumEpochOffsetMicros).UTC()
|
|
if t.Year() < 1 || t.Year() > 9999 {
|
|
return time.Time{}
|
|
}
|
|
return t
|
|
}
|