mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-05-25 19:17:48 +02:00
Roger
ccc8643d86
* feat(darwin): add interactive terminal password prompt for keychain unlock (#556) * test: add unit tests for keyretriever and address review feedback - Add errStorageNotFound sentinel error for precise error matching - Non-TTY TerminalPasswordRetriever returns nil silently (review #558) - Add darwin tests: findStorageKey, empty password, non-TTY skip - Add linux tests: FallbackRetriever peanuts key, DefaultRetriever chain * fix: add nolint:unused for errStorageNotFound on Windows, clean up error message errStorageNotFound is only used on darwin/linux; Windows lint flagged it as unused. Also simplify error format to avoid "storage" duplication. * fix: add nolint:unused for errStorageNotFound, simplify error message errStorageNotFound is only referenced on darwin and linux; Windows lint flags it as unused. Also remove redundant "storage" prefix from the error format string.
46 lines
1.6 KiB
Go
46 lines
1.6 KiB
Go
package keyretriever
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
)
|
|
|
|
// errStorageNotFound is returned when the requested browser storage
|
|
// account is not found in the credential store (keychain, keyring, etc.).
|
|
// Only used on darwin and linux; Windows uses DPAPI which has no storage lookup.
|
|
var errStorageNotFound = errors.New("not found in credential store") //nolint:unused // only used on darwin and linux
|
|
|
|
// KeyRetriever retrieves the master encryption key for a Chromium-based browser.
|
|
// Each platform has different implementations:
|
|
// - macOS: Keychain access (security command) or gcoredump exploit
|
|
// - Windows: DPAPI decryption of Local State file
|
|
// - Linux: D-Bus Secret Service or fallback to "peanuts" password
|
|
type KeyRetriever interface {
|
|
RetrieveKey(storage, localStatePath string) ([]byte, error)
|
|
}
|
|
|
|
// ChainRetriever tries multiple retrievers in order, returning the first success.
|
|
// Used on macOS (gcoredump → password → security) and Linux (D-Bus → peanuts).
|
|
type ChainRetriever struct {
|
|
retrievers []KeyRetriever
|
|
}
|
|
|
|
// NewChain creates a ChainRetriever that tries each retriever in order.
|
|
func NewChain(retrievers ...KeyRetriever) KeyRetriever {
|
|
return &ChainRetriever{retrievers: retrievers}
|
|
}
|
|
|
|
func (c *ChainRetriever) RetrieveKey(storage, localStatePath string) ([]byte, error) {
|
|
var errs []error
|
|
for _, r := range c.retrievers {
|
|
key, err := r.RetrieveKey(storage, localStatePath)
|
|
if err == nil && len(key) > 0 {
|
|
return key, nil
|
|
}
|
|
if err != nil {
|
|
errs = append(errs, fmt.Errorf("%T: %w", r, err))
|
|
}
|
|
}
|
|
return nil, fmt.Errorf("all retrievers failed: %w", errors.Join(errs...))
|
|
}
|