0

Im having problems with my code which is supposed to decrypt a Chrome Browser Passwords file The decryption process in my code looks like this:

for info in value:
        password = win32crypt.CryptUnprotectData(info[2], None, None, None, 0)[1]
        if password:
            result += 'Host: %s\nLogin: %s\nPassword: %s\n\n' % (info[:2] + (password.decode('utf-8'),))

Using this code however throws up an exception:

Key is not valid in specified state

I know that this basically means that the decryption key is wrong. But I dont really get why. Im decripting the file on the same computer the Browser Password file is on. Why does this error still occur?

Windshear
  • 103
  • 2
  • This may be caused by the Chrome version. Starting with v80, passwords are encrypted with AES GCM (the key is still DPAPI encrypted), previously with DPAPI, see [here](https://xenarmor.com/how-to-recover-saved-passwords-google-chrome/). – Topaco Mar 03 '20 at 16:18
  • Does that mean that it is now impossible to decrypt the passwords using python? – Windshear Mar 03 '20 at 17:21
  • No. It just means that it needs to be decrypted in a _different_ way. Whether this is necessary can be checked via the browser version (v80 or higher) or on the encrypted data itself, which in the case of the new procedure starts binary with `0x763130`. [Here](https://stackoverflow.com/a/60423699) the decryption of _cookies_ with Python according to the new procedure is described, which should actually not differ from the decryption of _passwords_. – Topaco Mar 03 '20 at 17:54
  • Im not sure how the script would look for the passwords though, as you use SQL instead of JSON – Windshear Mar 03 '20 at 18:56
  • SQL? Actually the code from the answer should be usable without any changes, where `data` contain the encrypted password as bytes object. What you need to add, of course, is the filling of `data` (via SQL, JSON or whatever). If this doesn't work I can only refer to [this article](https://xenarmor.com/how-to-recover-saved-passwords-google-chrome/) which describes the v80 encryption/decryption procedure in detail (especially for passwords), so that you can hopefully write your own script. – Topaco Mar 03 '20 at 20:08
  • As far as I can see, your provided link only comes up with a script for the decryption process of v79 and older, whereas I obviously would need the v80 script. – Windshear Mar 04 '20 at 16:48
  • Which link do you mean? I posted two, one to an [article](https://xenarmor.com/how-to-recover-saved-passwords-google-chrome/) describing the v80+ algorithm (in the _Chrome Password Secrets_ chapter in the _Chrome v80.0 and higher_ section), and one to an [answer](https://stackoverflow.com/a/60423699/9014097) with a Python code that implements the v80+ algorithm (_exactly_ as described in the article). Note, the v80+ algorithm still uses DPAPI for the key (but not for the passwords), so this may irritate you. Have a look at the linked article, it might clarify some points. – Topaco Mar 04 '20 at 20:47

0 Answers0