解密 Chromium cookie-C/C++问题

Decrypting Chromium cookies(解密 Chromium cookie)

本文介绍了解密 Chromium cookie的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试在 Python 中使用 Chromium cookie，因为 Chromium 使用 AES(使用 CBC)加密它的 cookie，我需要扭转这一点.

I'm trying to use Chromium cookies in Python, because Chromium encrypts its cookies using AES (with CBC) I need to reverse this.

我可以从 OS X 的钥匙串中恢复 AES 密钥(它存储在 Base 64 中):

I can recover the AES key from OS X's Keychain (it's stored in Base 64):

security find-generic-password -w -a Chrome -s Chrome Safe Storage
# From Python:
python -c 'from subprocess import PIPE, Popen; print(Popen(['security', 'find-generic-password', '-w', '-a', 'Chrome', '-s', 'Chrome Safe Storage'], stdout=PIPE).stdout.read().strip())'

这是我的代码，我所缺少的只是解密 cookie:

Here's the code I have, all I'm missing is decrypting the cookies:

from subprocess import PIPE, Popen
from sqlite3 import dbapi2

def get_encryption_key():
  cmd = ['security', 'find-generic-password', '-w', '-a', 'Chrome', '-s', 'Chrome Safe Storage']
  return Popen(cmd, stdout=PIPE).stdout.read().strip().decode('base-64')

def get_cookies(database):
  key = get_encryption_key()
  with dbapi2.connect(database) as conn:
    conn.rollback()
    rows = conn.cursor().execute('SELECT name, encrypted_value FROM cookies WHERE host_key like ".example.com"')

  cookies = {}
  for name, enc_val in rows:
    val = decrypt(enc_val, key) # magic missing
    cookies[name] = val

  return cookies

我用 pyCrypto 的 AES 模块尝试了很多东西，但是:

I tried a bunch of things with pyCrypto's AES module but:

我没有初始化向量 (IV)
enc_val 不是 16 的倍数

I have no Initialization Vector (IV)
enc_val is not a multiple of 16 in length

以下是一些看似有用的链接:

Here are some links that seem useful:

开始这一切的提交
components/encryptor/keychain_password_mac.毫米
AES 密钥生成(未使用)在 OS X 中，但可以帮助其他人)
cookie 插入功能

你能帮我解决这个问题吗?

Can you help me figure this out?

推荐答案

您走对了！我已经研究了几天，终于弄明白了.(非常感谢 OP 提供了指向 Chromium 源代码的有用链接.)

You're on the right track! I've been working on this for a few days and finally figured it out. (Many thanks to the OP for the helpful links to the Chromium source.)

我已经发布了一篇帖子，其中包含更多细节和工作脚本，但这里是基本思想:

I've put up a post with a little more detail and a working script, but here is the basic idea:

#! /usr/bin/env python3

from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2

# Function to get rid of padding
def clean(x): 
    return x[:-x[-1]].decode('utf8')

# replace with your encrypted_value from sqlite3
encrypted_value = ENCRYPTED_VALUE 

# Trim off the 'v10' that Chrome/ium prepends
encrypted_value = encrypted_value[3:]

# Default values used by both Chrome and Chromium in OSX and Linux
salt = b'saltysalt'
iv = b' ' * 16
length = 16

# On Mac, replace MY_PASS with your password from Keychain
# On Linux, replace MY_PASS with 'peanuts'
my_pass = MY_PASS
my_pass = my_pass.encode('utf8')

# 1003 on Mac, 1 on Linux
iterations = 1003

key = PBKDF2(my_pass, salt, length, iterations)
cipher = AES.new(key, AES.MODE_CBC, IV=iv)

decrypted = cipher.decrypt(encrypted_value)
print(clean(decrypted))

这篇关于解密 Chromium cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！