1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
| import os
import json
import base64
import sqlite3
import shutil
import winreg
from time import perf_counter
from win32crypt import CryptUnprotectData
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
def get_desktop():
key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders')
return winreg.QueryValueEx(key, "Desktop")[0]
def get_string(local_state):
with open(local_state, 'r', encoding='utf-8') as f:
s = json.load(f)['os_crypt']['encrypted_key']
return s
def pull_the_key(base64_encrypted_key):
encrypted_key_with_header = base64.b64decode(base64_encrypted_key)
encrypted_key = encrypted_key_with_header[5:]
key = CryptUnprotectData(encrypted_key, None, None, None, 0)[1]
return key
def decrypt_string(key, data):
nonce, cipherbytes = data[3:15], data[15:]
aesgcm = AESGCM(key)
plainbytes = aesgcm.decrypt(nonce, cipherbytes, None)
plaintext = plainbytes.decode('utf-8')
return plaintext
def get_password_from_chrome():
local_state = os.environ['LOCALAPPDATA'] + r'\Google\Chrome\User Data\Local State'
origin_file = os.path.join(os.environ['LOCALAPPDATA'], r'Google\Chrome\User Data\Default\Login Data')
tmp_file = os.path.join(os.environ['LOCALAPPDATA'], 'chrome_password.db')
if os.path.exists(tmp_file):
os.remove(tmp_file)
shutil.copyfile(origin_file, tmp_file)
pwd_text = "网站,帐号,密码\n"
sql = "select signon_realm,username_value,password_value from logins"
with sqlite3.connect(tmp_file) as conn:
cu = conn.cursor()
res = cu.execute(sql).fetchall()
cu.close()
key = pull_the_key(get_string(local_state))
for signon_realm, username_value, password_value in res:
if password_value[0:3] == b'v10':
password = decrypt_string(key, password_value)
else:
password = CryptUnprotectData(password_value)[1].decode()
pwd_text += '"%s","%s","%s"\n' % (signon_realm, username_value, password)
conn.close()
os.remove(tmp_file)
filename = os.path.join(get_desktop(), r'chrome_password.csv')
with open(filename, 'w') as f:
f.write(pwd_text)
if __name__ == "__main__":
start = perf_counter()
get_password_from_chrome()
elapsed = perf_counter() - start
print(f"已将 Chrome 中保存的密码提取到桌面的 chrome_password.csv 文件\n用时 {elapsed} 秒")
|