From b66ca7b3d8f1dd85a22c6b10fb97e06a1942a668 Mon Sep 17 00:00:00 2001 From: Aquilao Official Date: Thu, 14 Nov 2024 10:13:46 +0800 Subject: [PATCH] fix: Resolve decryption failures of password value in some browser (#452) * fix: skip chromium-based browser 'def' dir * fix: fixed the issue that 360speed, QQ Browser and other Chinese browsers had errors in decrypting passwords and cookies * misc: modify some log level * fix: fix the wrong function --------- Co-authored-by: Aquilao --- browserdata/bookmark/bookmark.go | 4 ++-- browserdata/browserdata.go | 8 ++++---- browserdata/cookie/cookie.go | 17 +++++++++-------- browserdata/creditcard/creditcard.go | 8 ++++---- browserdata/download/download.go | 2 +- browserdata/history/history.go | 2 +- browserdata/localstorage/localstorage.go | 4 ++-- browserdata/password/password.go | 19 ++++++++++--------- browserdata/sessionstorage/sessionstorage.go | 4 ++-- 9 files changed, 35 insertions(+), 33 deletions(-) diff --git a/browserdata/bookmark/bookmark.go b/browserdata/bookmark/bookmark.go index 0e7d629..8d46106 100644 --- a/browserdata/bookmark/bookmark.go +++ b/browserdata/bookmark/bookmark.go @@ -111,7 +111,7 @@ func (f *FirefoxBookmark) Extract(_ []byte) error { defer db.Close() _, err = db.Exec(closeJournalMode) if err != nil { - log.Errorf("close journal mode error: %v", err) + log.Debugf("close journal mode error: %v", err) } rows, err := db.Query(queryFirefoxBookMark) if err != nil { @@ -124,7 +124,7 @@ func (f *FirefoxBookmark) Extract(_ []byte) error { title, url string ) if err = rows.Scan(&id, &url, &bt, &dateAdded, &title); err != nil { - log.Errorf("scan bookmark error: %v", err) + log.Debugf("scan bookmark error: %v", err) } *f = append(*f, bookmark{ ID: id, diff --git a/browserdata/browserdata.go b/browserdata/browserdata.go index 20ab033..646fb1e 100644 --- a/browserdata/browserdata.go +++ b/browserdata/browserdata.go @@ -22,7 +22,7 @@ func New(items []types.DataType) *BrowserData { func (d *BrowserData) Recovery(masterKey []byte) error { for _, source := range d.extractors { if err := source.Extract(masterKey); err != nil { - log.Errorf("parse %s error: %v", source.Name(), err) + log.Debugf("parse %s error: %v", source.Name(), err) continue } } @@ -41,15 +41,15 @@ func (d *BrowserData) Output(dir, browserName, flag string) { f, err := output.CreateFile(dir, filename) if err != nil { - log.Errorf("create file %s error: %v", filename, err) + log.Debugf("create file %s error: %v", filename, err) continue } if err := output.Write(source, f); err != nil { - log.Errorf("write to file %s error: %v", filename, err) + log.Debugf("write to file %s error: %v", filename, err) continue } if err := f.Close(); err != nil { - log.Errorf("close file %s error: %v", filename, err) + log.Debugf("close file %s error: %v", filename, err) continue } log.Warnf("export success: %s", filename) diff --git a/browserdata/cookie/cookie.go b/browserdata/cookie/cookie.go index cac4c2e..ca65d63 100644 --- a/browserdata/cookie/cookie.go +++ b/browserdata/cookie/cookie.go @@ -65,7 +65,7 @@ func (c *ChromiumCookie) Extract(masterKey []byte) error { value, encryptValue []byte ) if err = rows.Scan(&key, &encryptValue, &host, &path, &createDate, &expireDate, &isSecure, &isHTTPOnly, &hasExpire, &isPersistent); err != nil { - log.Errorf("scan chromium cookie error: %v", err) + log.Debugf("scan chromium cookie error: %v", err) } cookie := cookie{ @@ -80,16 +80,17 @@ func (c *ChromiumCookie) Extract(masterKey []byte) error { CreateDate: typeutil.TimeEpoch(createDate), ExpireDate: typeutil.TimeEpoch(expireDate), } + if len(encryptValue) > 0 { - if len(masterKey) == 0 { - value, err = crypto.DecryptWithDPAPI(encryptValue) - } else { - value, err = crypto.DecryptWithChromium(masterKey, encryptValue) - } + value, err = crypto.DecryptWithDPAPI(encryptValue) if err != nil { - log.Errorf("decrypt chromium cookie error: %v", err) + value, err = crypto.DecryptWithChromium(masterKey, encryptValue) + if err != nil { + log.Debugf("decrypt chromium cookie error: %v", err) + } } } + cookie.Value = string(value) *c = append(*c, cookie) } @@ -133,7 +134,7 @@ func (f *FirefoxCookie) Extract(_ []byte) error { creationTime, expiry int64 ) if err = rows.Scan(&name, &value, &host, &path, &creationTime, &expiry, &isSecure, &isHTTPOnly); err != nil { - log.Errorf("scan firefox cookie error: %v", err) + log.Debugf("scan firefox cookie error: %v", err) } *f = append(*f, cookie{ KeyName: name, diff --git a/browserdata/creditcard/creditcard.go b/browserdata/creditcard/creditcard.go index 35adee9..3f1fae7 100644 --- a/browserdata/creditcard/creditcard.go +++ b/browserdata/creditcard/creditcard.go @@ -57,7 +57,7 @@ func (c *ChromiumCreditCard) Extract(masterKey []byte) error { value, encryptValue []byte ) if err := rows.Scan(&guid, &name, &month, &year, &encryptValue, &address, &nickname); err != nil { - log.Errorf("scan chromium credit card error: %v", err) + log.Debugf("scan chromium credit card error: %v", err) } ccInfo := card{ GUID: guid, @@ -74,7 +74,7 @@ func (c *ChromiumCreditCard) Extract(masterKey []byte) error { value, err = crypto.DecryptWithChromium(masterKey, encryptValue) } if err != nil { - log.Errorf("decrypt chromium credit card error: %v", err) + log.Debugf("decrypt chromium credit card error: %v", err) } } @@ -112,7 +112,7 @@ func (c *YandexCreditCard) Extract(masterKey []byte) error { value, encryptValue []byte ) if err := rows.Scan(&guid, &name, &month, &year, &encryptValue, &address, &nickname); err != nil { - log.Errorf("scan chromium credit card error: %v", err) + log.Debugf("scan chromium credit card error: %v", err) } ccInfo := card{ GUID: guid, @@ -129,7 +129,7 @@ func (c *YandexCreditCard) Extract(masterKey []byte) error { value, err = crypto.DecryptWithChromium(masterKey, encryptValue) } if err != nil { - log.Errorf("decrypt chromium credit card error: %v", err) + log.Debugf("decrypt chromium credit card error: %v", err) } } ccInfo.CardNumber = string(value) diff --git a/browserdata/download/download.go b/browserdata/download/download.go index 3120821..22b9eec 100644 --- a/browserdata/download/download.go +++ b/browserdata/download/download.go @@ -101,7 +101,7 @@ func (f *FirefoxDownload) Extract(_ []byte) error { _, err = db.Exec(closeJournalMode) if err != nil { - log.Errorf("close journal mode error: %v", err) + log.Debugf("close journal mode error: %v", err) } rows, err := db.Query(queryFirefoxDownload) if err != nil { diff --git a/browserdata/history/history.go b/browserdata/history/history.go index 952edc7..5460263 100644 --- a/browserdata/history/history.go +++ b/browserdata/history/history.go @@ -113,7 +113,7 @@ func (f *FirefoxHistory) Extract(_ []byte) error { visitCount int ) if err = rows.Scan(&id, &url, &visitDate, &title, &visitCount); err != nil { - log.Errorf("scan firefox history error: %v", err) + log.Debugf("scan firefox history error: %v", err) } *f = append(*f, history{ Title: title, diff --git a/browserdata/localstorage/localstorage.go b/browserdata/localstorage/localstorage.go index 05e5e18..0a8c106 100644 --- a/browserdata/localstorage/localstorage.go +++ b/browserdata/localstorage/localstorage.go @@ -125,7 +125,7 @@ func (f *FirefoxLocalStorage) Extract(_ []byte) error { _, err = db.Exec(closeJournalMode) if err != nil { - log.Errorf("close journal mode error: %v", err) + log.Debugf("close journal mode error: %v", err) } rows, err := db.Query(queryLocalStorage) if err != nil { @@ -135,7 +135,7 @@ func (f *FirefoxLocalStorage) Extract(_ []byte) error { for rows.Next() { var originKey, key, value string if err = rows.Scan(&originKey, &key, &value); err != nil { - log.Errorf("scan firefox local storage error: %v", err) + log.Debugf("scan firefox local storage error: %v", err) } s := new(storage) s.fillFirefox(originKey, key, value) diff --git a/browserdata/password/password.go b/browserdata/password/password.go index bedf281..031734a 100644 --- a/browserdata/password/password.go +++ b/browserdata/password/password.go @@ -65,23 +65,24 @@ func (c *ChromiumPassword) Extract(masterKey []byte) error { create int64 ) if err := rows.Scan(&url, &username, &pwd, &create); err != nil { - log.Errorf("scan chromium password error: %v", err) + log.Debugf("scan chromium password error: %v", err) } login := loginData{ UserName: username, encryptPass: pwd, LoginURL: url, } + if len(pwd) > 0 { - if len(masterKey) == 0 { - password, err = crypto.DecryptWithDPAPI(pwd) - } else { - password, err = crypto.DecryptWithChromium(masterKey, pwd) - } + password, err = crypto.DecryptWithDPAPI(pwd) if err != nil { - log.Errorf("decrypt chromium password error: %v", err) + password, err = crypto.DecryptWithChromium(masterKey, pwd) + if err != nil { + log.Debugf("decrypt chromium password error: %v", err) + } } } + if create > time.Now().Unix() { login.CreateDate = typeutil.TimeEpoch(create) } else { @@ -132,7 +133,7 @@ func (c *YandexPassword) Extract(masterKey []byte) error { create int64 ) if err := rows.Scan(&url, &username, &pwd, &create); err != nil { - log.Errorf("scan yandex password error: %v", err) + log.Debugf("scan yandex password error: %v", err) } login := loginData{ UserName: username, @@ -147,7 +148,7 @@ func (c *YandexPassword) Extract(masterKey []byte) error { password, err = crypto.DecryptWithChromium(masterKey, pwd) } if err != nil { - log.Errorf("decrypt yandex password error: %v", err) + log.Debugf("decrypt yandex password error: %v", err) } } if create > time.Now().Unix() { diff --git a/browserdata/sessionstorage/sessionstorage.go b/browserdata/sessionstorage/sessionstorage.go index e3380ce..7c10b96 100644 --- a/browserdata/sessionstorage/sessionstorage.go +++ b/browserdata/sessionstorage/sessionstorage.go @@ -133,7 +133,7 @@ func (f *FirefoxSessionStorage) Extract(_ []byte) error { _, err = db.Exec(closeJournalMode) if err != nil { - log.Errorf("close journal mode error: %v", err) + log.Debugf("close journal mode error: %v", err) } rows, err := db.Query(querySessionStorage) if err != nil { @@ -143,7 +143,7 @@ func (f *FirefoxSessionStorage) Extract(_ []byte) error { for rows.Next() { var originKey, key, value string if err = rows.Scan(&originKey, &key, &value); err != nil { - log.Errorf("scan session storage error: %v", err) + log.Debugf("scan session storage error: %v", err) } s := new(session) s.fillFirefox(originKey, key, value)