Chrome 80 如何解码 cookie [英] Chrome 80 how to decode cookies

问题描述

我有一个用于打开和解密 Google Chrome cookie 的工作脚本，如下所示:

I had a working script for opening and decrypting Google Chrome cookies which looked like:

decrypted = win32crypt.CryptUnprotectData(enctypted_cookie_value, None, None, None, 0)

似乎在更新 80 之后它不再是一个有效的解决方案.

It seems that after update 80 it is no longer a valid solution.

根据这篇博文 https://blog.nirsoft.net/2020/02/19/tools-update-new-encryption-chrome-chromium-version-80/ 看来我需要对本地状态的 encrypted_key 进行 CryptUnprotectData文件，而不是使用解密密钥以某种方式解密 cookie.

According to this blog post https://blog.nirsoft.net/2020/02/19/tools-update-new-encryption-chrome-chromium-version-80/ it seems that i need to CryptUnprotectData on encrypted_key from Local State file, than somehow decrypt cookie, using decrypted key.

第一部分我得到了我的 encrypted_key

For the first part i got my encrypted_key

path = r'%LocalAppData%GoogleChromeUser DataLocal State'
path = os.path.expandvars(path)
with open(path, 'r') as file:
    encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key']
encrypted_key = bytearray(encrypted_key, 'utf-8')

然后我试图解密它

decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)

decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)

并得到异常:

pywintypes.error: (13, 'CryptProtectData', 'The data is invalid.')

我不知道如何修复它

同样对于加密的第二部分，我似乎应该使用 pycryptodome，就像这个片段:

Also for the second part of encryption, it seems that i should use pycryptodome, something like this snippet:

cipher = AES.new(encrypted_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt(data)

但我不知道我应该从哪里获得 nonce 值

But i can't figure out where i should get nonce value

谁能解释一下，Chrome cookie 如何正确解密?

Can someone explain, how to do Chrome cookies decrypting correctly?

推荐答案

从 Chrome 80 及更高版本开始，cookie 在 GCM 模式下使用 AES-256 进行加密.应用的密钥使用 DPAPI 加密.详细信息在此处描述，部分Chrome v80.0 及更高版本.

Since Chrome version 80 and higher, cookies are encrypted using AES-256 in GCM mode. The applied key is encrypted using DPAPI. The details are described here, section Chrome v80.0 and higher.

加密密钥以DPAPI的ASCII编码开始(即0x4450415049)，是Base64编码的，即密钥必须先Base64解码，前5个字节必须被移除.之后可以使用 win32crypt.CryptUnprotectData 进行解密.解密返回一个元组，其第二个值包含解密的密钥:

The encrypted key starts with the ASCII encoding of DPAPI (i.e. 0x4450415049) and is Base64 encoded, i.e. the key must first be Base64 decoded and the first 5 bytes must be removed. Afterwards a decryption with win32crypt.CryptUnprotectData is possible. The decryption returns a tuple whose second value contains the decrypted key:

import os
import json
import base64 
import win32crypt
from Crypto.Cipher import AES

path = r'%LocalAppData%GoogleChromeUser DataLocal State'
path = os.path.expandvars(path)
with open(path, 'r') as file:
    encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key']
encrypted_key = base64.b64decode(encrypted_key)                                       # Base64 decoding
encrypted_key = encrypted_key[5:]                                                     # Remove DPAPI
decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1]  # Decrypt key

使用 AES-256 对 cookie 进行加密://en.wikipedia.org/wiki/Galois/Counter_Mode" rel="noreferrer">GCM 模式.这是经过身份验证的加密，可保证机密性和真实性/完整性.在加密过程中会生成一个身份验证标签，用于在解密过程中进行完整性验证.GCM 模式基于 CTR 模式并使用 IV(随机数).除了 32 字节的密钥外，解密还需要随机数和认证标签.

The encryption of the cookies is performed with AES-256 in GCM mode. This is authenticated encryption, which guarantees confidentiality and authenticity/integrity. During encryption an authentication tag is generated, which is used for integrity verification during decryption. The GCM mode is based on the CTR mode and uses an IV (nonce). In addition to the 32 bytes key, the nonce and the authentication tag are required for decryption.

加密数据以v10的ASCII编码(即0x763130)开始，后面是12字节的随机数，实际的密文，最后是16字节的认证标签.可以按如下方式分离各个组件:

The encrypted data start with the ASCII encoding of v10 (i.e. 0x763130), followed by the 12 bytes nonce, the actual ciphertext and finally the 16 bytes authentication tag. The individual components can be separated as follows:

data = bytes.fromhex('763130...') # the encrypted cookie
nonce = data[3:3+12]
ciphertext = data[3+12:-16]
tag = data[-16:]

其中 data 包含加密数据.解密本身是使用 PyCryptodome 完成的:

whereby data contains the encrypted data. The decryption itself is done using PyCryptodome with:

cipher = AES.new(decrypted_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt_and_verify(ciphertext, tag) # the decrypted cookie

注意:一般来说，也有存储的cookies是用v80以下的Chrome版本保存的，因此是DPAPI加密的.可以通过以下事实识别 DPAPI 加密 cookie，它们以序列 0x01000000D08C9DDF0115D1118C7A00C04FC297EB、此处 和 此处，关于 DPAPI 部分.这些 cookie 当然不能像上面描述的那样解密，而是使用 DPAPI 加密 cookie 的前一个程序.以未加密或加密形式查看 cookie 的工具是 ChromeCookiesView 或SQLite 的数据库浏览器，分别.

Note: Generally, there are also cookies stored that have been saved with Chrome versions below v80 and are therefore DPAPI encrypted. DPAPI encrypted cookies can be recognized by the fact that they start with the sequence 0x01000000D08C9DDF0115D1118C7A00C04FC297EB, here and here, section About DPAPI. These cookies can of course not be decrypted as described above, but with the former procedure for DPAPI encrypted cookies. Tools to view cookies in unencrypted or encrypted form are ChromeCookiesView or DB Browser for SQLite, respectively.

这篇关于Chrome 80 如何解码 cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！