解码谷歌浏览器加密cookies的方法

解密Chrome cookies时遇到了问题

I had a working script for opening and decrypting Google Chrome cookies which looked like:

decrypted = win32crypt.CryptUnprotectData(enctypted_cookie_value, None, None, None, 0)

It seems that after update 80 it is no longer a valid solution.

According to this blog post https://blog.nirsoft.net/2020/02/19/tools-update-new-encryption-chrome-chromium-version-80/ it seems that i need to CryptUnprotectData on encrypted_key from Local State file, than somehow decrypt cookie, using decrypted key.

For the first part i got my encrypted_key

path = r'%LocalAppData%\Google\Chrome\User Data\Local State'
path = os.path.expandvars(path)
with open(path, 'r') as file:
    encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key']
encrypted_key = bytearray(encrypted_key, 'utf-8')

Then i tried to decrypt it

decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)

And got exception:

pywintypes.error: (13, 'CryptProtectData', 'The data is invalid.')

and i cant figure out how to fix it

Also for the second part of encryption, it seems that i should use pycryptodome, something like this snippet:

cipher = AES.new(encrypted_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt(data)

But i can’t figure out where i should get nonce value

Can someone explain, how to do Chrome cookies decrypting correctly?

解决方法

谷歌浏览器80版本后更改了加密cookies的算法。

Since Chrome version 80 and higher, cookies are encrypted using AES-256 in GCM mode. The applied key is encrypted using DPAPI. The details are described here, section Chrome v80.0 and higher.

The encrypted key starts with the ASCII encoding of DPAPI (i.e. 0x4450415049) and is Base64 encoded, i.e. the key must first be Base64 decoded and the first 5 bytes must be removed. Afterwards a decryption with win32crypt.CryptUnprotectData is possible. The decryption returns a tuple whose second value contains the decrypted key:

import os
import json
import base64 
import win32crypt
from Crypto.Cipher import AES

path = r'%LocalAppData%\Google\Chrome\User Data\Local State'
path = os.path.expandvars(path)
with open(path, 'r') as file:
    encrypted_key = json.loads(file.read())['os_crypt']['encrypted_key']
encrypted_key = base64.b64decode(encrypted_key)                                       # Base64 decoding
encrypted_key = encrypted_key[5:]                                                     # Remove DPAPI
decrypted_key = win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1]  # Decrypt key

The encryption of the cookies is performed with AES-256 in GCM mode. This is authenticated encryption, which guarantees confidentiality and authenticity/integrity. During encryption an authentication tag is generated, which is used for integrity verification during decryption. The GCM mode is based on the CTR mode and uses an IV (nonce). In addition to the 32 bytes key, the nonce and the authentication tag are required for decryption.

The encrypted data start with the ASCII encoding of v10 (i.e. 0x763130), followed by the 12 bytes nonce, the actual ciphertext and finally the 16 bytes authentication tag. The individual components can be separated as follows:

data = bytes.fromhex('763130...') # the encrypted cookie
nonce = data[3:3+12]
ciphertext = data[3+12:-16]
tag = data[-16:]

whereby data contains the encrypted data. The decryption itself is done using PyCryptodome with:

cipher = AES.new(decrypted_key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt_and_verify(ciphertext, tag) # the decrypted cookie

Note: Generally, there are also cookies stored that have been saved with Chrome versions below v80 and are therefore DPAPI encrypted. DPAPI encrypted cookies can be recognized by the fact that they start with the sequence 0x01000000D08C9DDF0115D1118C7A00C04FC297EB, here and here, section About DPAPI. These cookies can of course not be decrypted as described above, but with the former procedure for DPAPI encrypted cookies. Tools to view cookies in unencrypted or encrypted form are ChromeCookiesView or DB Browser for SQLite, respectively.

这里有一个完整的Python3的Windows版的解密Chrome cookies的脚本：

Decrypt Chrome Cookies File (Python 3) – Windows

https://gist.github.com/DakuTree/428e5b737306937628f2944fbfdc4ffc

#Based off https://gist.github.com/DakuTree/98c8362fb424351b803e & pieces of https://gist.github.com/jordan-wright/5770442
from os import getenv
from shutil import copyfile
import sqlite3
import win32crypt #https://sourceforge.net/projects/pywin32/

# Copy Cookies to current folder
copyfile(getenv("APPDATA") + "/../Local/Google/Chrome/User Data/Default/Cookies", './Cookies')

# Connect to the Database
conn = sqlite3.connect('./Cookies')
cursor = conn.cursor()

# Get the results
cursor.execute('SELECT host_key, name, value, encrypted_value FROM cookies')
for host_key, name, value, encrypted_value in cursor.fetchall():
	# Decrypt the encrypted_value
	decrypted_value = win32crypt.CryptUnprotectData(encrypted_value, None, None, None, 0)[1].decode('utf-8') or value or 0

	# Update the cookies with the decrypted value
	# This also makes all session cookies persistent
	cursor.execute('\
		UPDATE cookies SET value = ?, has_expires = 1, expires_utc = 99999999999999999, is_persistent = 1, secure = 0\
		WHERE host_key = ?\
		AND name = ?',
		(decrypted_value, host_key, name));

conn.commit()
conn.close()

本文文字及图片出自 出处