C CryptUnprotectData crashes Program

Question

Hi im trying to write a C Program that decrypts the Key that Chrome uses to encrypt saved Passwords. The Key is encrypted with CryptProtectData and then encoded with Base64, i have sucessfully decoded the Key and now i want to decrypt it with CryptUnprotectData but when i try to use this function my Program just crashes, i had a similar Problem once when I got the size of the byte* holding the encrypted data wrong. Does anyone know what i did wrong?

#include <stdio.h>
#include <base64.h>
#include <wincrypt.h>

void main()
{    
  //RFBBUEk = DPAPI    
  char B64[] = "BAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAYUduGi5FwQr1+XlafMqBZAAAAAAIAAAAAABBmAAAAAQAAIAAAALIvW98pXJMaQ0aJPpr40c12oSSRDg59tr+zaF+podlvAAAAAA6AAAAAAgAAIAAAAD2z5W4nMDHLOxthH8nXyxl+1hpRdY2BGHStxaDvgjSiMAAAAIKrcLbXw5WZCPjqyPtO/3QahMa0yMRC/CoMS/OoDw5j7fcZ8N31sIildXpN82egDEAAAAAvzHS7+Zf2IR05cggu1XHfNGknq3TKRHW37CVEktIHHu6yo1K0Q0r5YevYDUUNdhzlpJ+ynQUTBAS2Fa3PRR4V";
  int len = sizeof(B64);
  int * flen;
  char * ergebnis;
  ergebnis = unbase64(B64,len,flen);
  DATA_BLOB Input,Output;
  Input.pbData = (byte*)ergebnis;
  Input.cbData = *flen;
  CryptUnprotectData(&Input,NULL,NULL,NULL,NULL,0,&Output);
  printf("%s",(char*)Output.pbData);
  getchar();  
}

Are you decrypting from the same machine you used to encrypt? https://stackoverflow.com/q/23201146 — Robert Harvey, Mar 19 '20 at 20:40
Are you sure that CryptUnprotectData is the line your program is crashing on? — Robert Harvey, Mar 19 '20 at 20:43
yes, i use the same machine on which the data was encrypted, when i comment out the line with CryptUnprotectData the program doesnt crash and waits for me to press enter because of getchar(); — mirfälltnixein, Mar 19 '20 at 20:46
Does `unbase64` somehow allocate memory for `flen` because it never has its value set? (Rhetorical, it can’t) — Sami Kuhmonen, Mar 19 '20 at 20:48

David Schwartz · Accepted Answer · 2020-03-19T20:50:33.547

1

  printf("%s",(char*)Output.pbData);

First, you don't check if CryptUnprotectData succeeds. If it fails, you're passing a pointer to garbage to printf.

Second, how are you expecting printf to know how many bytes to print? You need to do something with Output.cbData.

Lastly, flen is never assigned a value. You pass whatever nonsense, uninitialized value it has to unbase64 and then try to use that value.

edited Mar 19 '20 at 20:50

answered Mar 19 '20 at 20:40

David Schwartz

179,497
17
214
278

Are you saying that is not a null-terminated C string? – Robert Harvey Mar 19 '20 at 20:41
@RobertHarvey It is not a null-terminated C string. That's why he has to cast the pointer to `char*`. – David Schwartz Mar 19 '20 at 20:49
Thanks, I got it to work by giving flen a value and making an if statement that prints OK when CryptUnprotectData is sucessful – mirfälltnixein Mar 19 '20 at 21:10

C CryptUnprotectData crashes Program

1 Answers1