-1

I am trying to decrypt my chrome passwords from the "Login Data" sqlite file. I followed this tutorial: https://ohyicong.medium.com/how-to-hack-chrome-password-with-python-1bedc167be3d The code is shown here:

import sqlite3
from sqlite3.dbapi2 import Cursor
from Cryptodome.Cipher import AES

#The encrypt_key i got from "Local State" file
secret_key="<My Secret Key>"

#My "Login Data" file copied to a file called "login.db"
conn = sqlite3.connect("login.db")
cursor = conn.cursor()

cursor.execute("SELECT action_url, username_value, password_value FROM logins")
for index,login in enumerate(cursor.fetchall()):
    url = login[0]
    username = login[1]
    ciphertext= login[2]
    print("Url:",url)
    print("Username",username)
    print("Cipher Text",ciphertext)
    initialisation_vector = ciphertext[3:15]
    encrypted_password = ciphertext[15:-16]
    cipher = AES.new(secret_key, AES.MODE_GCM, initialisation_vector)
    decrypted_pass = cipher.decrypt(encrypted_password)
    decrypted_pass = decrypted_pass.decode()
    print(decrypted_pass)

This is the error that i'm getting in both python2.7 and python3

    raise ValueError("Incorrect AES key length (%d bytes)" % len(key))
ValueError: Incorrect AES key length (356 bytes)

I verified i copied the correct secret_key multiple times, I'm still getting this error. Please help me fix this

Archangel
  • 182
  • 1
  • 10

1 Answers1

1

The key in Chrome is base-64 encoded, and has a fixed prefix of the text "DPAPI". You have to decode the base-64:

import base64
...
key = base64.b64decode(key)

and them trim off that header:

key = key[5:]

That should get accepted properly by the AES constructor.

edit: If you look at the end of the article you cited, you'll see a link to the author's implementation of his method on GitHub (https://github.com/ohyicong/decrypt-chrome-passwords). If you look through his source code you'll see that he actually does exactly what I suggest above.

George
  • 140
  • 6