Recovering Google Chrome Passwords

It was a while when i was curious about how my favorite web browser saves passwords.
i started browsing Chrome files, watching files that changes when i save a password.

after a few tries i found the file that stores the passes called web data (updated later to login data) in the Local Application Data Folder, which is an SQLite Database, wasn't that hard to find out with any DB Software.
after finding the table called "logins" that stores passwords, all we need to do is to read the "origin_url", "username_value" and "password_value" for each entry, but we need to decrypt the "password_value" using the CryptUnprotectData Api, without any pOptionalEntropy (Optionnal password, read CryptUnprotectData for more info). The other two values are stored as plain-text and no need to decrypt them.

There is planty of exemples about reading from SQLite DB, and also about using the CryptUnprotectData Api.

PS : Msdn recommands freeing memory of the pDataOut by calling LocalFree to free the pDataOut.pbData handle.

if anyone is having problem with sqlite reading or using CryptUnprotectData , Please Leave me a Comment i would be happy to help.

Check the Downloads page for the demo that includes reading from the database and decrypting.
i also included system.data.sqlite releases incase it failed due to compatibility issues.
you can also find it here : http://sourceforge.net/projects/sqlite-dotnet2/


SP0X said...

When I get the password string back from password_value(in Login Data, logins table) it's just " ". I've tried it with all my passwords and it returns only that. Even if i try getting the data using a sqlite database file browser, i still get the same data... btw im using Chrome 13.0.782.10

Brahim Hadriche said...

As i said it can be the reader that you using. try the demo i posted, and make sure to put the correct dll in the folder.

artikl facbok said...

iam simple coded from algria i need
mozila stealr
contact me

Follow by Email