Recovering Google Chrome Passwords
It was a while when i was curious about how my favorite web browser saves passwords.
i started browsing Chrome files, watching files that changes when i save a password.
after a few tries i found the file that stores the passes called web data (updated later to login data) in the Local Application Data Folder, which is an SQLite Database, wasn't that hard to find out with any DB Software.
after finding the table called "logins" that stores passwords, all we need to do is to read the "origin_url", "username_value" and "password_value" for each entry, but we need to decrypt the "password_value" using the CryptUnprotectData Api, without any pOptionalEntropy (Optionnal password, read CryptUnprotectData for more info). The other two values are stored as plain-text and no need to decrypt them.
There is planty of exemples about reading from SQLite DB, and also about using the CryptUnprotectData Api.
PS : Msdn recommands freeing memory of the pDataOut by calling LocalFree to free the pDataOut.pbData handle.
if anyone is having problem with sqlite reading or using CryptUnprotectData , Please Leave me a Comment i would be happy to help.
Check the Downloads page for the demo that includes reading from the database and decrypting.
i also included system.data.sqlite releases incase it failed due to compatibility issues.
you can also find it here : http://sourceforge.net/projects/sqlite-dotnet2/