2015年5月3日 星期日

Explore Your Passwords Stored in Chrome Browser

  • Google Chrome provided a service which stored people’s accounts and passwords. In past versions of Chrome, it put these private information at the file with path  C:\Users\<User>\AppData\Local\Google\Chrome\User Data\Default\Web Data on Windows platform. Currently it changed this file path to C:\Users\<User>\AppData\Local\Google\Chrome\User Data\Default\Login Data. [1] Both these files are stored in SQL Lite format [2].
    This file stores users’ private information including the following fields [1]:
  • Origin_URL : Base URL of website.
  • Action_URL: Login endpoint of the website.
  • Username_element: name of user name field from the website.
  • Username_value: Actual username.
  • Password_element: Name of the password field in the website.
  • Password_value: Actual password value. (encrypted.)
  • Date_created: Time of this password be stored.
  • Blacklisted_by_user: 1 or 0 for representing this website in blacklist or not.

All fields except Password_value are stored by plain text. On Windows platform, it uses DPAPI [3][4] to encrypt/decrypt Password_value. DPAPI gets keys from users’ logon password or a specified key based on Windows user’ profile. That means, crackers cannot easily crack your stored password on their own platform while they remotely got your Login Data. On Windows 7, DPAPI provided AES256 as an encryption algorithm and SHA512 as a hash algorithm to protect your secrect.

After knowing the protection strategy in Chrome, it’s very easy to retrieve user passwords. To my best knowledge, these two projects can retrieve user passwords stored by Chrome.
1. Chrome Password Dump.
2. Chrome-passwords. (Open Source)

Additionally, the security of this proection for Chrome’s autofill function is very weak. Please see the following video and you will find the reason.



Reference
[1] Security, "Exposing the Password Secrets of Google Chrome." Available:[Online] http://securityxploded.com/googlechromesecrets.php
[2] SQLite, "SQLite." Available:[Online] https://www.sqlite.org/
[3] Passcape Software, "DPAPI Secrets. Security analysis and data recovery in DPAPI." Available: [Online] http://www.passcape.com/index.php?section=docsys&cmd=details&id=28
[4] OBVIEX, "How to encrypt and decrypt data using DPAPI in C# or VB.NET." Available:[Online] http://www.obviex.com/samples/dpapi.aspx

沒有留言:

張貼留言