From fc05554d86b7eba3e7f7cb7de6b51280c3305cc4 Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Fri, 15 Dec 2023 17:42:17 +0100 Subject: [PATCH] Fix updated vault decryption (#63) --- app/lib.js | 20 ++++++++++-- app/lib.test.js | 5 +++ bundle.js | 30 +++++++++++++++++- jest.config.js | 4 +-- .../000003.log | Bin 0 -> 19849 bytes 5 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 test/fixtures/chromium-120.0.6099.71-macos-arm64/000003.log diff --git a/app/lib.js b/app/lib.js index c488317..cd7e495 100644 --- a/app/lib.js +++ b/app/lib.js @@ -64,11 +64,25 @@ function extractVaultFromFile (data) { // attempt 4: chromium 000006.log on MacOS // this variant also contains a 'keyMetadata' key in the vault, which should be // a nested object. - const matches = data.match(/KeyringController":(\{"vault":".*=\\"\}"\})/); + const matches = data.match(/KeyringController":(\{"vault":".*?=\\"\}"\})/); if (matches && matches.length) { - keyringControllerState = matches[1]; try { - return JSON.parse(JSON.parse(keyringControllerState).vault); + const keyringControllerStateFragment = matches[1]; + const dataRegex = /\\"data\\":\\"([A-Za-z0-9+\/]*=*)/u + const ivRegex = /,\\"iv\\":\\"([A-Za-z0-9+\/]{10,40}=*)/u + const saltRegex = /,\\"salt\\":\\"([A-Za-z0-9+\/]{10,100}=*)\\"/ + const keyMetaRegex = /,\\"keyMetadata\\":(.*}})/ + + const vaultParts = [dataRegex, ivRegex, saltRegex, keyMetaRegex] + .map(reg => keyringControllerStateFragment.match(reg)) + .map(match => match[1]); + + return { + data: vaultParts[0], + iv: vaultParts[1], + salt: vaultParts[2], + keyMetadata: JSON.parse(vaultParts[3].replaceAll('\\', '')), + }; } catch (err) { // Not valid JSON: continue } diff --git a/app/lib.test.js b/app/lib.test.js index 8475e36..d0141dc 100644 --- a/app/lib.test.js +++ b/app/lib.test.js @@ -32,6 +32,11 @@ const FIXTURES = [ path: 'chrome-119.0.6045.199-macos-arm64/000006.log', mnemonic: 'position ship hill notice replace truth science angle merit reunion direct steak', passphrase: 'r!chSloth14', + }, + { + path: 'chromium-120.0.6099.71-macos-arm64/000003.log', + mnemonic: 'because carpet thought flame ride regular wink weather lazy spice unveil device', + passphrase: 'correct horse battery staple', } ] diff --git a/bundle.js b/bundle.js index ccb246a..abd7873 100644 --- a/bundle.js +++ b/bundle.js @@ -67,7 +67,35 @@ function extractVaultFromFile(data) { return JSON.parse(JSON.parse(vaultBody)); } } - // attempt 4: chromium 000005.ldb on windows + { + // attempt 4: chromium 000006.log on MacOS + // this variant also contains a 'keyMetadata' key in the vault, which should be + // a nested object. + var _matches2 = data.match(/KeyringController":(\{"vault":".*?=\\"\}"\})/); + if (_matches2 && _matches2.length) { + try { + var keyringControllerStateFragment = _matches2[1]; + var _dataRegex = /\\"data\\":\\"([\+\/-9A-Za-z]*=*)/; + var _ivRegex = /,\\"iv\\":\\"([\+\/-9A-Za-z]{10,40}=*)/; + var _saltRegex = /,\\"salt\\":\\"([A-Za-z0-9+\/]{10,100}=*)\\"/; + var keyMetaRegex = /,\\"keyMetadata\\":(.*}})/; + var vaultParts = [_dataRegex, _ivRegex, _saltRegex, keyMetaRegex].map(function (reg) { + return keyringControllerStateFragment.match(reg); + }).map(function (match) { + return match[1]; + }); + return { + data: vaultParts[0], + iv: vaultParts[1], + salt: vaultParts[2], + keyMetadata: JSON.parse(vaultParts[3].replaceAll('\\', '')) + }; + } catch (err) { + // Not valid JSON: continue + } + } + } + // attempt 5: chromium 000005.ldb on windows var matchRegex = /Keyring[0-9](?:[\0-\|~-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF])*(\{(?:[\0-z\|~-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF])*\\"\})/g; var captureRegex = /Keyring[0-9](?:[\0-\|~-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF])*(\{(?:[\0-z\|~-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF])*\\"\})/; var ivRegex = /\\"iv(?:[\0-\t\x0B\f\x0E-\u2027\u202A-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]){1,4}(?:[\0-\*,-\.:-@\[-`\{-\uD7FF\uE000-\uFFFF]|[\uD800-\uDBFF][\uDC00-\uDFFF]|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]){1,10}([\+\/-9A-Za-z]{10,40}=*)/; diff --git a/jest.config.js b/jest.config.js index 15c15c1..e361be4 100644 --- a/jest.config.js +++ b/jest.config.js @@ -43,8 +43,8 @@ module.exports = { global: { branches: 94.73, functions: 100, - lines: 98.03, - statements: 98.18, + lines: 98.27, + statements: 98.38, }, }, diff --git a/test/fixtures/chromium-120.0.6099.71-macos-arm64/000003.log b/test/fixtures/chromium-120.0.6099.71-macos-arm64/000003.log new file mode 100644 index 0000000000000000000000000000000000000000..9b0848460125f4ffd0da0e2a4104dad10377891f GIT binary patch literal 19849 zcmeHP%WfM@cK)6G*(Jy;7!Aw-fkms?yom;8K}w=TOO$Alk}Y2#6uXOLi_NZ9b@OIN zZ!oVhyV=b$4-o`GR(YBEPIYy&o1z^150ET|HVlb%JEzY5oI3Q2*Z=az>Mt)|{1X59 zJN$U@tHUDpPu~n%_(OMOy!rO{_~O?okJvwdGv-`|uJDaFMYHnwXHodqfB)T!zt@}T zka+XIoqaPJwk>9U)R)YjaEVh47LSDVySc2D2WDkx*^FDYL3wC9m2$aaRqcv%V6w7V zH+g9=7@AD&bR5Y;Z2Xyhd&Yoy%(uDPW*U!=dnpRd)!~@Ae%pz0DgM8q1f1-dl-!S+ zp0Fn;EIfCoZlq8y+I72hU>e((JiP*llWd{8Y6gUd!jGizyqF2DA93k3FPT;3%`m1` z9Xi~!c%fXY)C*;^#0m#PUM52P~7+-7<&eZ9El=d)$sVKonosOsiV5Y8A77z+V-uJ;P^H+NSUQvPhc% zVJsZT)h8o>U<=UYE_6peNRFA!Um?nV$n1#Zf4!g&betogc{eX^A1-YlE*oF=3=zRV~df0TYo1Y*5u3Ngt`0b5THXuxhjKBA39G<58xr{Fo}_z8Pcgj>e>BR>=&OSP*#3 z=53m8a!)LdcxX#kF((vS2{!|QHj~6`GpA;VC>u^5884K5m#_5^B+zr)5 zjW0|xn!uLCISnj+6*Sb733OOVnw49nl$Qr@(bh`rOI~3{Lh?vfTf9K=BO$Hus!4q|KKLvXjKTL zn7a-LoEN$030&WbT>UwS{xAxE^lU35&FkA(B*mLzWo0BWvox!cxr>Jj7K8=K9ZvT6 zhY`vMZwAV+-C=&kN zV$7n@=Zhb;Ce~KC{blU*QYY`=||NgIAbj6_%% zg!Ye8EyG9+tqND6p>5-5hMg&T;Bk!JHmj9ki{1dko4Cqtwkt#1cta8HH6g$@5@#%r z-T?oTKzP;wMN7m4KSf{uOjb zkyA~VAhkg}Ao<)CvoN<8yOQyz+f0}XtnNh!Kk{e{q*#Pp9{Y1w3ZKFlvdMZB@q#^; z0>LSwK?E_zl-cCW(>RL`oP}Kx2qa&pENpV_>#!n@yc|AcGcP*D84ZL7bKYlz3l;6g zHed+%)w2;N`$#Xk$OQTnO#sxVFMGzAISpq{X_AB47UyA)M_uU(*%#>@>((9gMFlYk zq~Rfsl1Su2M6S(`+;HlKAw}NVMN$L~;ygtW+!&Ygv3%&-ir!n05wnPVqtlED_MS-} z_U4>IdkPpcaecXt_&yHo0};%EEr&gTSkhTAiC~amOKuYdSKYB>A;02N*M}d?6I5fr zed+&zM+g*~5W`c>aBfNo8ty978TDZd(r6OHeI7Krj9 zfj;zHWYW&1JoJPjbIs9}iRpt^lDE+krWmX|Q2niua5W>8ikYoIi*<q`)U?=bY}x_ z8~N?iB^!i=B46=Pcr%qpHdl?LRHEn*t90%V140L11ucsw`|gxCkzY|7OlmS>;jvyp zsV#8#g-^x_6EF|S+EzcsizJGo!nd;2FHcYYw)m`_(Dvwz^*)iE9Yvze-M{X(&ug#FUVXeR_vQzDaO2$9 zkJ$cj)#D%)pPgq)nN5u;w+k{6T5NL>(ma$mFCw*6r9ZDwd@ZT z2X7b76)#z>)yWwTjt8s#Yis^?HdvH{(>cFr9Ur+TPT24Fc{D1P8!gAW^eO>63Eo~E z934%sug?!!HxFmmvOcYe>-xlhIO^WscB&sv-t}6Ow_V=oOzrCBduw9XKG?QD_F6)= zqI-UE6*!mH;S3Ei7Q_=l;UpJ2*TJG_+82K%+3_i^7m&5ZFyYS`PlO~hXQE@bEyKZ~X_`@GQ z8+)G(cdq1Qw7jj2XNTqGstG$@tTl?kNpGRoph%R&0ay(2V%|s~YZ_10-fr{ksAZ|s z0w&osj2F4Epvoc9=c-A6AiAH8ka>~X*9_WW>tz4zzBuW;8?$zQ-fmd0&h`)9o-gOT zbk=wmE^QK{`9i#hY>@S&rv}N5=R-i%E~=He%UjIl8q?v&}utf!*9b| z#LfUjfirglKxz9K3{zK@#6Ivf62&lAoo47-(%k@6raOR;3M?goF-CXf((m|^5JgP} z1sN+Yc>vcDmv?qtP=eLF(*-cpg2srd5iV%gbO#vZ)hJ*|#};5L0){)_tP0F(av0sQ zSp*lSD32z% zj$uM8g1sS2iujH`z(s>v%O|+0lkT3!9Y&fDT|W)8AZQ_1Y;6SYA(#(vs*afQ=KCxl z3$49>-a=~{V-ODjGp!x**$MecKFE4w6cMY7nh*H<%{Xp%d-M|pOhgPx*$a}15EcYr zbLM))5LMYss1(DYZFW+XSCI&4rFmpNab#AW%5 z3K~j7pmR6GB|d4`=91Tt5q_ZqhMR>)&r8No5Y}V|12CvRplSgXcH)6g>X1zAo5vy> z6|3z4dFc-X!q+E8#1_-QgLFIV1xc7TbY&QkJ8z+YseL!XerO*^C(`qf9cUawgo<%A z+@wbu=Q_|q-k#CzUUqUw0;Mh@O+@)n)ZB~_&Ib3;mIU+lGFZX~3bOBsf$Wsf$a_JPL8b|4X@LbqH0>a7Z1;KGcWt*-7 z8`^}2hzvkdhV%&{)g$a6`t`s!;@EYNWHBl5A=o{WkN_6@8d!cIM$D8Vp1fwC+ZIamiy=rxu1!6+Axaz1CB*vwr4e@`lFgRO5HRT6 z62hOEqCssb*AuglUm*UO^CVqqfVjvIFMOAdJ_yMC+d>C*Y(nA?+0oN@Vba}}W+kmOJaTQLK$ z^z4jy^f;SkWmc$1TNfIwiHuDN(I_KSAT!H5NPJvvHZ%j(5-JzO!bHp%MrnB^d+>#T zC2G0cTWc^@EBhF)&zy0^A7j(lBi7tz=%X` z6Hl9aRdxjVWby#&)pp9lN!|s+ydSAGdb_?DoeNK?Y*x-y&;&$~+6R(1*9{{aZcZm< zCS!;qmexW@b^LM}Q}@XpLRgs&7<`I`NXl|}DEU(->m!vs#;4DG_y$VnxsuNHDt!VH-`w}M zZ0nLJX4)j;mR?Yg>D|L?QSm>UKQ z{ZqTHu3cBxW)o6eXV`Uh?Yg>lU0vUHU0r^->+0Hdb?v&k;#R?3SJ$qq%YV{2wQkVb zb#>7*&DKX+KklZ(yTh)l>kAQS*VP3o;7NDa)kTHGT~}Aq%8S>)pXdhrP2atT;O)A) z;@(1%y