在C#中从Chrome/Chromium 80+解密Cookie(encrypt_value)-身份验证标签问题

bvjxkvbb  于 2023-09-28  发布在  Go
关注(0)|答案(1)|浏览(104)

我在解密存储在Chrome的sqlite db中encrypted_value下的cookie时遇到了一个问题。
从sqlite数据库中提取的工作正常:

// filePath = absolute cookies.sqlite path
// query = "SELECT creation_utc, host_key, name, encrypted_value, path, expires_utc from cookies WHERE host_key like \"%<target_site>%\"

using (var connection = new SqliteConnection($"Data Source={filePath}"))
{
    connection.Open();

    var command = connection.CreateCommand();
    command.CommandText = query;

    using (var reader = command.ExecuteReader())
    {
          while (reader.Read())
          {
               var creationTime = reader.GetString(0);
               var host = reader.GetString(1);
               var name = reader.GetString(2);
               var value = reader.GetString(3);
               var path = reader.GetString(4);
               var expiryTime = reader.GetString(5);
 
               /* here the below code is placed */
          }
    }

}

然而,在解密值时,我得到了auth标签和预期的auth标签之间的不匹配。我在Windows下面跑。
下面的代码带有注解,以显示我的推理

// get encrypted blob from row
byte[] encryptedData = new byte[reader.GetBytes(3, 0, null, 0, int.MaxValue) - 1]; // 3 = encrypted_value column
reader.GetBytes(3, 0, encryptedData, 0, encryptedData.Length);

// Get encrypted key from local state file:
string encKey = File.ReadAllText(filePath + @"/../../../Local State");
encKey = JObject.Parse(encKey)["os_crypt"]["encrypted_key"].ToString();

// The encrypted key starts with the ASCII encoding of DPAPI (i.e. 0x4450415049) and is Base64 encoded,
// i.e. the key must first be Base64 decoded and the first 5 bytes must be removed.
// Afterwards a decryption with win32crypt.CryptUnprotectData is possible.
var decryptedKey = System.Security.Cryptography.ProtectedData.Unprotect(Convert.FromBase64String(encKey).Skip(5).ToArray(), null, System.Security.Cryptography.DataProtectionScope.LocalMachine);

// try decryption
try
{
    // The encrypted data start with the ASCII encoding of v10 (i.e. 0x763130) ...
    if (value.StartsWith("v10"))
    {
        using (var aes = new System.Security.Cryptography.AesGcm(decryptedKey))
        {
            // ... followed by the 12 bytes nonce,
            var nonce = encryptedData[3..15];
            // the actual ciphertext 
            var encData = encryptedData[15..(encryptedData.Length - 16)];
            // and finally the 16 bytes authentication tag.
            var auth_tag = encryptedData[(encryptedData.Length - 16)..(encryptedData.Length)];

            byte[] plaintextBytes = new byte[encData.Length];

            aes.Decrypt(nonce, encData, auth_tag, plaintextBytes);
            value = Encoding.UTF8.GetString(plaintextBytes);
        }
    }
    else
    {
        // TODO
        throw new Exception("[!] Cookie encrypted with DPAPI");
    }
                                    
}
catch (Exception e)
{
    Console.WriteLine(e);
    Console.WriteLine($"[*] Could not decode cookie with encrypted value {value}");
}

我得到的例外是

System.Security.Cryptography.CryptographicException: The computed authentication tag did not match the input authentication tag.
at System.Security.Cryptography.AesAEAD.Decrypt(SafeAlgorithmHandle algorithm, SafeKeyHandle keyHandle, ReadOnlySpan`1 nonce, ReadOnlySpan`1 associatedData, ReadOnlySpan`1 ciphertext, ReadOnlySpan`1 tag, Span`1 plaintext, Boolean clearPlaintextOnFailure)
at System.Security.Cryptography.AesGcm.Decrypt(Byte[] nonce, Byte[] ciphertext, Byte[] tag, Byte[] plaintext, Byte[] associatedData)
at <REDACTED>:line 123

我很确定我对nonce、ciphertext和auth_tag的解析是正确的,但显然不是?我不知道这个问题从何而来。
此外,这是在保存cookie的同一用户/同一浏览器上运行的。
先谢了。

5tmbdcev

5tmbdcev1#

发现自己有同样的问题,这里是解决方案:

using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Text.Json.Serialization;
using Microsoft.Data.Sqlite;

public class ChromeCookieRetriever
{
    class LocalStateDto
    {
        [JsonPropertyName("os_crypt")]
        public OsCrypt OsCrypt { get; set; }
    }

    class OsCrypt
    {
        [JsonPropertyName("encrypted_key")]
        public string EncryptedKey { get; set; }
    }

    private const string CookiesFileName = @"Default\Network\Cookies";
    private const string LocalStateFileName = "Local State";

    public ChromeCookieRetriever()
    {
    }

    public ICollection<Cookie> GetCookies(string baseFolder)
    {
        byte[] key = GetKey(baseFolder);
        ICollection<Cookie> cookies = ReadFromDb(baseFolder, key);
        return cookies;
    }
    
    private byte[] GetKey(string baseFolder)
    {
        string file = Path.Combine(baseFolder, LocalStateFileName);
        string localStateContent = File.ReadAllText(file);
        LocalStateDto localState = JsonSerializer.Deserialize<LocalStateDto>(localStateContent);
        string encryptedKey = localState?.OsCrypt?.EncryptedKey;

        var keyWithPrefix = Convert.FromBase64String(encryptedKey);
        var key = keyWithPrefix[5..];
        var masterKey = ProtectedData.Unprotect(key, null, DataProtectionScope.CurrentUser);
        return masterKey;
    }
    
    private ICollection<Cookie> ReadFromDb(string baseFolder, byte[] key)
    {
        ICollection<Cookie> result = new List<Cookie>();
        string dbFileName = Path.Combine(baseFolder, CookiesFileName);
        using (SqliteConnection connection = new SqliteConnection($"Data Source={dbFileName}"))
        {
            connection.Open();

            long expireTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
            SqliteCommand command = connection.CreateCommand();
            command.CommandText =
                @"select   creation_utc,
                           host_key,
                           top_frame_site_key,
                           name,
                           value,
                           encrypted_value,
                           path,
                           expires_utc,
                           is_secure,
                           is_httponly,
                           last_access_utc,
                           has_expires,
                           is_persistent,
                           priority,
                           samesite,
                           source_scheme,
                           source_port,
                           is_same_party
                    from cookies
                    WHERE has_expires = 0 or (has_expires = 1 and expires_utc > $expireTime)
                    ";
            command.Parameters.AddWithValue("$expireTime", expireTime);
            using (SqliteDataReader reader = command.ExecuteReader())
            {
                while (reader.Read())
                {
                    string name = reader["name"].ToString();
                    string path = reader["path"].ToString();
                    string domain = reader["host_key"].ToString();
                    byte[] encrypted_value = (byte[])reader["encrypted_value"];

                    string value = DecryptCookie(key, encrypted_value);

                    Cookie cookie = new Cookie(name, value, path, domain);
                    result.Add(cookie);
                }
            }

            return result;
        }
    }

    private string DecryptCookie(byte[] masterKey, byte[] cookie)
    {
        byte[] nonce = cookie[3..15];
        byte[] ciphertext = cookie[15..(cookie.Length - 16)];
        byte[] tag = cookie[(cookie.Length - 16)..(cookie.Length)];

        byte[] resultBytes = new byte[ciphertext.Length];
        
        using AesGcm aesGcm = new AesGcm(masterKey);
        aesGcm.Decrypt(nonce, ciphertext, tag, resultBytes);
        string cookieValue = Encoding.UTF8.GetString(resultBytes);
        return cookieValue;
    }
}

使用的Nuget:

<PackageReference Include="Microsoft.Data.Sqlite" Version="6.0.4" />
<PackageReference Include="System.Security.Cryptography.ProtectedData" Version="6.0.0" />

2019年8月25日更新

Working example repository

警告: 这是可能的解密只有什么是在同一台机器上创建的cookie文件和相同的Windows用户,因为它运行此应用程序*

cookie文件的密钥存储在current user保护范围内
ProtectedData.Unprotect(key, null, DataProtectionScope.CurrentUser);
资料来源:

相关问题