Decrypt Google Chrome passwords

google-chrome passwords encryption decrypt
37,742

Solution 1

Google Chrome on Windows encrypts your saved passwords using the Windows encryption function CryptProtectData. In order to decrypt the saved password not only do you have to be logged in with the same user password Chrome used to save it, but also be on the same computer.

From your description I understand you only reinstalled Windows, but are on the same computer. Try changing your password or create a new account with the same username and password you used before reinstalling to decrypt the passwords with ChromePass.

Solution 2

The question is a bit outdated and was fairly active during its time but doesn't seem to have reached a fruitful answer. In any case, this answer is meant for anyone who stumbles across this page like I have.

Although it's noted that you are on the same computer, using the same username and password, CryptProtectData uses an encryption algorithm which derives its key from environment variables such as the current machine ID and user credentials. Since you mentioned a fresh install of Windows, I assume you reformatted as part of the process (while simply upgrading to a new hard drive could've also been a case for reinstalling Windows), and while it's the same machine with presumably the same OS, there's still unknown variables that would've factored into your computer's system environment as well as user environment. One simple question is what was the version of Windows you installed compared to your old system which had most likely downloaded and installed Windows Updates thus changing the Windows environment you brought the data back into. The same goes with Chrome from when you first signed in and saved your first password at a particular browser version to the version you reinstalled it on?

Since this is all trivial to pose those questions now, you had more simply asked not how, but if you could decrypt it in which case a technical, more official answer would've been no since it was a fresh install of Windows. But o course, the "protection" against same-user different-application extraction is the additional entropy the caller can supply. So in actuality, you can always just run the application and get that anyways.

While importing it into Chrome resulted in no data showing up at all in the settings menu, you were only able to retrieve username data using ChromePass whereas it was empty where the passwords should've been reported. The Chrompass you used (I assume you used the one by NirSoft) tries to extract the stored entropy values from the chrome DB file whereas the alternative would've been to attach to the chrome process and intercept its call to CrypProtect. An overview of DPAPI, which CryptProtect uses can be found here. While a tool for DPAPI extraction such as mimikatz can be found here.

While mimikatz would have had you covered in offering multiple solutions, something more simply such as CryptProtectData by zhmyh1337 uses functions stored in a visual studio project that directly calls the WinAPI CryptPortectData and could have been more particular to the chrome version of your day, I'm guessing 30.0.1599.101

Share:
37,742

Related videos on Youtube

waki
Author by

waki

Updated on September 18, 2022

Comments

  • waki
    waki almost 2 years

    In this question How does Google Chrome store passwords? I found out how my Chrome passwords are encrypted. The passwords are encrypted with the current useraccount (of Windows).

    I had saved my userdata from "C:\Users\%username%\AppData\Local\Google\Chrome\User Data" before reinstalling windows.

    After putting the Data on the fresh installed system, I only have my chrome settings and bookmarks stored. There are no passwords in the list (in chrome)

    With ChromePass I could only recover my website data and loginnames. (The password value is empty)

    I know some of my passwords which are stored in the Login Data and the username and password on the old system.

    Is it possible to decrypt my passwords ?

    • Ramhound
      Ramhound over 10 years
      What exactly is the question? Did you backup all the required data in order to do this before you deleted the original data?
    • waki
      waki over 10 years
      I did a backup of the UserData folder of Chrome which contains the file "Login Data" with the login data and encrypted passwords
    • Ramhound
      Ramhound over 10 years
      So if you restore all the data in the current profile. You are saying that Chrome does not allow you to view the passwords? If thats the case then what you want isn't possible as the correct data wasn't backed up.
    • waki
      waki over 10 years
      In the settings at saved passwords is shown nothing, but with the tool ChromePass, I get all Logindata expect the passwords (empty)
    • Ramhound
      Ramhound over 10 years
      did you originally password protect your passwords?
    • Savvas Radevic
      Savvas Radevic over 10 years
      Have you tried ChromePasswordDecryptor? securityxploded.com/chromepassworddecryptor.php (softpedia says it's supported by ads) Never tried it. Use at your own risk.
    • waki
      waki over 10 years
      I have tried it, but doesn't work, how in the linked thread, it is sayed, that the password is encrypted with the useraccount (of windows)
    • waki
      waki over 10 years
      @Ramhound: I didn't protect the passwords saved by chrome
    • Ramhound
      Ramhound over 10 years
      @waki - If you didn't protect your passwords there is nothing to decrypt because your passwords were never encrypted.
    • waki
      waki over 10 years
      In the above mentioned thread is sayed, that the passwords are encrypted with the current useraccount. But I didn't do anything special to encrypt it
  • waki
    waki over 10 years
    I am on the same computer and I use the same username and password I have used before, but it doesn't work to decrypt with ChromePass.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How does Google Chrome store passwords?
Can Google Employees See My Passwords Saved in Google Chrome?
How to add see password icon just for chrome and Firefox?
How to properly store a PBKDF2 password hash
RAR passwords, why don't rainbow tables work?
Drupal 7 password hash
How can I encrypt password in a batch file?
How to hash a password with SHA512
How to encrypt form data?
How to use Keychain for saving password like GenericKeychain sample code