Decrypt Google Chrome passwords

google-chrome passwords encryption decrypt

Google Chrome on Windows encrypts your saved passwords using the Windows encryption function CryptProtectData. In order to decrypt the saved password not only do you have to be logged in with the same user password Chrome used to save it, but also be on the same computer.

From your description I understand you only reinstalled Windows, but are on the same computer. Try changing your password or create a new account with the same username and password you used before reinstalling to decrypt the passwords with ChromePass.


The question is a bit outdated and was fairly active during its time but doesn't seem to have reached a fruitful answer. In any case, this answer is meant for anyone who stumbles across this page like I have.

Although it's noted that you are on the same computer, using the same username and password, CryptProtectData uses an encryption algorithm which derives its key from environment variables such as the current machine ID and user credentials. Since you mentioned a fresh install of Windows, I assume you reformatted as part of the process (while simply upgrading to a new hard drive could've also been a case for reinstalling Windows), and while it's the same machine with presumably the same OS, there's still unknown variables that would've factored into your computer's system environment as well as user environment. One simple question is what was the version of Windows you installed compared to your old system which had most likely downloaded and installed Windows Updates thus changing the Windows environment you brought the data back into. The same goes with Chrome from when you first signed in and saved your first password at a particular browser version to the version you reinstalled it on?

Since this is all trivial to pose those questions now, you had more simply asked not how, but if you could decrypt it in which case a technical, more official answer would've been no since it was a fresh install of Windows. But o course, the "protection" against same-user different-application extraction is the additional entropy the caller can supply. So in actuality, you can always just run the application and get that anyways.

While importing it into Chrome resulted in no data showing up at all in the settings menu, you were only able to retrieve username data using ChromePass whereas it was empty where the passwords should've been reported. The Chrompass you used (I assume you used the one by NirSoft) tries to extract the stored entropy values from the chrome DB file whereas the alternative would've been to attach to the chrome process and intercept its call to CrypProtect. An overview of DPAPI, which CryptProtect uses can be found here. While a tool for DPAPI extraction such as mimikatz can be found here.

While mimikatz would have had you covered in offering multiple solutions, something more simply such as CryptProtectData by zhmyh1337 uses functions stored in a visual studio project that directly calls the WinAPI CryptPortectData and could have been more particular to the chrome version of your day, I'm guessing 30.0.1599.101

Related

How to interpolate intermediate values for arbitrary data in Excel
Print over remote CUPS server, but just show a subset of the printers
w32tm does not exist as an installed service
How to make Gmail the default handler for email on a Windows PC?
How to insert date/time in notepad++ 64bit
Full URI to a file on another machine in our local network?
Don't combine Taskbar Icons, but only display Icons [duplicate]
Value of $(-1)^x$ for $x$ irrational
Approximate $|x|$ with a smooth function
Fermat's Last Theorem for Negative $n$
Set of points at which sequence of measurable functions converge (another approach)
Another way of expressing $\sum_{k=0}^{n} \frac{H_{k+1}}{n-k+1}$