Advanced Chrome credential decryption tool that supports all encryption versions (DPAPI, v10, v11, v20) including the latest App-Bound encryption with CNG key derivation and LSASS impersonation.
- Multi-Version Support: Handles DPAPI, v10, v11, and v20 encryption schemes automatically.
- App-Bound Decryption: Bypasses Chrome's latest v20 App-Bound encryption using CNG API and LSASS token impersonation.
- Master Key Derivation: Extracts and decrypts the master key from Chrome's Local State file using multiple cryptographic layers.
- Token Impersonation: Uses SeDebugPrivilege to impersonate LSASS process for system-level decryption.
- Universal Decryption: Automatically detects encryption version and applies appropriate decryption method.
- Multi-Profile Support: Processes all Chrome profiles (Default, Profile 1, Profile 2, etc.).
- Comprehensive Data Extraction: Retrieves passwords, cookies, and autofill data from Chrome databases.
Install required libraries using pip:
pip install PythonForWindows pycryptodome- Administrator Privileges: Required for LSASS impersonation and SeDebugPrivilege
- Windows OS: Uses Windows-specific CNG and DPAPI APIs
- Chrome Installation: Target Chrome browser must be installed
Run the script with administrator privileges:
python main.pychrome/
├── default/
│ ├── passwords.txt
│ ├── cookies.txt
│ └── auto_fills.txt
├── profile 1/
│ ├── passwords.txt
│ ├── cookies.txt
│ └── auto_fills.txt
└── ...
- DPAPI: Legacy Windows Data Protection API encryption
- v10/v11: Chrome's intermediate encryption versions with DPAPI
- v20: Latest App-Bound encryption with:
- AES-256-GCM with hardcoded key (Flag 1)
- ChaCha20-Poly1305 with hardcoded key (Flag 2)
- AES-256-GCM with CNG-encrypted key + XOR obfuscation (Flag 3)
- CNG Integration: Uses Microsoft's Cryptography Next Generation API for hardware-bound key decryption
- LSASS Token Duplication: Creates impersonation token from Local Security Authority Subsystem Service
- SQLite Database Handling: Safely copies and processes Chrome's locked database files
- Blob Parsing: Custom parser for Chrome's encrypted key blob structure
- Multi-Cipher Support: AES-GCM, ChaCha20-Poly1305, and hybrid encryption schemes
- 🔑 Passwords: Login credentials from all websites
- 🍪 Cookies: Session cookies with proper Netscape format
- 📝 Autofill: Form data and personal information
- 👤 Multi-Profile: All Chrome user profiles automatically detected
@runassu I added and improved several features to the project.
This project has been developed for educational and security research purposes only. Unauthorized access to any system or data is illegal and strictly prohibited. The developer is not responsible for any misuse of this tool. Only use on systems you own or have explicit permission to test.