Cannot export and view saved passwords
-
leocg Moderator Volunteer last edited by
@sdfgvfdrvhdfg If the problem started after step 3, it seems to me that one of those files, or even both, is messed up.
-
sdfgvfdrvhdfg last edited by
@leocg Looks like it, but how come Opera still fills out my form with these passwords?
-
leocg Moderator Volunteer last edited by
@sdfgvfdrvhdfg Because the passwords are still there, but they are hidden for some reason.
-
burnout426 Volunteer last edited by
@sdfgvfdrvhdfg Using https://sqlitestudio.pl/ for example, "add database", point it to "Login Data", right-click the database, choose "connect" and then double-left-click on the "Logins" table. Then, switch to the "data" tab in the right-hand pane.
For example, I see v10 before password values. Do yours have an older version? Maybe the password-manager page is picky about version where as autofill is not. Would be weird, but, you could compare to a fresh Login Data file.
You can also expand the Columns for the "Logins" table and compare with a fresh Login Data to see if the number of columns is different. If so, maybe the password-manager page is picky about that.
Ultimately, I don't know though.
-
-
sdfgvfdrvhdfg last edited by
@burnout426 Where do I find the key or a passphrase used ot encode passwords? Is it somewhere in
Local State? Or does opera use system passwords? -
leocg Moderator Volunteer last edited by
@sdfgvfdrvhdfg Chromium uses your OS login credentials to encrypt saved passwords.
-
burnout426 Volunteer last edited by
Opera/Chromium makes use of the root/os_crypt/encrypted_key value in the "Local State" file in some way. I don't know how exactly that's generated/salted/hashed etc. based on your OS login info, but on Windows for example, I think it uses CryptProtectData. Also, see https://tierzerosecurity.co.nz/2024/01/22/data-protection-windows-api.html. But, not sure what exact entropy is given to it. For macOS, it uses the macOS key chain. For Linux, it uses a certain API depending on the desktop environment. See https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/linux/password_storage.md for example.
For Linux, you can take a look at posts like https://stackoverflow.com/questions/23201146/how-to-decrypt-data-which-is-crypted-by-cryptprotectdata-function and https://www.reddit.com/r/linux/comments/1coiu2g/how_does_chrome_encrypt_users_passwords_etc_on/.
Looking at https://ohyicong.medium.com/how-to-hack-chrome-password-with-python-1bedc167be3d might explain things the best for how to use the encrypted key the the Login State file and the password data for an entry in Login Data and AES to decrypt a password.
-
sdfgvfdrvhdfg last edited by
@burnout426 Wow, thanks, this URL (https://ohyicong.medium.com/how-to-hack-chrome-password-with-python-1bedc167be3d) is really helpful
Also, this one: https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/linux/password_storage.md kindof explains why I might be having problems with passwords. I used KWallet before but it's been unreliable so I've removed it.
As for the python script - I've found that already but I requires windows (which I don't have access to) and relies on WinApi which makes it unportable. There still has to be a way to do this in Linux somehow...
-
