Store user passwords in Google Chrome on Android

image

Hi Habr! I am a young developer specializing in Android development and information security. Not so long ago, I wondered: how does Google Chrome store user passwords stored? Analyzing information from the network and the files of chrome itself ( this article was especially informative ), I found certain similarities and differences in the implementation of saving passwords on different platforms, and for demonstration I wrote applications for extracting passwords from the Android version of the browser.

How it works?


As we can know from various publications on the network on this topic, Google Chrome on PC stores the passwords of its users in the following directory:

"C: \ Users \ SomeUser \ AppData \ Local \ Google \ Chrome \ User Data \ Default \" in the " Login Data " file .

This file is a SQLite database, and it can be opened and viewed. In the logins table, we can see the following fields of interest to us: origin_url (site address), username_value (login), password_value (password). The password is represented by a byte array, and is encrypted through a machine key, individual for each system. More information can be found in this article. Thus, there is no protection in the Windows client.

Android


But since I am more interested in Android, my Android browser client took over my attention, respectively.

“Uncovering” the Google Chrome package ( com.android.chrome ), I found that its structure is very similar to that of the PC client, and it was not difficult to find the exact same database responsible for storing user passwords. The full path to the database is as follows: "/data/data/com.android.chrome/app_chrome/Default/Login Data" . In general, this database is very similar to its "elder sister" from the PC version, having only one, but very significant difference - passwords are stored here in an open form. The question arises: is it possible to programmatically extract passwords from the database? The answer was very obvious - yes, if your application has root privileges.

Implementation


For clarity, it was decided to create your own tool for extracting passwords from the browser database.

If you describe his work in a nutshell, then it works like this:

  • Gets root.
  • Copy the Chrome database to its directory.
  • With the help of chmod gets access to a copy of the database.
  • Opens a database, and extracts information about logins and passwords.

The app was hosted on Google Play .

GitHub project: ChromeOR .

Conclusion


As a conclusion from the work done, we can say that if you have root rights, pulling out the password database from the browser and sending it to your server is a completely solvable task, and this fact should make you think about whether to trust any application with superuser rights .

I hope this article was informative. Thanks for attention!

Also popular now: