xaitax/Chrome-App-Bound-Encryption-Decryption v0.17.2

v0.17.2 - Santa's Little Helper Release!

on GitHub

v0.17.2

• Browser Process Termination: Added -k/--kill flag to terminate all running browser processes before extraction.
  • Uses direct syscalls (NtTerminateProcess, NtGetNextProcess, NtOpenProcess) for process termination.
  • Automatically terminates child processes to release file locks on SQLite databases.

v0.17.1

• Google Auth Token Extraction: Added support for extracting Google OAuth2 Refresh Tokens.
  • Extracts and decrypts tokens used for Chrome Sync and Google services.
  • Outputs to tokens.json in the browser profile directory.
• Cookie Extraction: Added expires timestamp and path fields to the cookie extraction output, enabling identification of expired cookies.

v0.17.0

• Full Codebase Refactor: Completely rewrote the project into a modern, modular C++ architecture.
• Compile-Time Key Derivation: Eliminated static encryption keys from the binary.
  • Keys derived at compile-time from version tag + build date via FNV-1a/MurmurHash3 cascade.
  • Each build produces unique encryption keys automatically.
• Hash-Based Syscall Resolution: Eliminated plaintext syscall names from the binary.
  • All syscall names replaced with compile-time DJB2 hashes.
• Reflective Loader Enhancements:
  • PE Header Destruction: After payload mapping, PE headers (MZ/PE signatures) are overwritten with pseudo-random data.
  • Syscall-Based Memory Operations: Now uses direct syscalls for NtAllocateVirtualMemory and NtProtectVirtualMemory.
• Enhanced Fingerprint Extraction: More comprehensive browser metadata collection (-f flag).
• Redesigned Console Output: Cleaner visual hierarchy with box-drawing tree structure.