How to Recover Saved Passwords in Google Chrome

How to Recover Saved Passwords in Google Chrome

This research article shows you all password secrets of Chrome browser including where all your website passwords are stored, how it is stored and how to recover it automatically.

Chrome Password Secrets

Chrome browser stores all your website login passwords in the “Login Data” file at following location

[Windows Vista/7/8/10]
C:\Users\[user_name]\AppData\Local\Google\Chrome\User Data\Default\

[Windows XP/2003] 
C:\Documents and Settings\[user_name]\Local Settings\Application Data\Google\Chrome\User Data\Default\

This “Login Data” file is stored in SQLite database format. It contains database table called “logins” where each website login details are stored.

Here are some of the interesting fields stored in this table,

origin_url - main link of the website
action_url - login link of the website
username_element - name of the username field in the website
username_value - username used for login
password_element - name of the password field in the website
password_value - password used for login (encrypted)
date_created - date when it is stored
times_used - how many times this password is used
blacklisted_by_user - set to 1 means password is never stored 	

Here action_url, username_value and password_value refers to website login link, username and encrypted password respectively.

Based on Chrome version, different password encryption technique is used as explained below.

Chrome v80.0 and higher

New Chrome version (v80.0 & higher) uses Master Key based encryption to store your web login passwords.

Here is how it generates the Master Key. First 32-byte random data is generated. Then it is encrypted using Windows DPAPI (“CryptProtectData”) function. To this encrypted key, it inserts signature “DPAPI” in the beginning for identification.

Finally this key is encoded using Base64 and stored in “Local State” file in above “User Data” folder.

Below is the sample entry of encrypted master key.

"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEA0RGbegD...opsxEv3TKNqz0gyhAcq+nAq0"},

Now to store the web login password, Chrome encrypts it using AES-256-GCM algorithm with the above master key and 12-byte random IV data. Finally, it inserts signature “v10” to the encrypted password and stores it in above “Login Data” file.

Below is the structure of new encrypted password,

struct WebPassword
{
	BYTE signature[3] = "v10";
	BYTE iv[12];
	BYTE encPassword[...] 
}

Chrome v79.0 and older

Older version of Chrome encrypts the website password using Windows DPAPI (“CryptProtectData”) function and stores the encrypted password in above “Login Data” file.

Both Chrome versions uses DPAPI functions perform encryption of password using user and machine specific data. As a result encrypted password cannot be decrypted by another user or on another computer.

Hence Chrome password recovery has to be performed on the same computer as the same user.

How to Decrypt Chrome Passwords

Chrome version (v79.0 or earlier) used Windows DPAPI function, CryptProtectData to encrypt the website password. We can decrypt this password using the function called CryptUnprotectData.

Here is the sample C++ program to decrypt the Chrome website password.

void DecryptPassword(char *passData, int passLen, char *password, int length)
{
	DATA_BLOB DataPassword;
	DATA_BLOB DataOutput;
	
	DataPassword.cbData = passLen;
	DataPassword.pbData = (BYTE *) passData;

	if( CryptUnprotectData(&DataPassword, NULL, 0, 0, 0, 0, &DataOutput) == FALSE )
	{
		printf("CryptUnprotectData failed with error 0x%.8x", GetLastError());
		return;
	}

	memcpy(password, DataOutput.pbData, DataOutput.cbData);
	password[DataOutput.cbData] = 0;
	
	
	printf("Successfully Decrypted Password is %s ", password);

}

How to Recover Chrome Passwords Automatically

Here is simple way to recover all your Chrome website passwords without worrying about where it is stored and how to decrypt it.

You can use our XenArmor Browser Password Recovery Pro software to instantly & easily recover all your saved website login passwords from Chrome as shown in video below,

Here are the simple steps to recover all your saved passwords,

  • Step 1: Download & Install Browser Password Pro from here
  • Step 2: Next launch the software on your computer
  • Step 3: It will automatically discover, decrypt and display all the saved Chrome passwords as shown below
It can also help you to delete your saved website passwords to protect from other users, hackers or ransomwares on your computer.

For more details, please refer to Online User Guide

Hope this article has helped you to understand the password secrets of Google Chrome browser.

Let us know what do you think. Please comment below if you have any queries or suggestions.

 


Leave a Reply

Your email address will not be published.