Hi guys. I've been trying almost the entire day to get this to work.
So, I want to decrypt the local Chrome cookies, using the [CryptUnprotectData
function](https://docs.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptunprotectdata)
with winim. The function itself basically takes two real arguments - one
DATA_BLOB pointer for the input and one DATA_BLOB pointer for the output. The
DATA_BLOBs themselves are apparently made up of [two
parts](https://docs.microsoft.com/sv-se/previous-versions/windows/desktop/legacy/aa381414\(v=vs.85\))
\- a DWORD (specifying the length of the blob) and a BYTE pointer, containing
the actual data.
However, I can't figure out how to pass a BYTE pointer to the function. Nothing
seems to work. I've tried putting the data in a seq[BYTE], passing addr var[0]
as the BYTE pointer. I've tried putting the data in a BSTR, and I've tried
casting pretty much everything into BYTE pointers. Still nothing. Here is my
latest attempt, just so you can see what the code looks like (it's obviously
wrong, but at this point I'm just throwing stuff at the wall to see if anything
sticks):
import winim
import db_sqlite
let db = open("C:\\Users\\Daniel\\AppData\\Local\\Google\\Chrome\\User
Data\\Default\\cookies", "", "", "")
let result = db.getAllRows(sql"SELECT encrypted_value FROM cookies WHERE
host_key LIKE '%hostname.com%' AND name LIKE '%COOKIE_NAME%'")[0][0]
var decryptedCookie : DATA_BLOB
var encryptedCookie : DATA_BLOB
var byteData : BSTR
byteData = result
encryptedCookie.cbData = int32(len(result))
encryptedCookie.pbData = cast[ptr BYTE](addr byteData[0])
let decryptResult = CryptUnprotectData(addr encryptedCookie, nil, nil, nil,
nil, 0, addr decryptedCookie)
echo decryptedCookie
db.close()
Run
Please guys. I need your help. What am I supposed to do here?
