moonD4rk
yandex passwords are not output (on windows 11)
Describe the bug
Use ./hack-browser-data -vv paste result here
Desktop (please complete the following information):
- OS Name: windows
- Browser Name:chome
- Browser Version:latest
Additional context Add any other context about the problem here.
Seems yandex has a different password file, I will fix this issuse as soon as possible.
maybe the problem is that the "passwords" document is simply not being created
Seems yandex has a different password file, I will fix this issuse as soon as possible.
Hi, I've been reseraching this Yandex's piece of software for a while, and the problem is more complicated than the file. First of all yes, the file for password storage is different, it's stored in "%LOCALAPPDATA%\Yandex\YandexBrowser\User Data\Default\Ya Passman Data" Second problem is that encryption of the private key for pass is different from chromium, it's neither DPAPI, nor Windows sesion key. I asume that this key is in the same DB file, in "meta" table, local_encryptor_data row, but I can't understand how to decrypt it, even you can see the "v10" bytes, which means that this is sort of AES-GCM encryption, but I can't move any further with the method to decrypt this private key. Hope this helps, and if you find the way to decrypt this, this will be very appreciated, cause there is still no software that allow to grab Yandex Browser passwords (at least open source one). Will be glad to work with you on that if you need any help. Thanks a lot
Seems yandex has a different password file, I will fix this issuse as soon as possible.
Hi, I've been reseraching this Yandex's piece of software for a while, and the problem is more complicated than the file. First of all yes, the file for password storage is different, it's stored in "%LOCALAPPDATA%\Yandex\YandexBrowser\User Data\Default\Ya Passman Data" Second problem is that encryption of the private key for pass is different from chromium, it's neither DPAPI, nor Windows sesion key. I asume that this key is in the same DB file, in "meta" table, local_encryptor_data row, but I can't understand how to decrypt it, even you can see the "v10" bytes, which means that this is sort of AES-GCM encryption, but I can't move any further with the method to decrypt this private key. Hope this helps, and if you find the way to decrypt this, this will be very appreciated, cause there is still no software that allow to grab Yandex Browser passwords (at least open source one). Will be glad to work with you on that if you need any help. Thanks a lot
yep, I noticed v10 bytes is different in yandex encrypted value. seem yandex has a different way of encrypting the passwords. I don't know how to decrypt yandex's password.
