HackBrowserData icon indicating copy to clipboard operation
HackBrowserData copied to clipboard

yandex passwords are not output (on windows 11)

Open Zevsilio opened this issue 4 years ago • 7 comments

Describe the bug Use ./hack-browser-data -vv paste result here

Desktop (please complete the following information):

  • OS Name: windows
  • Browser Name:chome
  • Browser Version:latest

Additional context Add any other context about the problem here.

Zevsilio avatar Dec 15 '21 12:12 Zevsilio

Seems yandex has a different password file, I will fix this issuse as soon as possible.

moonD4rk avatar Dec 16 '21 04:12 moonD4rk

maybe the problem is that the "passwords" document is simply not being created

Zevsilio avatar Jan 03 '22 17:01 Zevsilio

Seems yandex has a different password file, I will fix this issuse as soon as possible.

Hi, I've been reseraching this Yandex's piece of software for a while, and the problem is more complicated than the file. First of all yes, the file for password storage is different, it's stored in "%LOCALAPPDATA%\Yandex\YandexBrowser\User Data\Default\Ya Passman Data" Second problem is that encryption of the private key for pass is different from chromium, it's neither DPAPI, nor Windows sesion key. I asume that this key is in the same DB file, in "meta" table, local_encryptor_data row, but I can't understand how to decrypt it, even you can see the "v10" bytes, which means that this is sort of AES-GCM encryption, but I can't move any further with the method to decrypt this private key. Hope this helps, and if you find the way to decrypt this, this will be very appreciated, cause there is still no software that allow to grab Yandex Browser passwords (at least open source one). Will be glad to work with you on that if you need any help. Thanks a lot

ghost avatar Mar 08 '22 11:03 ghost

Seems yandex has a different password file, I will fix this issuse as soon as possible.

Hi, I've been reseraching this Yandex's piece of software for a while, and the problem is more complicated than the file. First of all yes, the file for password storage is different, it's stored in "%LOCALAPPDATA%\Yandex\YandexBrowser\User Data\Default\Ya Passman Data" Second problem is that encryption of the private key for pass is different from chromium, it's neither DPAPI, nor Windows sesion key. I asume that this key is in the same DB file, in "meta" table, local_encryptor_data row, but I can't understand how to decrypt it, even you can see the "v10" bytes, which means that this is sort of AES-GCM encryption, but I can't move any further with the method to decrypt this private key. Hope this helps, and if you find the way to decrypt this, this will be very appreciated, cause there is still no software that allow to grab Yandex Browser passwords (at least open source one). Will be glad to work with you on that if you need any help. Thanks a lot

yep, I noticed v10 bytes is different in yandex encrypted value. seem yandex has a different way of encrypting the passwords. I don't know how to decrypt yandex's password.

moonD4rk avatar Apr 13 '22 09:04 moonD4rk

hi! is the problem solved?

KushMaD avatar May 12 '23 22:05 KushMaD

There is no tool that can decrypt it yet.

freeide avatar Oct 15 '23 14:10 freeide

same problem here... trying to figure this out quire compilcated

aamaanaa avatar Mar 18 '24 13:03 aamaanaa