Yandex Decrypt

[TechForBad]

Why is the yandex browser not completed? Hope to update :-)

[AlessandroZ]

Hmm I don't remember the problem I encountered. Some test should be done here: https://github.com/AlessandroZ/LaZagne/blob/master/Windows/lazagne/softwares/browsers/chromium_based.py#L130

[qwerty-w]

I agree, it would be very cool if the new version showed passwords from Yandex Browser

[rynnz]

sup, yandex will be completed, or your knowledge of encryption is insufficient to correct current errors?

[qwerty-w]

Yes, I’m also wondering if there will be a decryption of Yandex browser passwords?

[AlessandroZ]

I have tried to add it recently but I don't know why something does not work and right now I cannot understand why. I have commented everything on the code if someone wants to take a look.

I will check it again if I have time but it's not my priority so if you want to take a look, check my comments: https://github.com/AlessandroZ/LaZagne/blob/master/Windows/lazagne/softwares/browsers/chromium_based.py#L120

I'm missing a little thing to get it to work but no idea what.

[rynnz]

If you are interested, you could read an article by Russian developers about how their encryption system works, it is quite complex and looking at your code does not at all match what you were trying to do, it may help you.

https://habr.com/ru/company/yandex/blog/344382/

[Papotito123]

Hello:
From Yandex:
If the user didn't create a master password, the passwords are encrypted in the browser in these steps:
The browser generates a random 256-bit EncKey.
The browser uses this key to protect site passwords using AES-256 GCM encryption. GCM mode is enabled during encryption to ensure data integrity during subsequent syncing. GCM is used for hashing and validating the URL, login and field markup.
The EncKey is encrypted using the browser's built-in OSCrypt function, and is then stored on the computer. The OSCrypt function uses various encryption algorithms depending on the operating system (see the table).

EncKey encryption in Windows without the master password::
The original password encryption key (EncKey):
Mh6lu1xRuZFo/qJ2yktfJch2nAzlgY4+OPADyLQYfrkbR0hxae9M5nVdafthJa2QHG18sZbf2VOxveH87naRb3vq3oJykfxlVHX4bllYDCcLISzHZVnxF2yMM0r4BXl8Uq+nuINiWx8kaKtrULrdwnMGU6eOuOLZvv/wLDzQvz74iuQUgoR3NSpOByFnY/BkAmGWbQ5KXTYqqIcrcqkG1xb3EAQGEG8KGPtQsTvLsHL1QdjteMZ9CBBLAWjYd/kdrZsx+MU96XMEA+ViBU0ot35cAPVBeWgAyMZhvM9sYy4zB2HrCg+n14kSc85OjNEqAChQDeHVtcbBfyshnKB0Qg==

The key that is used for encrypting EncKeyis generated by the CryptProtectData function and is located in the directory:
C:\Users\Account name\AppData\Local\Microsoft\Protect

EncKey* (in base64), encrypted by the key generated by the CryptProtectData function:
AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAApRUs2Bmwq0O4LpCRrIGKQAAAAAACAAAAAAADZgAAwAAAABAAAAAttmGwtWQIgR+ugd6cMwB1AAAAAASAAACgAAAAEAAAAKXn3AtX945aXjv2nFEYf6soAAAAFoZEF0y2DY4+JtCPwkZb68tXEHiZHMPRhJIrMzQA+QF6E6iJBGZD+RQAAAAnmL25O/Rbm8JaMS9cwZZAWtjEGA==

When the user wants to enter a password in a login form, the browser decrypts the EncKey via the OS, then decrypts the necessary password.

Just to share some info about my experience with Yandex.
Yandex 20.4.3.257 first time installation with a new Saved login and no Master password.
While not using Master Password for Yandex,Saved logins are saved in computer in Credential Manager under Windows Credentials generic.
But,for Login/name,will keep a blank space and for Password will display asterisks.

Yandex doesn't have Default\Login Data file .
Instead, Saved passwords are saved in \AppData\Local\Yandex\YandexBrowser\User Data\Default\Ya Passman Data

Still has User Data\Local State;
"os_crypt":{"checker_state":{"counter":0,"encrypted_data":"xxxxxxxxxxxxxxxxxxxxxxxxx="},"encrypted_key":"RFBBUxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx......."}

RFBBU = DPAPI word

With a tool named NTHASH-FPC @erwan I can:
Local State {GUID} can be grabbed.
user SHA1 can be calculated.
Masterkey{GUID} SHA1 can be calculated.

So ,with this MKsha1 should decode blob to get encrypted_key decrypted key(AES local state key).
Then use this AES key to decrypt Logins.
I don't see what is missing.

Ya Passman Data login entry:
https://live.com/https://login.live.com/ppsecure/[email protected]£Áþšê�tè¹\•…ÕÈ;¢¡þ&¬¸xÄyA¹uuí»’”�Ý

• maybe, passw ,entry has some chars at start that are some placeholder/ID that should be taken out

Login Data login entry:
��� �https://login.live.com/login.srfhttps://login.live.com/ppsecure/[email protected]ÏA’°ùžºN�eá�NXUô˜‘µ¨Ž�A��‰3Ш¯[f"Ì��

lazagne can recover Yandex blob data under :

1:
------------------- Credman passwords -----------------

[+] Password found !!!
URL: Yandex.Browser
Login: None
Password: b'\x08.................................................'

And,

2:
------------------- Yandexbrowser passwords -----------------

[+] Password found !!!
URL: https://login.live.com/ppsecure/post.srf
Login: [email protected]
Password: b'D\xc2...........................................................................................'

[nneekkiitt]

Does anyone know, how yandex stores encrypted passwords without the master passord?

Chrome uses folowing scheme:
The main key is protected with DPApi and stored in "Local State" json file. This key is used for password encryption. Passwords are stored in the "Login Data" database in table "logins" in field "password value". They are stored using the fofowing format:
"v10" (3 bytes) + AES GCM IV (12 bytes) + Encrypted Password + AES GCM Auth Tag (16 bytes).

Yandex browser also uses the file "Local State" with main key proteected with DPApi. Passwords are stored in the "Ya Passman Data" database, which is similar to Chrome's "Login Data".

I tried to use the Crome's algorithm to decrypt them, but if was unsuccessful.

Then I exported Chrome's passwords to Yandex and noticed, that the Yandex's encrypted passwords are shorter by 3 bytes then Chrome's. I supposed that Yandex uses the Chrome's format except "v10". I tried to decrypt passwords using AES-GCM, tried to rearrange AES GCM IV, Encrypted Password and AES GCM Auth Tag within the blob, tried to invert the blob to Little-endian and tried to decrypt the passwords using DPApi. All theese attempts were unsuccessful.

At the developer's site it is said that Yandex uses exactly this algorithm. And that's why I think that Yandex uses some special password storage format, which is not described at the developer's site.

Errors in the code are impossible, since the code works for chrome

[Papotito123]

Hello:
https://yandex.com/support/browser-passwords-crypto/

[B011111000000]

Is there anything new?

[bviyesbfvwiye]

I think, there are some different prefixes in the encrypted password. For example, in Chrome it's 'v10' or 'v11'.

[bviyesbfvwiye]

I think, the problem is in the AES-encrypted password, not in the DPAPI+base64 encrypted key.

[Miracle-doctor]

I checked with chrome v10 algorithm and saw that after decryption length of password same of original password. I think there is next step for decryption password

[Miracle-doctor]

Also in Yandex browser Local State file has checker_state that base64 encoded. After decoding this same as v10 algorithm and decrypted with chrome algorithm:
"os_crypt": {
"checker_state": {
"counter": 0,
"encrypted_data": "djEwszZEY8gkj3Ot6chEYS+kMl8FRAKu0OALjhgw41k="
},

[Miracle-doctor]

I think "encrypted_key" successfully decrypted "encrypted_data" in Local State file.

[QGB]

DeduplicateFormsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2471
DeduplicateFormsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2473
OnLoginSuccessful@../../components/password_manager/core/browser/password_manager.cc:1251
RequestEncryptionImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:1979
SaveOrUpdateProvisionallySavedForm@../../components/password_manager/core/browser/password_manager.cc:1360
PromptUserToSaveOrUpdatePassword@../../chrome/browser/password_manager/chrome_password_manager_client.cc:458
UpdatePassmanLoginImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:4306
UpdateLoginImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:3427
RemovePassmanLoginsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2549
RemovePassmanLoginsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2600
RemoveLoginImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:3440
AddPassmanLoginsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2656
AddLoginImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:3414
DeduplicateFormsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2366
DeduplicateFormsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2382
DeduplicateFormsInternal@../../components/password_manager/core/browser/passman/passman_password_store.cc:2270
SaveOrUpdateProvisionallySavedForm@../../components/password_manager/core/browser/password_manager.cc:1375
TryCreateOpenKeyEncryptor@../../components/password_manager/core/browser/passman/passman_password_store.cc:3101
PostActOnChangesSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:3683
CheckMasterPasswordAndUnlockImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:827
DecryptPasswordFormsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2089
UpdatePassmanLoginImplFromPassmanSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:4240
UpdatePassmanLoginImplFromPassmanSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:4296
AddPassmanLoginImplFromPassmanSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:4079
AddPassmanLoginImplFromPassmanSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:4131
ActOnChangesSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:5382
RemovePassmanLoginImplFromPassmanSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:4505
PromptUserToSaveOrUpdatePassword@../../chrome/browser/password_manager/chrome_password_manager_client.cc:477
PromptUserToSaveOrUpdatePassword@../../chrome/browser/password_manager/chrome_password_manager_client.cc:473
PromptUserToSaveOrUpdatePassword@../../chrome/browser/password_manager/chrome_password_manager_client.cc:465
OnLoginSuccessful@../../components/password_manager/core/browser/password_manager.cc:1266
DeduplicateFormsSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:3965
UnlockAndSetKeyStoreEncryptor@../../components/password_manager/core/browser/passman/passman_password_store.cc:2055
AddLoginSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:3729
AddPassmanLoginImplFromPasswordSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:3999
AddPassmanLoginImplFromPasswordSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:4063
AddLoginSync@../../components/password_manager/core/browser/passman/passman_password_store.cc:3771
SaveOrUpdateProvisionallySavedForm@../../components/password_manager/core/browser/password_manager.cc:1320
RemoveLoginsImpl@../../components/password_manager/core/browser/passman/passman_password_store.cc:2219

[kokolbin]

Hi, AlessandroZ. I have looked inside YaBrowser:
when you get aes_gcm key(from DPAPI decryption of ) you can verify that this key is valid, you can decrypt "checker_state":{"encrypted_data"} with this key and the plain text should be "0x00". So the key is valid.
But looking in YaPassmanData.logins.password_value and playing with length of saved password we can conclude that they(Ya) use the same algorithm AES_GCM to protect saved passwords: {nonce[12], ciphertext[SavedPasswordLength], tag[16]}, but when you try to decrypt cipher ciphertext with valid key - you get binary waste.
First idea was to play with positions: {nonce, ciphertext, tag} ->{ciphertext, nonce, tag} ->... - no result
So, the real action that can help us to understand how password are encrypted and stored is reversing the YaBrowser application, try to find the place where decrypting begin, breakepoint it and debug step by step.

[LimerBoy]

Any solutions?

[KushMaD]

Does anyone know, how yandex stores encrypted passwords without the master passord?

Chrome uses folowing scheme: The main key is protected with DPApi and stored in "Local State" json file. This key is used for password encryption. Passwords are stored in the "Login Data" database in table "logins" in field "password value". They are stored using the fofowing format: "v10" (3 bytes) + AES GCM IV (12 bytes) + Encrypted Password + AES GCM Auth Tag (16 bytes).

Yandex browser also uses the file "Local State" with main key proteected with DPApi. Passwords are stored in the "Ya Passman Data" database, which is similar to Chrome's "Login Data".

I tried to use the Crome's algorithm to decrypt them, but if was unsuccessful.

Then I exported Chrome's passwords to Yandex and noticed, that the Yandex's encrypted passwords are shorter by 3 bytes then Chrome's. I supposed that Yandex uses the Chrome's format except "v10". I tried to decrypt passwords using AES-GCM, tried to rearrange AES GCM IV, Encrypted Password and AES GCM Auth Tag within the blob, tried to invert the blob to Little-endian and tried to decrypt the passwords using DPApi. All theese attempts were unsuccessful.

At the developer's site it is said that Yandex uses exactly this algorithm. And that's why I think that Yandex uses some special password storage format, which is not described at the developer's site.

Errors in the code are impossible, since the code works for chrome

Hi! Any solutions?

[Sovenok-Hacker]

Any solutions?

As I see, no. Yandex Encryption have many layers and can be encrypted with cloud key, so no it is not hacked.

[bviyesbfvwiye]

Yandex Browser is 100% hacked on the dark boards though

[bviyesbfvwiye]

But they don't provide any source code unfortunately

[ghost]

Any solutions?

you could use this link as it has Yandex source https://news.ycombinator.com/item?id=34526431

[Giawa86]

This. Answare for a pass code ?? Pada tanggal Kam, 6 Jan 2022 23.53, Miracle ***@***.***> menulis:

…

I checked with chrome v10 algorithm and saw that after decryption length of password same of original password. I think there is next step for decryption password — Reply to this email directly, view it on GitHub <#483 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJCWPJAD25ZZDYR6CYHR7KTUUXCKFANCNFSM4LU3ZQFA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[sea256]

any news?

[LimerBoy]

i reversed yandex and got the algo >:D anyone wanna buy it?

[Sovenok-Hacker]

i reversed yandex and got the algo >:D anyone wanna buy it?

Of course no

[Sovenok-Hacker]

It is publicly available

[LimerBoy]

It is publicly available

nope

[reg499]

Has anyone found the method yet? If so, show how it was solved.