From 9a332ddc8e26a75c2f6fb84437221a1e0fe19cdb Mon Sep 17 00:00:00 2001 From: Christopher Pritchard Date: Tue, 17 Oct 2023 12:27:41 +1300 Subject: [PATCH] Fix for out of order encrypted_key in local state os_crypt can contain multiple fields, and encrypted_key is not guarenteed to be first --- mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c b/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c index 96f21c0f..7fd6126b 100644 --- a/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c +++ b/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_chrome.c @@ -252,9 +252,9 @@ BOOL kuhl_m_dpapi_chrome_alg_key_from_file(LPCWSTR szState, BOOL forced, int arg { if(uData = kull_m_string_qad_ansi_c_to_unicode((const char *) data, dwData)) { - if(begin = wcsstr(uData, L"\"os_crypt\":{\"encrypted_key\":\"")) + if(begin = wcsstr(uData, L"\"encrypted_key\":\"")) { - begin += 29; + begin += 17; if(end = wcsstr(begin, L"\"}")) { end = L'\0'; @@ -263,7 +263,7 @@ BOOL kuhl_m_dpapi_chrome_alg_key_from_file(LPCWSTR szState, BOOL forced, int arg } else PRINT_ERROR(L"Unable to find the end of the encrypted_key\n"); } - else if(forced) PRINT_ERROR(L"encrypted_key not fond in state file.\n"); + else if(forced) PRINT_ERROR(L"encrypted_key not found in state file.\n"); LocalFree(uData); } LocalFree(data); @@ -294,4 +294,4 @@ BOOL kuhl_m_dpapi_chrome_alg_key_from_auto(LPCWSTR szFile, int argc, wchar_t * a free(duplicate); } return status; -} \ No newline at end of file +}