Description
Chrome Password Decryptor is a free software to recover passwords stored in the Google Chrome browser (and other Chromium-based browsers like Edge, Opera, Brave, etc.) on Windows systems. It automatically detects the path of the current user's default Chrome profile and displays all saved passwords in plain text after decrypting them.
Main Features
- Password Recovery:
- Instantly recovers saved passwords in Chrome, displaying details such as:
- Website URL (origin_url).
- Username (username_value).
- Decrypted password (password_value).
- Supports all recent versions of Chrome, including version 135, with support for decryption of passwords protected by application-bound encryption starting from version 1.05 of ChromePass.
- Decryption:
- Chrome passwords are encrypted using the CryptProtectData function of Windows DPAPI (Data Protection API), which uses the user's login credentials as the decryption key.
- Starting from Chrome version 80, passwords are encrypted with the AES-256-GCM algorithm, using a master key stored in the Local State file (located at C:\Users\\AppData\Local\Google\Chrome\User Data\Local State). This key is Base64 encoded and protected by DPAPI.
- The Chrome Password Decryptor extracts the master key, removes the "DPAPI" prefix, decrypts it with CryptUnprotectData, and uses it to decrypt passwords stored in the Login Data file (an SQLite database at C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Login Data).
- Data Export:
- Allows exporting recovered passwords to formats such as HTML, TXT, and XML, facilitating backups or transfers between systems.
- Also displays blacklisted sites where the user opted not to save passwords.
- Interface and Usability:
- Features a simple and organized interface, with a recovery process that can be initiated with a single click.
- Does not require complex configuration; the program automatically detects the Chrome profile path but allows manual selection of alternative profiles (such as Chrome Canary/SXS).
- Support for External Profiles:
- Starting from version 1.05, supports reading passwords from external profiles or different drives (for example, from a system that no longer boots), as long as the profile login password is known, as passwords are encrypted with the SHA hash of that password.
- Compatibility:
- Works on Windows systems, including XP, Vista, 7, 8, 10, and 11 (32 and 64 bits).
- Supports Chromium-based browsers beyond Chrome, such as Microsoft Edge, Opera, Brave, Vivaldi, among others.
Limitations and Considerations
- Dependence on Windows Credentials: Decryption is only possible if the user is logged in with the same Windows account used to encrypt the passwords. After a Windows reinstallation, passwords may not be recoverable, even with the same username and password, due to changes in the system environment.
- Antivirus Detection: Tools like Chrome Password Decryptor (and similar ones, like NirSoft's ChromePass) may be flagged as malicious by antivirus software, as they can be used by hackers to extract passwords. However, the program itself is not harmful and does not send data to third parties.
- Security: Chrome passwords are vulnerable to anyone with physical or remote access to the logged-in computer, highlighting the fragility of storing passwords directly in the browser.
- Chrome v80+: Newer versions of Chrome use more robust encryption (AES-256-GCM), but Chrome Password Decryptor has been updated to handle these changes.
Ethical Warning
- The use of Chrome Password Decryptor should only be done with authorization, such as for recovering personal passwords or in legitimate forensic investigations. Unauthorized use to access third-party passwords is illegal and violates privacy laws.
- For greater security, it is recommended to use dedicated password managers, such as KeePassXC or Proton Pass, instead of storing passwords directly in the browser.