driis.dk

Today, I wanted to backup all my passwords stored in Google Chrome. I thought that would be an easy task, but it turns out, that this is not supported, at least as far as I can tell. There is an option to view the shared passwords one-by-one, but that was not really an option for me.

So, I decided to write a small program to extract the passwords from Chrome. Since Chrome (or Chromium, to be exact), is open source, I pulled the source from http://dev.chromium.org/getting-involved, compiled it, and starting looking around trying to figure out how passwords are stored. The setup and build experience was much nicer than what I have tried with other open source projects I have looked at; there are detailed build instructions with only a few steps available, and after setting up, it just works, in a Visual Studio 2008 solution. A full recompile does take some time however (45 minutes on my machine).

I quickly found out that Chrome stores most of its user and configuration data in small SQLite databases stored on disk in the AppData/Local/Google/Chrome/User Data directory. So, reading the data was no problem after grabbing a copy of the ADO .NET Provider for SQLite, as well as the sqlite3.dll binary from http://www.sqlite.org/. The data I was after (user names and passwords) is stored in the file named Web Data. This contains a table named logins, which contains the URL for which the login is valid, some details about the html form where the password has been used (in order to allow Chrome to auto-fill password boxes for you), and the username and password. It also contains a "preferred" and "blacklisted_by_user" column.

Decrypting the passwords

The passwords is, obviously for security reasons, not stored in plain text. Rather, they are encrypted, so I needed to figure out how they are encrypted and how to decrypt them. The answer lies in the Chromium source, where the Encryptor class contains the following method:

bool Encryptor::EncryptString(const std::string& plaintext,
                              std::string* ciphertext) {
  DATA_BLOB input;
  input.pbData = const_cast<BYTE*>(
    reinterpret_cast<const BYTE*>(plaintext.data()));
  input.cbData = static_cast<DWORD>(plaintext.length());

  DATA_BLOB output;
  BOOL result = CryptProtectData(&input, L"", NULL, NULL, NULL,
                                 0, &output);
  if (!result)
    return false;

  // this does a copy
  ciphertext->assign(reinterpret_cast<std::string::value_type*>(output.pbData),
                     output.cbData);

  LocalFree(output.pbData);
  return true;
}

As it turns out, the Windows Data Protection (DPAPI) is used to encrypt the data, namely the CryptProtectData function as shown above. Therefore, I can relatively easy decrypt the data, using the CryptUnprotectData function, as long as I do not try to decrypt the password of other users - the DPAPI encrypts with a key based on the current user's login credentials. I first tried to do the decrypting in C# using P/Invoke the the CryptUnprotect function, but for some reason, I could not get that to work. I kept getting a credentials dialog from Windows when trying it, which is not what i want. Luckily, after googling a bit, I found out that there already exist a managed wrapper for doing this, namely the ProtectedData class. After switching to using this, there were no problems decrypting the passwords.

The password recovery tool

I wrote a tiny C# console program to dump the passwords. They can be dumped to the console (default) or to an XML file. Running the program without parameters will try to dump all the passwords to the console. You might need to have Chrome closed while doing this. Run the program with the -help switch to display a short usage information message.

I am including the program for download here - both in a precompiled form and the C# source. It requires .NET Framework 3.5. The program as well as it's source is free for use non-commercially and is provided without any warranty or obligations for me, neither explicit or implied. It probably won't kill your cat, but don't come to me crying about it if it does ;-). If you wish to use the source or derivate thereof in a commercial product, contact me for permission first.

Download:

• ChromePasswordRecover (binary package - unzip and run cprecover.exe in a console window)
• ChromePasswordRecover - C# source.

What is missing ?
It would be nice to have an option to import the exported passwords into a new Chrome installation on another computer. I am considering adding it, but don't really need it at this time. It should be relatively easy - if you happen to develop the feature based on my work, please email me the source.

I admit it, I am a fan of the new Google Chrome browser.

This made me chuckle, however:

Is Google preparing to dominate the world ?

One of the minor problems I had when making the Stopwatch for my HTC Touch Diamond, was to make the phone vibrate automatically. It seems there are no managed way of doing this. However, after a bit of googling around, I found out that the vibrator typically can be addressed as a LED object using the Open NET CF Framework. So I decided to throw together a tiny wrapper class around this functionality, so I can use it generally in the future. The most useful thing here, I think, is the ability to have the phone vibrate using a given on-off pattern in a fire-and-forget pattern that works well when programming Compact Framework forms.

This is the simple Vibrator class:

         1: using System;

         2: using System.Threading;

         3: using OpenNETCF.WindowsCE.Notification;

         4:  

         5:  namespace dr.WM.Common

         6: {

         7:     /// <summary>

         8:     /// Vibrator class. Works on HTC Touch Diamond, not tested anywhere else.

         9:     /// (Mostly, The LED index could be different on other devices.)

         10:     /// </summary>

         11:     public class Vibrator

         12:     {

         13:         /// <summary>

         14:         /// Index of the Vibrator LED.

         15:         /// </summary>

         16:         private const int VibratorLedIndex = 1;

         17:         /// <summary>

         18:         /// LED instance.

         19:         /// </summary>

         20:         private readonly Led led = new Led();

         21:         /// <summary>

         22:         /// Whether the Run thread is allowed to run.

         23:         /// </summary>

         24:         private bool allowRun = false;

         25:         /// <summary>

         26:         /// Starts this instance.

         27:         /// </summary>

         28:         public void Start()

         29:         {

         30:             allowRun = true;

         31:             led.SetLedStatus(VibratorLedIndex,Led.LedState.Blink);

         32:         }

         33:  

         34:         /// <summary>

         35:         /// Stops this instance.

         36:         /// </summary>

         37:         public void Stop()

         38:         {

         39:             allowRun = false;

         40:             led.SetLedStatus(VibratorLedIndex, Led.LedState.Off);            

         41:         }

         42:  

         43:         /// <summary>

         44:         /// Starts a vibrating sequence by specifying the vibrate and pause times.

         45:         /// Vibration will run until the Stop method is called.

         46:         /// </summary>

         47:         /// <param name="msVibrate">The vibrate time in milliseconds.</param>

         48:         /// <param name="msPause">The pause time in milliseconds.</param>

         49:         public void StartSequence(int msVibrate, int msPause)

         50:         {

         51:             StartSequence(msVibrate,msPause,0);

         52:         }

         53:         /// <summary>

         54:         /// Starts a vibrating sequence by specifying the vibrate and pause times.

         55:         /// Vibration will run for the specified total time, or until the Stop method is called.

         56:         /// </summary>

         57:         /// <param name="msVibrate">The vibrate time in milliseconds.</param>

         58:         /// <param name="msPause">The pause time in milliseconds.</param>

         59:         /// <param name="totalLength">The total time to vibrate.</param>

         60:         public void StartSequence(int msVibrate, int msPause, int totalLength)

         61:         {

         62:             allowRun = true;

         63:             ThreadPool.QueueUserWorkItem(Run,

         64:                                          new RunState

         65:                                              {VibrateTime = msVibrate, PauseTime = msPause, TotalTime = totalLength});

         66:         }

         67:  

         68:         /// <summary>

         69:         /// Thread worker for a vibrating sequence.

         70:         /// </summary>

         71:         /// <param name="state">The state.</param>

         72:         private void Run(object state)

         73:         {

         74:             long begin = Environment.TickCount;

         75:             RunState runState = (RunState)state;

         76:             while(allowRun && (runState.TotalTime <= 0 || Environment.TickCount - begin < runState.TotalTime))

         77:             {

         78:                 led.SetLedStatus(VibratorLedIndex, Led.LedState.Blink);

         79:                 Thread.Sleep(runState.VibrateTime);

         80:                 led.SetLedStatus(VibratorLedIndex, Led.LedState.Off);

         81:                 Thread.Sleep(runState.PauseTime);

         82:             }

         83:         }

         84:  

         85:         /// <summary>

         86:         /// Helper for passing vibration state to the worker thread.

         87:         /// </summary>

         88:         private struct RunState

         89:         {

         90:             public int VibrateTime { get; set; }

         91:             public int PauseTime { get; set; }

         92:             public int TotalTime { get; set; }

         93:         }

         94:     }

         95: }

Please note that this might (propably) will not work on other devices, since the vibrator might not be on the same LED index. One could refactor the class and make a couple of vibrator on/off virtual protected methods, and call these from the Start / Stop methods. That way, it could be easy to make the class general enough for use on other devices, you would just need to implement the start and stop operations. However, there might be an easier way of doing this using an unmanaged API (actually I hope there is, since collecting info about all types of devices in order to figure out how to fire the vibrator, seems as an unfeasible task).

It seems that the Klaxon Open-Source alarm clock for Windows Mobile has just been made Open Source. I think I will have a look at the source to see whether my way of using the vibrator is feasible, or the Klaxon author uses a better approach ;-)

I have got a new mobile phone, a HTC Touch Diamond. Besides the fact that it has a sleek design and is much easier to work with when reading email and browsing the web than my old phone.

However, that it is not the only reason for buying the Diamond. Another, very important reason, is that it runs Windows Mobile 6.1 - and therefore I can write my own programs for it using pretty much the same toolset as I use for any other .NET program. Granted, there are stuff missing in the Compact Framework compared to the full-blown framework (Expression trees anyone ?), but it is normally quite easy to find alternatives, and the Compact Framework does make it quite easy to program the device.

My first application for the Touch is a simple Stopwatch program. I wrote it, because there was no stopwatch and/or timer program on the Touch when I got it, so why not write my own ;-) The application it is quite simple, but I learned quite a deal about the device and the Compact Framework while developing it. It essentially relies on the Environment.TickCount counter to measure time, so it might not be 100% accurate - but for my needs (such as heating pizza's), it is quite sufficient.

If anyone's interested, you may download the source from here. If you want to compile it, you will need a copy of the OpenNET CF Framework, because I needed to use some parts of it for making the phone vibrate when the alarm goes off. (It could be replaced with some P/Invoke calls, but i got lazy ;-)

The application itself has the following features:

• Simple stopwatch
• Timer with alert (vibration and sound)
• Configurable alarm sound (only .wav files, sorry).
• Settings are remembered (stored in Application Data)

50 in 50
This was todays keynote by Richard P. Gabriel and Guy L. Steele Jr. Before the talk, there had been some speculations about the title; was it 50 programming languages in 50 minutes ? Or what did it mean exactly ? It turned out to be 50 comments about programming and programming languages, in 50 minutes. These focused on the history of programming and did so in an entertaining and enlightening manner. This was a certainly a great talk - and for a "young" programmer like my self what was not even born when Ada and Algol 60 appeared; it provided also some historical insight. Only downside to this talk, is that the schedule was affected by the fact that it was more like 50 in 75 - the talk took about 75 minutes; but with this quality of technical and on the same time entertaining talk, that does not really matter for me.

Today on JAOO has also been packed with interesting talks. I attended these:

V8: The Javascript engine inside Google Chrome
Keynote by Lars Bak about the all-new javascript engine that was implemented by his team in Århus for Google Chrome. This javascript engine is about 10 times faster than other javascript implementations. Lars explained how this is possible in a very dynamic language like javascript, by creating classes that can be reused; if another object with the same properties is created, which tends to happen often. Optmizations can then be applied to those classes. Furthermore, Chrome compiles the Javascript code to native code so that it can run really fast on any platform. Lars mentioned a few other major improvements, and this was a very inspiring and interesting talk - even though he had some problems with the projector in the beginning.

Failure Comes In Flavours
This talk by Mikael Nygard (who is not danish, by the way, though his name resembles a danish name pretty much) was divided into two sessions. In the first, Mikael talk about anti-patterns that lead to failure - such as depending too hard on third parties, or waiting forever for some external call. This talk featured some "war stories" about failures Mikael had helped to resolve in the past. In the second session, Mikael offered his advice on how to avoid failure and some patterns that can help in this. Though focus was very much on big enterprise SOA systems; the principles can be applied anywhere. I learned a thing or two in this session, that can be applied to my every-day work on web applications in a smaller scale.

Not your Grandfather's Architecture: Taking Architecture into the Agile World
In this talk, James Coplien talked about Agile architecture. He presented his ideas about adding roles as a concept to the object-oriented world of classes and objects. He argued that programs could be made simpler and get rid of polymorphism using his approach; I am not sure that I agree. There was no working code demo, so his ideas is still kind of abstract in my mind.

Successfully applying REST - Integration, Web-style
Stefan Tilkov talked about REST integration; a subject that I find very interesting, since we already use it in projects at work, and are planning to use it even more extensively. Stefan had some very interesting points about REST, and how it can be applied to a SOA world. I really like the clean interface you can make of a REST service, without much of the overhead and scaffolding that is neccessary in SOAP, for instance.

Top Ten Software Architecture Mistakes
This was a talk focusing on what not to do in architecture; so that we can avoid mistakes or bad decisions in our architecture. The talker, Eion Woods, had his list of 10 mistakes and how to avoid them, which was presented with a little bit of humour. At least some of the items is going to be on my list of things to check before beginning development of new projects.

Today, I've been attending the first day at the JAOO Conference. It has been an interesting day, and I am amazed by all the very talented people that speaks here at the conference, as well as by the quality of the talks. I have been attending these sessions:

Opening Keynote: Where Are Programming Languages Going, by Anders Hejlsberg
In this talk, Anders presented his take on how the programming languages will be evolving in the future. One point made, was that programming languages has not evolved much over the last 25 years - which was exemplified by a "Hello world" program in Pascal versus one in C#. The C# one was neither the shortest nor the most concise one. Anders believes that we will se more implementation of what he calls "internal domain-specific-languages", such as LINQ. Furthermore, he thinks that in the future the gap between functional and imperative programming languages will diminish, since they are already today starting to borrow the best elements from each other. Finally, he talked about concurrency and in-language concurrency constructs such as isolation, which Anders predicts also will be part of the main-stream languages in the near future.

Continuous Integration
The Continuous Integration talk was a great introduction to me into Continuous integration, since it is something, that I have little to zero experience with. We do have a build server that does nightly builds at work, but as Chris Read, the speaker, pointed out, that is not CI, though it is a step on the way toward succesful CI.

Google Chrome: The Invisible Browser
This was a talk by Ben Goodger, the Google Chrome UI tech lead, about the minimalist Chrome UI and the architecture and decisions behind it. It was interesting, though there was not much new to learn here. (Or perhaps I should know better than to attend UI talks, when UI does not really interest me. I am trying to learn ;-) )

LING and C# 3.0
This was the second talk by Anders Hejlsberg this day, and featured the new features in C# 3.0. This was info that I knew (mostly) in advance, but Anders explained both the how and the why behind the features - which was really interesting.

PowerShell
The talk about PowerShell was really good; even for me who know and use PowerShell in advance. It got beyond the covers on why the architecture and implementation works as it does, which was interesting and enlightening, and I left with a better understanding of PowerShell.

The Scala Programming Language
Scala is a language for the JVM, that I did not know much about in advance. The talk was interesting, but in "real life", I am probably never going to use it.

Why Functional Programming (still) Matters
This talk by Erik Meijer was propably the most interesting and entertaining one on Day One of JAOO. With enthusiasm, Erik explained about side-effects and why they are bad and what one should do about them (make them explicit if they cannot be avoided). He also demonstrated a few side effects, that can hit you in C# or other main stream languages with closures and lambdas, which was a pleasant reminder for me.

Just a quick post to let you know that the blog has been updated with a much nicer theme. I hope I will get around to adding more interesting content to the blog shortly :-)

I'm addicted to PowerShell. This cool scripting environment is simple to use, and with very few lines of script; it is possible to accomplish tasks that otherwise often would be a lot of tedious work. (If we didn't have PowerShell, I would propably wip up a C# program to do the same, but PowerShell is really lightweight, is interactive and is generally very forgiving for small tasks where you just "want the job done".

As an example, today I needed to look at a log files generated by Visual Studio to figure out why the environment wouldn't start on my home PC. As it turns out, these log files are actually XML files. Of course I could have just started reading through the XML, but all the angle brackets confuses my brain; when I'm actually mostly interested in the text content of the log file.

So, five minutes later, this 3-line script; parse-vslog.ps1 was born:

1: param( [string]$file = $(throw "required parameter" ) )

2: $log = [xml](get-content $file)

3: $log.activity.entry | select record,type,description | format-table -wrap -auto

This is what happens in the script:

On line 1, we declare that we need a $file parameter (variables and parameters is prefixed with $ in PowerShell), that should be required.

On line 2 we use the get-content cmdlet to get the contents of a file. PowerShell has a lot of XML helping features, one of which is the ability to "cast" the content to XML using the [xml] construct. What really happens behind the scenes, is that PowerShell instantiates an XmlDocument and loads the text content of the file in that.

Last, on line 3, we take advantage of the fact that PowerShell let's us select XML nodes by using simple dotted notation. Here we are interested in all the the /activity/entry nodes. We pass the result along the pipeline and selects the 3 most important values using the select cmdlet. And, lastly, we format the output nicely with format-table, specifying that we would like the cmdlet to auto-select the column widths (-auto) and that text output should be wrapped on multiple lines (-wrap).

So insted of having to look at XML that goes on like this:

1: xml-stylesheet type="text/xsl" href="ActivityLog.xsl"?>
2: activity>
3:   entry>
4:     record>1record>
5:     time>2008/06/15 15:44:18.220time>
6:     type>Informationtype>
7:     source>Microsoft Visual Studiosource>
8:     description>Visual Studio Version: 9.0.21022.8description>
9:   entry>
10:   entry>
11:     record>2record>
12:     time>2008/06/15 15:44:18.221time>
13:     type>Informationtype>
14:     source>Microsoft Visual Studiosource>
15:     description>Running in User Groups: Administrators Usersdescription>
16:   entry>
17:   entry>
18:     record>3record>
19:     time>2008/06/15 15:44:18.221time>
20:     type>Informationtype>
21:     source>Microsoft Visual Studiosource>
22:     description>ProductID: 91904-270-0003722-60402description>
23:   entry>
24:   entry>
25:     record>19record>
26:     time>2008/06/15 15:44:19.094time>
27:     type>type>
28:     source>Microsoft Visual Studiosource>
29:     description>Destroying Main Windowdescription>
30:   entry>
31: activity>
32:  

Now, I can get this much nicer output in the console (note that the XML above has been shortened for the blog. It was actually around 150 lines):

record type        description
------ ----        -----------
1      Information Visual Studio Version: 9.0.21022.8
2      Information Running in User Groups: Administrators Users
3      Information ProductID: 91904-270-0003722-60402
4      Information Available Drive Space: C:\ drive has 42128211968 bytes; D:\ drive has 38531145728 bytes; E:\ drive h
                   as 127050969088 bytes; F:\ drive has 117087354880 bytes
5      Information Internet Explorer Version: 7.0.6001.18063
6      Information Microsoft Data Access Version: 6.0.6001.18000
7      Information .NET Framework Version: 2.0.50727.1434
8      Information MSXML Version: 6.20.1076.0
9      Information Loading UI library
10     Information Entering function CVsPackageInfo::HrInstantiatePackage
11     Information Begin package load [Visual Studio Source Control Integration Package]
12     Information Entering function CVsPackageInfo::HrInstantiatePackage
13     Information Begin package load [team foundation server provider stub package]
14     Information End package load [team foundation server provider stub package]
15     Information End package load [Visual Studio Source Control Integration Package]
16     Information Entering function VBDispatch::GetTypeLib
17     Information Entering function LoadDTETypeLib
18     Error       Leaving function LoadDTETypeLib
19                 Destroying Main Window

I think this is a good representative of the strength of PowerShell. Using only a few lines of script and a minimum of time, I created a reusable script, that will probaply save a lot of time in the future.