This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 89%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hello everyone!
I'm working on a project where I need to encrypt a known password, and then place it in the Login Data /logins table of Chrome, (for 40 windows users, on the same Windows 2019 server machine).
For "circumstantial" reasons I'm using a batch file from which I call a PowerShell script to encrypt the password, and then, it's updating the password_value in the "logins" table (of Chrome's Login Data db).
When the actual user goes to the login web page, the password is auto-filled in with a zero (or some unknown "unprintable?" character) after every character (in the password input field).
Testing with password value: abc
I’m at a bit at a loss at this point… tried removing zeros or spaces in the powershell script, where at the end I used:
… ; $encryptedPassword -replace '0x', '' "`) do set "passwordHex=%%e"
but it didn’t seem to make any difference (because probably the extra character is neither a space nor a zero…).
I'm pretty sure I'm doing something wrong in the encrypting PowerShell script (hence my post here).
Here's the script I use (PowerShell script called from within the batch file):
@echo off
setlocal EnableDelayedExpansion
set "pwd=abc"
for /f "usebackq delims=" %%e in (`powershell -command "$password='!pwd!';$securePassword = ConvertTo-SecureString $password -AsPlainText -Force;$encryptedPassword = ConvertFrom-SecureString $securePassword;$encryptedPassword"`) do set "passwordHex=%%e"
set "chrome_profile_path=!LOCALAPPDATA!\Google\Chrome\User Data\Default"
set "login_db_path=!chrome_profile_path!\Login Data"
echo UPDATE logins SET password_value = X'!passwordHex!' WHERE username_value = '******@hotmail.com'^; > queries.sql
sqlite3.exe "!login_db_path!" < queries.sql
If you happen to notice something obvious, or could possibly point me in the right direction, I'd very much appreciate it!
Thank you,
Andrei
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
First, trying to remove the zeroes from the encrypted password will produce a value that cannot be decrypted. The "encryptedpassword" is a 460 character encrypted string. not say, an insecure Base64 encoded string.
Second, the encryption can only be decrypted on the machine that encrypted it. Each machine will use its own encryption key to decrypt the string.
Third, why are you mixing CMD and PowerShell?
Indeed, it's a question of trying to figure out where the zeros (or whatever the actual character is) actually get generated. removing it after the encryption makes no sense. I agree.
Also, yes, we're talking about the same machine. once I solve the "extra zeros" problem (where I focus on the same single user, on the same profile, same machine), then, I plan to run the script in the context of each user (as, my understanding is that, when not using an encryption key, then the encryption is not only tied to the machine used to encrypt, but also to the Windows user's profile used to encrypt... so for actual user to use Chrome to fill in the password, it's that user's context that must be used to encrypt the password in the first place).
but I'm not there yet... I'm just struggling to encrypt and decrypt for my own user, to confirm the encryption is working properly.
Re. the batch file use instead of only powershell, I completely agree, it's a complete mess... it's because historically, the other guys managing the server have a whole bunch of batch files for doing various admin tasks, so I wanted to keep with the "local flavour"... Also, because I was thinking that later on, I'll need to run the encryption script in the context of each user, I thought perhaps just separating that part as a standalone script would make things simpler, later on... however, I agree, that doesn't mean I can't do the rest as also a powershell script...
so, yes, I'm about to try to convert everything to powershell, and see how it goes... I'll post an update. in the meantime, I hope I can get some pointers re. the potential causes for the mysterious added extra characters...
Thanks for your help! I appreciate it!
Sorry I posted the same commend twice...
