luckily it's a quick and easy job :)
the passwords are stored in a sqlite file called "Web Data" and located in the folder:
Code:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
where, obviously, instead of Administrator you will have your windows username.
now all the passwords are stored in the "logins" table under the "BLOB" column.
as the name suggests the BLOB values are exactly the classical encrypted sequences of bytes generated with CryptProtectData, so if you call CryptUnprotectData with one of the BLOB values you will get the clear-text password.
the only boring thing is navigating through the "Web Data" database and accessing the blob bytes, because SQLiteSpy (
http://www.yunqa.de/delphi/doku.php/products/sqlitespy/) allows to explore the file easily but not to dump the BLOB bytes and sqlite3 (
http://www.sqlite.org) is too boring to use (at least for me because I have zero experience with databases so it's my fault only).
so I have opted for the most lame and stupid solution (afterall it's only a test), I have opened "Web Data" with a hex editor and I have searched all the sequences of bytes starting with the bytes visualized by sqlitespy in the BLOB columns (01 00 00 00 ...) and have dumped each one of them (at least 146 bytes) in a different file and then I have simply called cunprot (
http://aluigi.org/pwdrec.htm#cunprot):
cunprot.exe dumped_file.dat
which shows the password in clear text plus some additional bytes (for example 0x01 0x01 and "LMEM")
hope it helps
