After 2+ years and 80+ commits since v0.4.6, HackBrowserData reaches 1.0. This release is a near-complete rewrite plus three major capability additions: Chrome App-Bound Encryption on Windows, Safari support and Firefox 144+.
Highlights
A new architecture
The browser, crypto, filemanager, and output layers were rebuilt from scratch. The CLI moved to Cobra with proper subcommands (extract, list, ...), the logging system was redesigned for CLI use, and a shared keychain retriever now prompts only once across all browsers and profiles.
Chrome App-Bound Encryption (Windows)
Chrome 127+ introduced ABE (cookie v20), which broke every browser-data tool in late 2024. v1.0.0 ships a first-party C payload reflectively injected into chrome.exe to retrieve the ABE master key — no third-party loaders, no vendored code. Edge, Brave, Vivaldi, Opera, CocCoc, Yandex, 360, QQ, Sogou are all covered through the same path.
Safari, end-to-end (macOS)
First-class Safari support: history, cookies (BinaryCookies), passwords (via Keychain), bookmarks & downloads (plist), localStorage, installed extensions, and multi-profile.
Firefox 144+
Firefox switched its profile master-key cipher to AES-256-CBC in 144; v1.0.0 adds full support, including the new padding/key-derivation paths.
Other notable additions
- Yandex password & credit-card decryption
- MSIX/UWP browsers on Windows (Arc, DuckDuckGo)
list --detailno longer triggers decryption (much faster on big profiles)- Chrome 130+ cookie
host_keyprefix handled correctly - Linux v11 cipher prefix supported for Chromium decryption
Compatibility & build
- Go 1.20 minimum (Windows 7 still supported)
- Windows ABE payload is now built and shipped automatically by goreleaser
Thanks
- @slimwang — Chrome App-Bound Encryption (#573) and Firefox 144+ decryption (#498)
- @Aquilao — Firefox 144+ follow-up (#499)
Full Changelog: v0.4.6...v1.0.0
