Fails on Chrome 127.0.6533.73 - panic: crypto/cipher: input not full blocks

[ajkessel]

Checklist

• I have searched the issue tracker for open issues that relate to the same problem, before opening a new one.
• This issue only relates to a single bug. I will open new issues for any other problems.

Describe the bug

Using this example code, with Windows Chrome 127.0.6533.73.

  cookies, err := chrome.ReadCookies(cookiesFile)

I get this panic:

panic: crypto/cipher: input not full blocks

goroutine 1 [running]:
crypto/cipher.(*cbcDecrypter).CryptBlocks(0x659ca0?, {0xc00001a240?, 0xc0000145d0?, 0x10?}, {0xc00001a213?, 0x9?, 0x1?})
        /snap/go/10730/src/crypto/cipher/cbc.go:145 +0x40b
github.com/browserutils/kooky/internal/chrome.decryptAESCBC({0xc00001a210, 0x2a, 0x2a}, {0x771724, 0x7, 0x7}, 0x1)
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/chrome/chrome.go:310 +0x194
github.com/browserutils/kooky/internal/chrome.(*CookieStore).decrypt.func3({0xc00001a210?, 0xc000165558?, 0x5f4c95?}, {0x771724?, 0x5af1e0?, 0x4721b2?})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/chrome/chrome.go:240 +0x25
github.com/browserutils/kooky/internal/chrome.(*CookieStore).decrypt(0xc000136210, {0xc00001a210, 0x2a, 0x2a})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/chrome/chrome.go:265 +0x8ad
github.com/browserutils/kooky/internal/chrome.(*CookieStore).saveCookieValue(0xc000136210, 0xc0000e2000, {0xc0000b8300?, 0xc0000b6050?})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/chrome/chrome.go:119 +0x9f
github.com/browserutils/kooky/internal/chrome.(*CookieStore).ReadCookies.func1(0x0?, {0xc0000b8300?, 0xc0000b6050?})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/chrome/chrome.go:92 +0x494
github.com/browserutils/kooky/internal/utils.VisitTableRows.func1(0xc000014518, {{0x14, {0xc000010500, 0x14, 0x20}}, {0xc00002e1f5, 0x7e, 0x7e}, {0xc0000e0000, 0x14, ...}})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/utils/visittablerows.go:25 +0x96
github.com/go-sqlite/sqlite3.(*DbFile).VisitTableRecords.(*btreeTable).visitRecordsInorder.func1({0x0, 0xc000014518, {0xc00002e1e0, 0x93, 0x93}, 0x0})
        /home/adam/go/pkg/mod/github.com/go-sqlite/[email protected]/btree.go:431 +0x115
github.com/go-sqlite/sqlite3.(*btreeTable).visitRawInorder(0xc0000ac180, 0xc000165a80)
        /home/adam/go/pkg/mod/github.com/go-sqlite/[email protected]/btree.go:395 +0x203
github.com/go-sqlite/sqlite3.(*btreeTable).visitRawInorder(0xc0000ac120, 0xc000165a80)
        /home/adam/go/pkg/mod/github.com/go-sqlite/[email protected]/btree.go:387 +0x1b6
github.com/go-sqlite/sqlite3.(*btreeTable).visitRecordsInorder(...)
        /home/adam/go/pkg/mod/github.com/go-sqlite/[email protected]/btree.go:424
github.com/go-sqlite/sqlite3.(*DbFile).VisitTableRecords(0xc000132b60, {0x5f51bb, 0x7}, 0xc000165ba0)
        /home/adam/go/pkg/mod/github.com/go-sqlite/[email protected]/file.go:313 +0x199
github.com/browserutils/kooky/internal/utils.VisitTableRows(0xc000132b60, {0x5f51bb, 0x7}, 0xc000165de8, 0xc000165c90)
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/utils/visittablerows.go:24 +0x367
github.com/browserutils/kooky/internal/chrome.(*CookieStore).ReadCookies(0xc000136210, {0x0, 0x0, 0xc000006101?})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/internal/chrome/chrome.go:102 +0x448
github.com/browserutils/kooky/browser/chrome.ReadCookies({0x601ca0, 0x37}, {0x0, 0x0, 0x0})
        /home/adam/go/pkg/mod/github.com/browserutils/[email protected]/browser/chrome/chrome.go:18 +0x155

How to reproduce

Run code

Example code

package main

import (
        "fmt"

        "github.com/browserutils/kooky/browser/chrome"
)

func main() {
  cookiesFile := "[path to cookies file]"
  cookies, err := chrome.ReadCookies(cookiesFile)
  if err != nil {
    // TODO: handle the error
    fmt.Println(err)
    return
  }

  for _, cookie := range cookies {
    fmt.Println(cookie)
  }
}```

### Kooky version

v0.2.2

### Go compiler version

go1.23.2 linux/amd64

### Browser

Chrome 127.0.6533.73 

### Operating system and version

WSL/Windows 10

[kylecarbs]

I'm getting the same. Anyone have ideas?

[hiberabyss]

Because chrome introduce Application-Bound (App-Bound) encryption since 127.
Reference: https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

For windows, could disable the feature via registry key Software\Policies\Google\Chrome\ApplicationBoundEncryptionEnabled.

Don't know how to disable the feature for macOS chrome.

[vergenzt]

Because chrome introduce Application-Bound (App-Bound) encryption since 127. Reference: https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
...
Don't know how to disable the feature for macOS chrome.

I don't think it has to be disabled necessarily. IIUC it seems like the encryption key is derived from the user's login password + a passphrase stored in the Mac keyring. See https://github.com/kawakatz/macCookies/blob/e97ccea49b4d816862cf8a7ac67b075eb56fab2e/pkg/decrypt/decrypt.go#L84-L90