sqlite - 从 Firefox 扩展恢复本地存储
问题描述
我正在尝试在损坏的 Mac 上从 MetaMask for Firefox 恢复保管库存储,但只有文件系统访问权限,因此无法在此处执行通常的恢复步骤。
我还尝试将扩展存储复制到全新安装,但 MetaMask 无法启动。
在另一台计算机上,我按照通常的恢复方法链接到了一个已知良好的导出,它看起来像:
{
...
"KeyringController": {
"vault": "{\"data\":\"wLLUOXsS8u82TEDMjT1UNNtpANP2Eu6VfqbhHFTI3s+xKomLCXxnRtoPKlOlUDBPM7sOtIr8qoJofBqREfO9pN50vaEt3jw9sqUOk7Xdi0GHLpndlJvTmkI15aGk6udWc5MX/CW+F1KfJZbW7VpSMrrQPpfjULidxBLDfKac/wF9gF8pY4w1s9puVEgCgXAHYsX9bbR68vqMDLZmpr6NG5QCkFg0clLx6d6tddmMEg11hv+CrGI=\",\"iv\":\"8zjDMB77cQa1HX1B0gs+pQ==\",\"salt\":\"8VHAOfYllhPFs7zTgCr1PuZm7a4v8IFhoeqa2+7ZThQ=\"}"
},
...
}
我在idb下找到了扩展名的文件夹~/Library/Application Support/Firefox/Profiles/profileid/storage/default/extensionid,并将主 blob 转储到文件中。通过这个搜索,我能够找到配置的保险库部分:
0000ac70 72 69 6e 67 4e 5f 01 25 60 1e 40 14 2c 76 61 75 |ringN_.%`.@.,vau|
0000ac80 6c 74 00 00 00 55 01 00 00 0e d0 50 f4 02 02 7b |lt...U.....P...{|
0000ac90 00 22 00 64 00 61 00 74 00 61 00 22 00 3a 00 22 |.".d.a.t.a.".:."|
0000aca0 00 77 00 4c 00 4c 00 55 00 4f 00 58 00 73 00 53 |.w.L.L.U.O.X.s.S|
0000acb0 00 38 00 75 00 38 00 32 00 54 00 45 00 44 00 4d |.8.u.8.2.T.E.D.M|
0000acc0 00 6a 00 54 00 31 00 55 00 4e 00 4e 00 74 00 70 |.j.T.1.U.N.N.t.p|
0000acd0 00 41 00 4e 00 50 00 32 00 45 00 75 00 36 00 56 |.A.N.P.2.E.u.6.V|
0000ace0 00 66 00 71 00 62 00 68 00 48 00 46 00 54 00 49 |.f.q.b.h.H.F.T.I|
0000acf0 00 33 00 73 00 2b 00 78 00 4b 00 6f 00 6d 00 4c |.3.s.+.x.K.o.m.L|
0000ad00 00 43 00 58 00 78 00 6e 00 52 00 74 00 6f 00 50 |.C.X.x.n.R.t.o.P|
0000ad10 00 4b 00 6c 00 4f 00 6c 00 55 00 44 00 42 00 50 |.K.l.O.l.U.D.B.P|
0000ad20 00 4d 00 37 00 73 00 4f 00 74 00 49 00 72 00 38 |.M.7.s.O.t.I.r.8|
0000ad30 00 71 00 6f 00 4a 00 6f 00 66 00 42 00 71 00 52 |.q.o.J.o.f.B.q.R|
0000ad40 00 45 00 66 00 4f 00 39 00 70 00 4e 00 35 00 30 |.E.f.O.9.p.N.5.0|
0000ad50 00 76 00 61 00 45 00 74 00 33 00 6a 00 77 00 39 |.v.a.E.t.3.j.w.9|
0000ad60 00 73 00 71 00 55 00 4f 00 6b 00 37 00 58 00 64 |.s.q.U.O.k.7.X.d|
0000ad70 00 69 00 30 00 47 00 48 00 4c 00 70 00 6e 00 64 |.i.0.G.H.L.p.n.d|
0000ad80 00 6c 00 4a 00 76 00 54 00 6d 00 6b 00 49 00 31 |.l.J.v.T.m.k.I.1|
0000ad90 00 35 00 61 00 47 00 6b 00 36 00 75 00 64 00 57 |.5.a.G.k.6.u.d.W|
0000ada0 00 63 00 35 00 4d 00 58 00 2f 00 43 00 57 00 2b |.c.5.M.X./.C.W.+|
0000adb0 00 46 00 31 00 4b 00 66 00 4a 00 5a 00 62 00 57 |.F.1.K.f.J.Z.b.W|
0000adc0 00 37 00 56 00 70 00 53 00 4d 00 72 00 72 00 51 |.7.V.p.S.M.r.r.Q|
0000add0 00 50 00 70 00 66 00 6a 00 55 00 4c 00 69 00 64 |.P.p.f.j.U.L.i.d|
0000ade0 00 78 00 42 00 4c 00 44 00 66 00 4b 00 61 00 63 |.x.B.L.D.f.K.a.c|
0000adf0 00 2f 00 77 00 46 00 39 00 67 00 46 00 38 00 70 |./.w.F.9.g.F.8.p|
0000ae00 00 59 00 34 00 77 00 31 00 73 00 39 00 70 00 75 |.Y.4.w.1.s.9.p.u|
0000ae10 00 56 00 45 00 67 00 43 00 67 00 58 00 41 00 48 |.V.E.g.C.g.X.A.H|
0000ae20 00 59 00 73 00 58 00 39 00 62 00 62 00 52 00 36 |.Y.s.X.9.b.b.R.6|
0000ae30 00 38 00 76 00 71 00 4d 00 44 00 4c 00 5a 00 6d |.8.v.q.M.D.L.Z.m|
0000ae40 00 70 00 72 00 36 00 4e 00 47 00 35 00 51 00 43 |.p.r.6.N.G.5.Q.C|
0000ae50 00 6b 00 46 00 67 00 30 00 63 00 6c 00 4c 00 78 |.k.F.g.0.c.l.L.x|
0000ae60 00 36 00 64 00 36 00 74 00 64 00 64 00 6d 00 4d |.6.d.6.t.d.d.m.M|
0000ae70 00 45 00 67 00 31 00 31 00 68 00 76 00 2b 00 43 |.E.g.1.1.h.v.+.C|
0000ae80 00 72 00 47 00 49 00 3d 00 22 00 2c 00 22 00 69 |.r.G.I.=.".,.".i|
0000ae90 00 76 2d f8 10 38 00 7a 00 6a 25 e2 c8 42 00 37 |.v-..8.z.j%..B.7|
0000aea0 00 37 00 63 00 51 00 61 00 31 00 48 00 58 00 31 |.7.c.Q.a.1.H.X.1|
0000aeb0 00 42 00 30 00 67 00 73 00 2b 00 70 00 51 00 3d |.B.0.g.s.+.p.Q.=|
0000aec0 00 3d 00 22 00 2c 00 22 00 73 00 61 00 6c 00 74 |.=.".,.".s.a.l.t|
0000aed0 15 44 f0 52 56 00 48 00 41 00 4f 00 66 00 59 00 |.D.RV.H.A.O.f.Y.|
0000aee0 6c 00 6c 00 68 00 50 00 46 00 73 00 37 00 7a 00 |l.l.h.P.F.s.7.z.|
0000aef0 54 00 67 00 43 00 72 00 31 00 50 00 75 00 5a 00 |T.g.C.r.1.P.u.Z.|
0000af00 6d 00 37 00 61 00 34 00 76 00 38 00 49 00 46 00 |m.7.a.4.v.8.I.F.|
0000af10 68 00 6f 00 65 00 71 00 61 00 32 00 2b 00 37 00 |h.o.e.q.a.2.+.7.|
0000af20 5a 00 54 00 68 00 51 05 6c 04 7d 00 19 01 61 70 |Z.T.h.Q.l.}...ap|
重建它,我几乎能够得到正确的数据,但有几个字符不正确:
data (extract): wLLUOXsS8u82TEDMjT1UNNtpANP2Eu6VfqbhHFTI3s+xKomLCXxnRtoPKlOlUDBPM7sOtIr8qoJofBqREfO9pN50vaEt3jw9sqUOk7Xdi0GHLpndlJvTmkI15aGk6udWc5MX/CW+F1KfJZbW7VpSMrrQPpfjULidxBLDfKac/wF9gF8pY4w1s9puVEgCgXAHYsX9bbR68vqMDLZmpr6NG5QCkFg0clLx6d6tddmMEg11hv+CrGI=
data (correct): wLLUOXsS8u82TEDMjT1UNNtpANP2Eu6VfqbhHFTI3s+xKomLCXxnRtoPKlOlUDBPM7sOtIr8qoJofBqREfO9pN50vaEt3jw9sqUOk7Xdi0GHLpndlJvTmkI15aGk6udWc5MX/CW+F1KfJZbW7VpSMrrQPpfjULidxBLDfKac/wF9gF8pY4w1s9puVEgCgXAHYsX9bbR68vqMDLZmpr6NG5QCkFg0clLx6d6tddmMEg11hv+CrGI=\
iv (extract): 8zj%B77cQa1HX1B0gs+pQ==
iv (correct): 8zjDMB77cQa1HX1B0gs+pQ==
salt (extract): DRVHAOfYllhPFs7zTgCr1PuZm7a4v8IFhoeqa2+7ZThQl
salt (correct): 8VHAOfYllhPFs7zTgCr1PuZm7a4v8IFhoeqa2+7ZThQ=\
比较两个十六进制的 IV,您可以看到它们有多接近,但缺少一个半字节,一个是不正确的:
correct: 38 7a 6a 44 4d 42 37 37 63 51 61 31 48 58 31 42 30 67 73 2b 70 51 3d 3d
extract: 38 7a 6a 25 42 37 37 63 51 61 31 48 58 31 42 30 67 73 2b 70 51 3d 3d
对于盐,正确的一个被一个半字节抵消并且缺少一对:
correct: 38 56 48 41 4f 66 59 6c 6c 68 50 46 73 37 7a 54 67 43 72 31 50 75 5a 6d 37 61 34 76 38 49 46 68 6f 65 71 61 32 2b 37 5a 54 68 51 3d 5c
original: 44 52 56 48 41 4f 66 59 6c 6c 68 50 46 73 37 7a 54 67 43 72 31 50 75 5a 6d 37 61 34 76 38 49 46 68 6f 65 71 61 32 2b 37 5a 54 68 51 6c
显然,上面的钱包现在已经被烧毁并且不会被使用,但是任何关于如何为恢复的钱包重复此操作的建议都会非常有帮助。
解决方案
推荐阅读
- php - 如何更改upload_max_filesize
- python - python:测试数组并打印名称
- keycloak - Keycloak 状态参数无效
- amazon-web-services - 恢复通过 zappa 部署的代码
- angular - 仅在 --prod build 中出现 Okta Angular 错误
- selenium-webdriver - 在移动浏览器中模拟实时性能测试的最佳方法是什么?
- java - 在 Yarn 中调整 Spark 作业
- javascript - Jquery UI Slider 在滑动滑块时动态设置值
- php - 从哪里获得具有 sql_exec 的 MySql UDF?
- java - SpringBoot Camel ActiveMQ Embedded broker 意外停止和重启