Closed lxndrblz closed 8 months ago
cclgroupltd
commented
8 months ago Hi Alexander - I have a method for that in my .NET library that I could probably port pretty easily. The "not supported" is related to building the key to search for, so it's just a case of encoding it differently. Let me have a look.
cclgroupltd
commented
8 months ago Actually scratch that - I had already implemented it, I just missed that single place where it needs to be called. Fix in the next few minutes then!
cclgroupltd
commented
8 months ago That should be fixed in 0b80ecd.
Could you give it a go with your problem database and let me know please?
lxndrblz
commented
8 months ago @cclgroupltd Yep, that did the trick.
Hi Alex,
I hope you are doing fine.
During a recent forensic investigation I noticed the ccl_chromium_indexeddb.py wouldn't process and database IDs higher than 127. In real life scenarios I have seen much higher IDs, such as 544:
DatabaseId(dbid_no=543, origin='https_teams.microsoft.com_0@1', name='Teams:app-device-permissions-manager:e2737957-fab8-4d7e-94f6-9bd6af9f7158:228fbaa3-4bee-4598-9980-8fcebd19df2d')
If I understand the Google documentation correctly, the dbid_no can be 1 - 8 bytes long.
I am currently investigating a way to cleverly collect the global Metadata for all records. Please let me know, if you are already working on something yourself so we could join forces.
In particular, I am taking about these lines of codes: https://github.com/cclgroupltd/ccl_chrome_indexeddb/blob/c3fcb3876b9aadf375536cbdf437c94df357d276/ccl_chromium_indexeddb.py#L378-L407