Brave (ERROR 3) and Edge (SIGSEGV) not working

[an0mal1a]

Hey, when trying to decipher brave or edge we run into a problem.

Brave

In brave it throws a “3” error

PS C:\Program Files> .\BraveSoftware\Brave-BrowserApplication> .\chrome_decrypt.exe brave

PS C:\Program Files\BraveSoftware\Brave-Browser\Application> .\chrome_decrypt.exe brave
----------------------------------------------
|  Chrome App-Bound Encryption - Decryption  |
|  Alexander Hagenah (@xaitax)               |
----------------------------------------------

[+] Found Brave Version: 131.1.73.105
[*] Starting Brave App-Bound Encryption Decryption process.
[+] COM library initialized.
[+] IElevator instance created successfully.
[+] Proxy blanket set successfully.
[+] Retrieving AppData path.
[+] Local State path: C:\Users\pablo\AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State
[+] Base64 encrypted key extracted.
[+] Finished decoding.
[+] Key header is valid.
[+] Encrypted key retrieved: 01000000d08c9ddf0115d1118c7a00c04fc297eb...
[+] BSTR allocated for encrypted key.
[-] Decryption failed. Last error: 3

This means PATH_NOT_FOUND????

Edge

In edge directly the program stops working and if we try with GDB:

[+] Found Edge Version: 131.0.2903.146
[*] Starting Edge App-Bound Encryption Decryption process.
[+] COM library initialized.
[New Thread 59352.0xe02c]
[New Thread 59352.0xb4a8]
[New Thread 59352.0x7bc4]
[+] IElevator instance created successfully.
[+] Proxy blanket set successfully.
[+] Retrieving AppData path.
[+] Local State path: C:\Users\pablo\AppData\Local\Microsoft\Edge\User Data\Local State
[+] Base64 encrypted key extracted.
[+] Finished decoding.
[+] Key header is valid.
[+] Encrypted key retrieved: 01000000d08c9ddf0115d1118c7a00c04fc297eb...
[+] BSTR allocated for encrypted key.


Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007ffa6ae5732f in ntdll!memmove () from C:\Windows\SYSTEM32\ntdll.dll
(gdb) bt
#0 0x00007ffa6ae5732f in ntdll!memmove () from C:\Windows\SYSTEM32\ntdll.dll
#1 0x00007ffa69525a7e in RPCRT4!NdrConformantStringBufferSize () from C:\Windows\System32\rpcrt4.dll
#2 0x00007ffa694e1679 in RPCRT4!NdrpClientCall2 () from C:\Windows\System32\rpcrt4.dll
#3 0x00007ffa6a05a967 in combase!NdrpFindInterface () from C:\Windows\System32\combase.dll
#4 0x00007ffa6a0e4b82 in combase!ObjectStublessClient32 () from C:\Windows\System32\combase.dll
#5 0x00007ff60457372f in main ()

In Event Viewer we can see this;

Application name with errors: chrome_decrypt.exe, version: 0.0.0.0.0, timestamp: 0x6786ecf0
Buggy module name: ntdll.dll, version: 10.0.22621.4541, timestamp: 0xe7035eba
Exception code: 0xc0000005
Error offset: 0x000000000000000a732f
Process identifier with errors: 0x0xBEBC
Application start time with errors: 0x0x1DB66D93439394E
Path of the application with errors: C:\Program Files (x86)\Microsoft\Application\Edge\Application\chrome_decrypt.exe
Path of the failed module: C:\Windows\SYSTEM32\ntdll.dll
Report Identifier: 1d02e6f2-ce3c-43f7-8da0-434ebdbfe8ed
Full name of the package with errors: 
Relative application identifier of the package with errors: 

As I have knowledge of C I will try to fix this error, but in the case of brave, I don't have much idea what is hapening...

[lanetdaim0]

[-] COM object of type 'System.__ComObject' could not be assigned to interface type 'IElevator'. This operation failed because the QueryInterface call in the COM component for the interface with IID '{A949CB4E-C4F9-44C4-B213-6BF8AA9AC69C}' failed with the following error: No such interface supported (HRESULT returned exception: 0x80004002 (E_NOINTERFACE)).

HELP!!!!!!!!!

[hubert3]

Works on current Chrome but also failing for me on Edge 132.0.2957.127 after 'BSTR allocated for encrypted key'

[shaddy43]

The key extraction using CLSIDs by Brave browser and Chrome are working fine. But for me it results in crashing in case of Edge. I looked at the CLSIDs individually and maybe found the source of error:

For some weird reason, the GUID for both the Chrome and Edge elevator interface are same, but different for Brave browser. In case of edge the Interface GUID should be: {C9C2B807-7731-4F34-81B7-44FF7779522B}, but it is same as the interface GUID of chrome that is: {463ABECF-410D-407F-8AF5-0DF35A005CC8}

[0xb000bd]

there is some thing f*cking weird about Edge:

similar to @shaddy43, but in my case, Chrome uses the same Interface as Edge (image below)
so Edge should work and Chrome not? but no, Chrome still works and Edge does not :). The Edge's elevation_service returns nothing

[RCECoder]

@shaddy43, how do you get to view the typelib for edge using OleView.NET?

[shaddy43]

@shaddy43, how do you get to view the typelib for edge using OleView.NET?

Just Find your CLSID, expand it and write click on its interface CLSID and there should be an option to view TypeLib for interface.

[xaitax]

Can you try again please?
3febb3f

[r1s1us]

You have iid specified brave, when you run in edge it calls elevation from brave, if brave is not installed on the computer the code will not work

[r1s1us]

CLSID 1FCBE96C-1697-43AF-9140-2897C7C69767
IID c9c2b807-7731-4f34-81b7-44ff7779522b
For edge, it works for me

[SilentDev33]

CLSID 1FCBE96C-1697-43AF-9140-2897C7C69767 IID c9c2b807-7731-4f34-81b7-44ff7779522b For edge, it works for me

for it working brave must be uninstalled?

[r1s1us]

CLSID 1FCBE96C-1697-43AF-9140-2897C7C69767 IID c9c2b807-7731-4f34-81b7-44ff7779522b For edge, it works for me

for it working brave must be uninstalled?

I have it working even if brave is installed, but under edge I modified the Elevator interface, added ReservedFunction1 LaunchUpdateCmdElevated LaunchUpdateCmdElevatedAndWait functions

[Fluxis881]

How to fix this error?

[+] Edge Version: 135.0.3179.85
[] Located Edge with PID 37304
[+] DLL injected via NtCreateThreadEx stealth
[] Starting Chrome App-Bound Encryption Decryption process.

[+] COM library initialized.
[+] IElevator instance created successfully.
[+] Proxy blanket set successfully.
[+] Retrieving AppData path.
[+] Local State path: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State
[+] Base64 key extracted.
[+] Finished decoding.
[+] Key header is valid.
[+] Encrypted key retrieved: 01000000d08c9ddf0115d1118c7a00c04fc297eb...
[+] BSTR allocated for encrypted key.
[-] Key file missing

[+] Edge Version: 135.0.3179.85
[] Located Edge with PID 35208
[+] DLL injected via NtCreateThreadEx stealth
[] Starting Chrome App-Bound Encryption Decryption process.

[+] COM library initialized.
[+] IElevator instance created successfully.
[+] Proxy blanket set successfully.
[+] Retrieving AppData path.
[+] Local State path: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State
[+] Base64 key extracted.
[+] Finished decoding.
[+] Key header is valid.
[+] Encrypted key retrieved: 01000000d08c9ddf0115d1118c7a00c04fc297eb...
[+] BSTR allocated for encrypted key.
[-] Decryption failed. HRESULT: 0x83760002, Last error: 0
[-] Key file missing

I tried this
CLSID 1FCBE96C-1697-43AF-9140-2897C7C69767
IID c9c2b807-7731-4f34-81b7-44ff7779522b

And from chrome

Nothing helps(