8

Chrome extension F.B. Purity writes its data at ~/.config/chromium/Default/Local Extension Settings/ncdlagniojmheiklojdcpdaeepochckl/000003.log (not a log file despite its name).

This file is a kind of database that contains among other things a big JSON string. Here is the beginning of the file seen in vim:

????C^@^A^A^@^@^@^@^@^@^@^A^@^@^@^A^Kfbpfirstrun)"Fri Apr 15 2016 16:59:41 
GMT+0900 (JST)"??[E7^@^A^B^@^@^@^@^@^@^@^A^@^@^@^A^Rfbplastupdatecheck^V"
1460707185929:14.7.0"??U/7^@^A^C^@^@^@^@^@^@^@^A^@^@^@^A^Ylastfriendcheck-
631501256^O"1460707180223"0?wB3^?^B^D^@^@^@^@^@^@^@^A^@^@^@^A^Xoldfriendstore-
631501256??^G"{\"27333\":\"

... at which point the big JSON string starts.
Same beginning of the file as hexadecimal:

C4 C4 3F 81 43 00 01 01 00 00 00 00 00 00 00 01 00
00 00 01 0B 66 62 70 66 69 72 73 74 72 75 6E 29 22
46 72 69 20 41 70 72 20 31 35 20 32 30 31 36 20 31
36 3A 35 39 3A 34 31 20 47 4D 54 2B 30 39 30 30 20
28 4A 53 54 29 22 AE B6 5B 45 37 00 01 02 00 00 00
00 00 00 00 01 00 00 00 01 12 66 62 70 6C 61 73 74
75 70 64 61 74 65 63 68 65 63 6B 16 22 31 34 36 30
37 30 37 31 38 35 39 32 39 3A 31 34 2E 37 2E 30 22
A6 C0 55 2F 37 00 01 03 00 00 00 00 00 00 00 01 00
00 00 01 19 6C 61 73 74 66 72 69 65 6E 64 63 68 65
63 6B 2D 36 33 31 35 30 31 32 35 36 0F 22 31 34 36
30 37 30 37 31 38 30 32 32 33 22 30 AC 77 42 33 7F
02 04 00 00 00 00 00 00 00 01 00 00 00 01 18 6F 6C
64 66 72 69 65 6E 64 73 74 6F 72 65 2D 36 33 31 35
30 31 32 35 36 E3 C5 07 22 7B 5C 22 32 37 33 33 33
5C 22 3A 5C 22

QUESTION: What kind of database format is that?

SQLitebrowser refuses to open it. The Ubuntu file command just says data. My goal is to extract the first JSON string from that file. Using latest Chromium.

Nicolas Raoul
  • 10,711
  • 18
  • 64
  • 102
  • Looks like a Chrome-specific format, [probably this one](https://developer.chrome.com/extensions/storage). You're likely better off using a hex editor to help figure it out. – Ouroborus Jun 13 '16 at 06:45
  • @Ouroborus: You link to an API, now we need to find out how this API stores its data internally. I am using a hex editor now for experiments, but the task needs to be automated, so a graphical/human editor won't do. – Nicolas Raoul Jun 13 '16 at 07:03
  • Chrome is mostly open source under [The Chromium Projects](https://www.chromium.org/Home). Perhaps that's a good place to figure out how the file is constructed. – Ouroborus Jun 13 '16 at 07:11
  • Related: [How to access Google Chrome's IndexedDB/LevelDB files?](https://stackoverflow.com/q/35074659/55075) – kenorb Jan 08 '18 at 01:03

2 Answers2

10

It’s LevelDB, a key-value store.

You can use NodeJS and levelup to access the data:

var levelup = require("levelup");
var db = levelup("path/to/directory");
db.createReadStream().on("data", data => console.log(data.key, " => ", data.value));

(levelup requires leveldown to be installed for accessing on-disk databases.)

Nicolas Raoul
  • 10,711
  • 18
  • 64
  • 102
Daniel B
  • 60,360
  • 9
  • 122
  • 163
3

The files are in LevelDB format developed by Google and the code is hosted on GitHub.

Potentially you can use leveldb-json utility to export the data by pointing to the .indexeddb.leveldb folder, however, you would need to implement a compatible comparator first (as Chrome provides its own comparator implementation) in order to inspect Chrome's Indexed DB leveldb instances as per information at How to access Google Chrome's IndexedDB/LevelDB files?

kenorb
  • 24,736
  • 27
  • 129
  • 199