What embedded database format is used by this Chrome extension?

All we need is an easy explanation of the problem, so here it is.

Chrome extension F.B. Purity writes its data at ~/.config/chromium/Default/Local Extension Settings/ncdlagniojmheiklojdcpdaeepochckl/000003.log (not a log file despite its name).

This file is a kind of database that contains among other things a big JSON string. Here is the beginning of the file seen in vim:

????C^@^A^A^@^@^@^@^@^@^@^A^@^@^@^A^Kfbpfirstrun)"Fri Apr 15 2016 16:59:41 
GMT+0900 (JST)"??[E7^@^A^B^@^@^@^@^@^@^@^A^@^@^@^A^Rfbplastupdatecheck^V"
1460707185929:14.7.0"??U/7^@^A^C^@^@^@^@^@^@^@^A^@^@^@^A^Ylastfriendcheck-
631501256^O"1460707180223"0?wB3^?^B^D^@^@^@^@^@^@^@^A^@^@^@^A^Xoldfriendstore-
631501256??^G"{\"27333\":\"

… at which point the big JSON string starts.
Same beginning of the file as hexadecimal:

C4 C4 3F 81 43 00 01 01 00 00 00 00 00 00 00 01 00
00 00 01 0B 66 62 70 66 69 72 73 74 72 75 6E 29 22
46 72 69 20 41 70 72 20 31 35 20 32 30 31 36 20 31
36 3A 35 39 3A 34 31 20 47 4D 54 2B 30 39 30 30 20
28 4A 53 54 29 22 AE B6 5B 45 37 00 01 02 00 00 00
00 00 00 00 01 00 00 00 01 12 66 62 70 6C 61 73 74
75 70 64 61 74 65 63 68 65 63 6B 16 22 31 34 36 30
37 30 37 31 38 35 39 32 39 3A 31 34 2E 37 2E 30 22
A6 C0 55 2F 37 00 01 03 00 00 00 00 00 00 00 01 00
00 00 01 19 6C 61 73 74 66 72 69 65 6E 64 63 68 65
63 6B 2D 36 33 31 35 30 31 32 35 36 0F 22 31 34 36
30 37 30 37 31 38 30 32 32 33 22 30 AC 77 42 33 7F
02 04 00 00 00 00 00 00 00 01 00 00 00 01 18 6F 6C
64 66 72 69 65 6E 64 73 74 6F 72 65 2D 36 33 31 35
30 31 32 35 36 E3 C5 07 22 7B 5C 22 32 37 33 33 33
5C 22 3A 5C 22

QUESTION: What kind of database format is that?

SQLitebrowser refuses to open it. The Ubuntu file command just says data. My goal is to extract the first JSON string from that file. Using latest Chromium.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

It’s LevelDB, a key-value store.

You can use NodeJS and levelup to access the data:

var levelup = require("levelup");
var db = levelup("path/to/directory");
db.createReadStream().on("data", data => console.log(data.key, " => ", data.value));

(levelup requires leveldown to be installed for accessing on-disk databases.)

Method 2

The files are in LevelDB format developed by Google and the code is hosted on GitHub.

Potentially you can use leveldb-json utility to export the data by pointing to the .indexeddb.leveldb folder, however, you would need to implement a compatible comparator first (as Chrome provides its own comparator implementation) in order to inspect Chrome’s Indexed DB leveldb instances as per information at How to access Google Chrome’s IndexedDB/LevelDB files?

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply