CRX Unpack Utilities¶
This module contains several utilities for working with Google Chrome extension files (CRXs), which have the *.crx
file extension. The goal of this project is to mimic as closely as possible the functionality of Google Chrome when
these extensions are unpacked and installed.
The first module is crx_unpack, which handles the headers and structure of the CRX itself (see below for more details on this).
The second module is Encrypted Temp Directory, which gives a way to use eCryptfs to encrypt a
directory that only ever exists in memory by inheriting from the TemporaryDirectory
class and
hooking into some eCryptfs tools to handle the encryption of the file contents and file names (handled by different
keys).
Installation¶
Since crx_unpack
is available on PyPI, you can install it using pip:
$ pip install crx_unpack
Structure of CRX Package Format¶
The information in this section introduces the structure and contents of CRX files.
As explained at https://developer.chrome.com/extensions/crx
Package Header¶
The header contains the author’s public key and the extension’s signature. The signature is generated from the ZIP file
using SHA-1 with the author’s private key. The header requires a little-endian byte ordering with 4-byte alignment. The
following table describes the fields of the .crx
header in order:
Field | Type | Length | Value | Description |
---|---|---|---|---|
magic number | char[] | 32 bits | Cr24 | Chrome requires this constant at the beginning of every .crx package. |
version | unsigned int | 32 bits | 2 | The version of the *.crx file format used (currently 2). |
public key length | unsigned int | 32 bits | pubkey.length | The length of the RSA public key in bytes. |
signature length | unsigned int | 32 bits | sig.length | The length of the signature in bytes. |
public key | byte[] | pubkey.length | pubkey.contents | The contents of the author’s RSA public key formatted as an X509 SubjectPublicKeyInfo block. |
signature | byte[] | sig.length | sig.contents | The signature of the ZIP content using the author’s private key. The signature is created using the RSA algorithm with the SHA-1 hash function. |
Extension Contents¶
The extension’s ZIP file is appended to the *.crx
package after the header. This should be the same ZIP file that
the signature in the header was generated from.