From 804247ecbc5c6fa7f39d3dd1620f5e90040c8e6f Mon Sep 17 00:00:00 2001 From: d35ha Date: Mon, 30 Sep 2024 11:22:05 +0000 Subject: [PATCH] Add chrome.extensions.vm --- .../chrome.extensions.vm.nuspec | 13 +++ .../tools/chocolateyinstall.ps1 | 91 +++++++++++++++++++ .../tools/chocolateyuninstall.ps1 | 8 ++ scripts/test/lint.py | 1 + 4 files changed, 113 insertions(+) create mode 100644 packages/chrome.extensions.vm/chrome.extensions.vm.nuspec create mode 100644 packages/chrome.extensions.vm/tools/chocolateyinstall.ps1 create mode 100644 packages/chrome.extensions.vm/tools/chocolateyuninstall.ps1 diff --git a/packages/chrome.extensions.vm/chrome.extensions.vm.nuspec b/packages/chrome.extensions.vm/chrome.extensions.vm.nuspec new file mode 100644 index 000000000..969ac97a0 --- /dev/null +++ b/packages/chrome.extensions.vm/chrome.extensions.vm.nuspec @@ -0,0 +1,13 @@ + + + + chrome.extensions.vm + 0.0.0.20240930 + Mandiant + A package for multiple useful chrome extensions from the Chrome webstore. + + + + + + diff --git a/packages/chrome.extensions.vm/tools/chocolateyinstall.ps1 b/packages/chrome.extensions.vm/tools/chocolateyinstall.ps1 new file mode 100644 index 000000000..12c32dc65 --- /dev/null +++ b/packages/chrome.extensions.vm/tools/chocolateyinstall.ps1 @@ -0,0 +1,91 @@ +$ErrorActionPreference = 'Stop' +Import-Module vm.common -Force -DisableNameChecking + +try { + $extensions = @( + # MetaMask + 'nkbihfbeogaeaoehlefnkodbefgpgknn' + # Phantom + 'bfnaelmomeimhlpmgjnjophhpkkoljpa' + # BNB Chain Wallet + 'fhbohimaelbohpjbbldcngcnapndodjp' + # Avira Password Manager + 'caljgklbbfbcjjanaijlacgncafpegll' + # KeePassXC-Browser + 'oboonakemofpalcgghocfoadofidjkkk' + # Yoroi + 'ffnbelfdoeiohenkjibnmadjiehjhajb' + # XDEFI Wallet + 'hmeobnfnfcmdkdcmlblgagmfpfboieaf' + # ... + ) + + # Installing the extensions under `ExtensionInstallForcelist` so it can be installed + # and enabled silently, without user interaction. By default, this registry key does + # not exist and it is not used within Flare-VM. + # Ref: https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist + + $regKeyPath = "HKLM:\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallForcelist" + $updateUrl = "https://clients2.google.com/service/update2/crx" + + New-Item -Path $regKeyPath -Force -ea 0 | Out-Null + $valueName = 1 + Foreach ($extensionId in $extensions) + { + New-ItemProperty -Path "$regKeyPath" -Name "$valueName" -Type String -Value "$extensionId;$updateUrl" -Force -ea 0 | Out-Null + $valueName += 1 + } + + $maximumTries = 5 + $chromePath = "${Env:ProgramFiles}\Google\Chrome\Application\chrome.exe" + $extensionsDir = "${Env:LocalAppData}\Google\Chrome\User Data\Default\Extensions" + + # Stop Chrome if it is already running. + Stop-Process -Force -Name Chrome -ea 0 + + # Start Chrome to load the extensions. + $chromeProcess = Start-Process -FilePath $chromePath -passthru + + $tries = 0 + $loaded = $false + while ((-not $loaded) -and ($tries -ne $maximumTries)) + { + # Wait for the extensions to be loaded. + Start-Sleep -Seconds 30 + + # Make sure all of the extensions are loaded. + $loaded = $true + Foreach ($extensionId in $extensions) + { + $extensionPath = Join-Path $extensionsDir $extensionId + if (-not (Test-Path -Path $extensionPath)) + { + $loaded = $false + break + } + } + + $tries += 1 + } + + # Close Chrome gracefully. + if ($chromeProcess.CloseMainWindow()) + { + Wait-Process -Id $chromeProcess.Id | Out-Null + } + else + { + # Force kill the process instead. + Stop-Process -Force -Id $chromeProcess.Id | Out-Null + } + + if (-not $loaded) + { + # Uninstall the extensions if Chrome is unable to load it. + Remove-Item -Path $regKeyPath -Recurse -Force -ea 0 + throw "Chrome is unable to load the extensions" + } + +} catch { + VM-Write-Log-Exception $_ +} diff --git a/packages/chrome.extensions.vm/tools/chocolateyuninstall.ps1 b/packages/chrome.extensions.vm/tools/chocolateyuninstall.ps1 new file mode 100644 index 000000000..507481363 --- /dev/null +++ b/packages/chrome.extensions.vm/tools/chocolateyuninstall.ps1 @@ -0,0 +1,8 @@ +$ErrorActionPreference = 'Continue' +Import-Module vm.common -Force -DisableNameChecking + +# It is safe to delete this registry key as it does not exist by default and it is +# not used within Flare-VM. + +$regKeyPath = "HKLM:\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallForcelist" +Remove-Item -Path $regKeyPath -Recurse -Force -ea 0 diff --git a/scripts/test/lint.py b/scripts/test/lint.py index 16d8452b1..09c140a02 100644 --- a/scripts/test/lint.py +++ b/scripts/test/lint.py @@ -335,6 +335,7 @@ class UsesInvalidCategory(Lint): "python3.vm", "x64dbgpy.vm", "vscode.extension.", + "chrome.extensions.vm", ] root_path = os.path.abspath(os.path.join(__file__, "../../.."))