Extracting token on Mac OS X

<< Click to Display Table of Contents >>

Navigation:  Elcomsoft Cloud Explorer > Extracting Google authentication tokens >

Extracting token on Mac OS X

You can sign in to a Google account to download Google account and Google Drive backups using the Google authentication token. 

To extract the token, you will need a Google Token Extractor. This tool is shipped together with ECX (GoogleTokenExtractor file). 

GTEX can extract tokens from the Google Chrome browser and Google Drive (Backup and Sync) application.

GTEX allows you to extract authentication tokens for:

The currently logged in Mac OS user

Other Mac OS users on the current computer

Preconditions

Prior to extracting the authentication token, make sure that at least one the following conditions is met:

Google Chrome browser (v.26 - v.64) is installed and at least one user is logged in to the Google Chrome account. The Google Chrome application must be closed during the token extraction process.

Backup and Sync application (v. 1.32) is installed and at least one user is logged in. Application can be run during the token extraction process.

Prior to using GTEX for extracting the token, make sure that Internet connection is established.

User permissions required for getting the authentication token:

 Authentication Token For

 Permissions Required

 Google account of the currently logged in Mac OS user

 User's permissions are enough

 Google account of a different Mac OS user

 root permissions are required

 

To extract the authentication tokens for the current Mac OS user, do the following:

1.Launch the GoogleTokenExtractor file. The file "<Mac OS user>_<Google ID>_<token type>_<timestamp>_<time zone>.xml" will be created in the /Users/<username>/Documents/ directory.

You will see the full path to the file in the opened Terminal window.

2.The created .xml file contains the following information:

GTEX Version

Platform

Google ID

Token

Token Type (Google Chrome or Google Drive)

Client ID

Client Secret

Date and time of extraction

 

To extract the authentication tokens for a certain Mac OS user, do the following:

1.Copy the GoogleTokenExtractor file to the folder where you want the file with authentication token to be saved.

2.Open the command-line Terminal.

3.Go to the directory where you saved the GoogleTokenExtractor file.

4.To list all users with installed Google Chrome/Backup and Sync applications, use the command sudo ./GoogleTokenExtractor --get-users-list

sudo command is used to get root privileges for running the program.

5.Enter the password of the root user when prompted.

6.The list of all users with installed Google Chrome and Google Drive (Backup and Sync) applications will be displayed.

7.To get the authentication token, launch GoogleTokenExtractor with the get-token chrome (for Google Chrome browser) or get-token drive (for Backup and Sync application) parameter and enter username of a specific local Mac OS user and the password to this Mac OS user account in the following form: 

sudo ./GoogleTokenExtractor --get-token chrome --username <username> --password <password>

sudo ./GoogleTokenExtractor --get-token drive --username <username> --password <password>

For example: sudo GoogleTokenExtractor --get-token chrome --username user1 --password 1234

For users with the blank password,  type "" as the value to the password parameter.

For example: sudo GoogleTokenExtractor --get-token chrome --username user1 --password ""
 
NOTE: Do not launch GoogleTokenExtractor using the sudo command with no parameters.

8.Enter the password for the selected user when prompted.

9.Click Allow when asked to provide access to the confidential information in keychain.

Keychain_access

10. The "<Mac OS user>_<Google ID>_<token type>_<timestamp>_<time zone>.xml" file will be created in the directory from which GoogleTokenExtractor was launched.

    You will see the full path to the created file in the opened Terminal window.

11. The created .xml file contains the following information:

GTEX Version

Platform

Google ID

Token

Token Type (Google Chrome or Google Drive)

Client ID

Client Secret

Date and time of extraction

 

Parameters for running GoogleTokenExtractor in the Terminal:

 Parameter

 Meaning

--help

 Displays a list of all possible command-line parameters and their descriptions

--get-users-list

 Displays a list of users with installed Google Chrome/Backup and Sync applications.

--get-token chrome

 Gets the authentication token from the Google Chrome browser for the current user.

--get-token drive

 Gets the authentication token from the Backup and Sync application  for the current user.

--get-token chrome --username <username> --password <password>

 Gets the authentication token from the Google Chrome browser for the specific user. Username and password should be entered without brackets.

--get-token drive --username <username> --password <password>

 Gets the authentication token from the Backup and Sync application for the specific user. Username and password should be entered without brackets.

For users with the blank password,  type "" as the value to the password parameter.