You are here

Google Chrome Portable [Extension Gallery Ready!]

37 posts / 0 new
Last post
The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
Google Chrome Portable [Extension Gallery Ready!]

AKA the "I just got hired and I start Monday go me!" edition.

Application: Google Chrome
Category: Internet
Description: "Google Chrome runs web pages and applications with lightning speed."

[Edit: NOTE: When upgrading from the previous release, if you used Portable Passwords, please see the note at the end of this post otherwise your saved passwords may be lost when upgrading.]

Download Google Chrome Portable Stable Branch 3.0.195.33 Revision 2 Development Test 2 [1.5MB download / 34MB installed]
(MD5: 9ac73657ad96e8125b3bcbb7468b8384)

Download Google Chrome Portable Beta Branch 4.0.249.30 Development Test 1 [1.5MB download / 34MB installed]
(MD5: 29bca5cb9e92988e7d4edd0e4fee2f45)

Download Google Chrome Portable Dev Branch 4.0.266.0 Development Test 1 [1.5MB download / 34MB installed]
(MD5: 35d52a68e4ef3e1ffa0ea406af1346b8)

[Edit: Bumping for new release instead of a new thread 'cause there are mostly minor changes. I improved the algorithm slightly (not as much as I wanted to, AES refused to work, if anyone has a good code sample for AES with the Crypto API let me know) and fixed all of the other problems I mention below.]

Biggest update is the Portable Passwords! It's opt-in since it needs to prompt you for a master password on startup, and the algorithm I used to encrypt the passwords is possibly weak, and it does not hide the length of the original password. I believe I know how to use a stronger cipher for next release.

This thing was hard and I had to code it in C++ as an NSIS plugin (no way around that as far as I could tell, I tried a bunch of things) so now that it is working I will push it out and take a small break. Smile

Known Bugs:

  • When opting in to Portable Passwords (see GooglechromePortable.ini), it is possible to determine the lengths of your saved passwords without needing the master password. The master password itself uses a different encryption algorithm and does not have this problem. I will be looking at how to address this in a future release. [Edit: Haven't figured out how to use AES instead of RC4 yet, Crypto API is giving me an error the docs say it shouldn't, but I am using a stronger key length for RC4 now. If I can't figure it out or AES doesn't pad to the nearest block like I think it will, I should be able to pad the unencrypted passwords myself with nulls or something to mask the length.]

Release Notes:

2.1.1.0

  • Updated Dev to 4.0.266.0 and Beta to 4.0.249.30. Google Chrome Extension gallery is live!
  • Installer now shows the version of Chrome being downloaded.
  • Updated the sample INI with some new notes.
  • msvcr100.dll beta 2 is no longer required by the NSIS plugin. 200kb has been shaved off the launcher.
  • Changes to Portable Passwords to improve security and prevent possible vulnerabilities. If you were previously using Portable Passwords you will need to import your passwords to Chrome before updating, see the note below on how to keep your saved passwords.
  • Fixed bug in NSIS plugin where memory was freed twice (oops).
  • Added EncryptPortablePasswords switch to INI, so you can choose to store saved passwords in plaintext. This may be useful if you already use an encryption solution such as TrueCrupt to protect your PortableApps and have no need for additional protection. This is also removes the need for a master password.
  • Installer window no longer shows. DialogEx is used instead for the master password prompt.
  • Tidied up some things in the launcher code (all language strings are in the appropriate NSH now).
  • Updated to PA.c Installer 1.0.1.

2.1.0.0

  • Updated Dev to 4.0.249.11
  • Merged with John's recommended changes to the launcher/installer.
  • Updated to PAF 1.0
  • Fixed some details in the docs. 4.0 beta doesn't have extension support at all.
  • Fixed network paths not working with the theme path fixer. Note that running from a network folder is not supported. If you encounter problems, try mapping a drive letter to the folder and running GCP from there.
  • exclude.txt has been removed from Source since it is no longer needed.
  • Local Chrome will no longer lose track of its profile if "User Data" was set up as an NTFS junction.
  • Passwords can now be preserved accross user accounts and computers by setting PortablePasswords to true in GoogleChromePortable.ini. You will need to provide a master password as an alternative to Chrome's built-in encryption to keep your passwords safe. See GoogleChromePortable.ini for more details.

Importing Old Portable Passwords

I made some changes to Portable Passwords to remove or reduce vulnerabilities (I'm new at this "security" thing, sorry), which means old Portable Passwords will no longer be understood by the launcher. But, you can ensure they are imported into Google Chrome's local-user-account encrypted passwords database, and then upgrade Google Chrome Portable, which can then regenerate the Portable Passwords from your Google Chrome profile.

Note that if you toggle the new EncryptPortablePasswords flag in the INI (side note: I highly recommend it be kept on unless you know what you're doing) you should also follow this procedure to avoid losing saved passwords. Replace "upgrade" with "toggle the INI switch", or "change your master password"; the procedure is the same.

Start the old GCP up on your computer to ensure the Portable Passwords are correctly imported into your Google Chrome profile. Then close GCP and remove the Portable Password files to force their regeneration in the new format:

Data\settings\masterpassword.hash
Data\profile\\Portable Passwords

Next, perform your upgrade, and start GCP. Enter your master password (you can even pick a new one if you want, since we're rebuilding Portable Password files), and wait for GC to start and then close it. Your new Portable Password files should be regenerated from your profile's saved passwords.

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
Nobody? This is the newest

Nobody? This is the newest version people, I want feedback! Smile

Signature automatically removed for being too awesome.

John T. Haller
John T. Haller's picture
Online
Last seen: 2 min 21 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Bad Version Announcement

I think the announcement title with the oddball 2.1 version is throwing people. We don't advertise versions of launchers for any apps... pretty much ever... as that version means absolutely nothing to an end user.

Call it "Google Chrome Portable 3.0.193.33 Rv2 DT1 (Enhanced Launcher) + 4.0 Beta, Too".

Sometimes, the impossible can become possible, if you're awesome!

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
I just stuck the three GC

I just stuck the three GC versions up there and got rid of the Dev Test / Rv stuff cause it's pretty much implied anyway since it's in the Beta Testing forum, IMO. Smile

BTW I've realized there are a couple pieces of my encryption that aren't very secure so this release shouldn't be used as a basis for any official release (I will fix it in my next dev test... which will be a breaking change for the current encryption scheme anyway).

Current flaws that I see:

  • I forgot to salt my hashes. Simple, short, or dictionary master passwords will be vulnerable to rainbow table attacks.
  • When the master password is set, it is hashed and stored so that a typo in the password won't garble the saved passwords on decryption (the master password is verified using a hash for the entered password). However it seems the way Microsoft's Crypto API works is to hash the password and then use that as an encryption key for whatever algorithm you used. This makes sense as without it it could be a lot easier to crack algorithms that use very short passwords as a key. My problem is I forgot to salt either hash... which means the key for the encryption is the hashed password stored on disk. Oops. I'll fix this by salting and using DIFFERENT salts for the master password verify hash and the encryption hash.
  • I use RC4 for the actual password encryption using the master password. I dunno how secure this is. I think I have figured out how to use AES though and will switch over to using it.
  • I don't wipe memory containing unencrypted passwords before freeing it, while importing or exporting saved passwords from Chrome.

All this stuff should be fixed by my next dev test.

Signature automatically removed for being too awesome.

Bruce Pascoe
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-15 16:14
I would, but...

The fact that it prompts for a master password on every startup puts me off. I'd rather do without saved passwords than have to deal with that--after all, the whole reason to use saved passwords at all is so you don't have to type them! Smile

OliverK
OliverK's picture
Offline
Last seen: 2 years 8 months ago
Developer
Joined: 2007-03-27 15:21
Perhaps we should have a

Perhaps we should have a method to disable them.

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
Like I said it's opt-in, and

Like I said it's opt-in, and off by default.

I may also include an option for storing saved passwords plaintext if you want (or if you use an alternate encryption solution such as TrueCrypt for storing GCP) to skip the need for a master password. Though it will have a big warning.

Signature automatically removed for being too awesome.

Bruce Pascoe
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-15 16:14
...

Why can't you encrypt without a master? Firefox encrypts all of its stored passwords, even with the master password turned off, and in FF's case it's fully portable.

Chris Morgan
Chris Morgan's picture
Offline
Last seen: 8 years 8 months ago
Joined: 2007-04-15 21:08
Insecure

Without the master password, it's insecure. The discussion here is entirely about security.

I am a Christian and a developer and moderator here.

“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1

Bruce Pascoe
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-15 16:14
No

I was referring to MAZZTer's (hypothetical) option to store passwords in plaintext. If you're going to allow that, it'd be more secure to at least encrypt them using some pseudorandom key that to store them directly in plaintext...

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
You can store them in

You can store them in plaintext if you already use an encryption solution such as TrueCrypt to encrypt your portable drive (at least the portion that GCP is on). But you still need a password for TrueCrypt.

Google Chrome only seems to store its saved passwords without a password because it doesn't... it uses the local user account information (likely including the password or a hash of it) which is why it is not portable. Cryptography requires some sort of secret data to use as a key for encryption and decryption. There's no way around it, it has to come from somewhere.

Signature automatically removed for being too awesome.

Bruce Pascoe
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-15 16:14
Firefox

So where does FF get its key from when you don't have a master password set? FF saved passwords are never stored in plaintext as far as I'm aware but yet it's still portable...

John T. Haller
John T. Haller's picture
Online
Last seen: 2 min 21 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Password

I think anyone can get at them unless you set your master password. There's just not cleartext in the passwords file.

Sometimes, the impossible can become possible, if you're awesome!

scriptdaemon
Offline
Last seen: 4 years 3 months ago
Developer
Joined: 2008-10-10 17:40
Dev test?

Since this is official, shouldn't it be automatically a pre-release?

Also, 3.0.193.33 should read 3.0.195.33

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
Thanks. Ummm I dunno about

Thanks.

Ummm I dunno about pre-release, you can call it that if you want to. Tomaetos tomahtos and all that.

Signature automatically removed for being too awesome.

Chris Morgan
Chris Morgan's picture
Offline
Last seen: 8 years 8 months ago
Joined: 2007-04-15 21:08
DT

I'd say DT is correct for this one as you're definitely not wanting it to go official. It is quite literally a development test.

I am a Christian and a developer and moderator here.

“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1

OliverK
OliverK's picture
Offline
Last seen: 2 years 8 months ago
Developer
Joined: 2007-03-27 15:21
InstallOptions::Show at line

InstallOptions::Show at line 836. Is there a opposite call, like InstallOptions::Hide?

I haven't played at all with GUI options yet (its on my list), but shouldn't there be a inverse option?

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
That shows the page, not the

That shows the page, not the window. To hide the Window you need to call SetSilent in the .onInit function (after the page has shown it's already too late). I may be able to fake it using a nsis plugin or something to use Win API calls to hide the window though. But I think if you call Abort on a non-silent installer it won't quit the installer like it does when it's silent (non-silent you still have to click "Cancel")... so that may not work.

Signature automatically removed for being too awesome.

John T. Haller
John T. Haller's picture
Online
Last seen: 2 min 21 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Hiding Modern UI

You can hide modern UI, ditch your custom page and just do it using Dialog Options. Check out the PA.c Installer's Wizard code for examples. It prompts for missing info outside of modern UI.

Sometimes, the impossible can become possible, if you're awesome!

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
I was gonna use nsDialog but

I was gonna use nsDialog (since InstallOptions is deprecated) but I couldn't figure out how to make it use Modern UI, plus the only sample code I knew that did what I wanted to do was Firefox 2.0 Portable's "Enable Session Restore" prompt.

I'll look at the PA.c Installer's Wizard code, though I never got any such prompts from it myself since I did a good job on my appinfo.ini and installer.ini, I guess. Smile

[Edit: You !include dialogs.nsh but you didn't include that file with PA.c Installer Wizard, nor is it a standard NSIS nsh. I am also unable to find any website or download for it... it's not possible to compile the Wizard without it!]

Signature automatically removed for being too awesome.

John T. Haller
John T. Haller's picture
Online
Last seen: 2 min 21 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Here

Explanation: http://nsis.sourceforge.net/DialogsEx_plug-in
Download: http://nsis.sourceforge.net/Joel_plugin_src

To get it using XP themes, you have to set XPStyle on.

Sometimes, the impossible can become possible, if you're awesome!

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
There we go, I was looking

There we go, I was looking for "Dialog Options". Thanks. Smile

XPStyle is always on here! Biggrin It should be working in the current launcher just fine...

Signature automatically removed for being too awesome.

BenMcLean
Offline
Last seen: 12 years 9 months ago
Joined: 2006-08-23 19:32
My extensions aren't applying

My extensions aren't applying http://www.chromeextensions.org/

siegfre
Offline
Last seen: 4 years 2 months ago
Joined: 2006-11-15 22:51
Dev build

Are you using the Dev build? That's the only version that supports extensions so far.

Voltron43
Voltron43's picture
Offline
Last seen: 2 years 8 months ago
Joined: 2009-10-12 12:52
Download Directory Tip

Here's a little tip that I'd like to share. I like to download files to my X:\Documents\Downloads directory located on my PA drive, so I've modified the 'Preferences' file located in the Data\profile\default directory to automatically detect the current PA drive and download to my PA drive.

Preferences

"download": {
      "default_directory": "..\\..\\..\\..\\..\\Documents\\Downloads",
      "directory_upgrade": true,
      "extensions_to_open": "",
      "prompt_for_download": false
},
The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
I was thinking maybe I could

I was thinking maybe I could make a "Data\Downloads" for the next release and make the default profile stick downloads there... but it's probably best to just prompt. Good tip though, I may use it for my personal copy. Smile

BTW Try just using a path of:

"\\Documents\\Downloads"

A starting \ means to start at the root of the current drive FYI. Much cleaner and easier to follow than a ton of ..s.

Signature automatically removed for being too awesome.

John T. Haller
John T. Haller's picture
Online
Last seen: 2 min 21 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Prompt

Saving a big file to USB as it is downloaded kills all running portable apps performance-wise. That's why Firefox is set to ask.

Sometimes, the impossible can become possible, if you're awesome!

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
Ha, totally forgot about

Ha, totally forgot about that, and lots of times my USB seems the slowest on the planet. Yeah, sticking with prompt definitely.

Signature automatically removed for being too awesome.

Bruce Pascoe
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-15 16:14
Odd

I've always had Chrome and Firefox set to download to a specific directory on my drive (no prompt) and I've never had performance issues. Not even on the slow-as-molasses 32GB SanDisk Cruzer I had before my current drive.

The MAZZTer
The MAZZTer's picture
Offline
Last seen: 1 year 1 month ago
Developer
Joined: 2006-11-17 15:31
Bump. New version. Please

Bump. New version.

Please note that any comments above this line are commenting on an obsolete version and I probably addressed them all already. Wink

Signature automatically removed for being too awesome.

Bruce Pascoe
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-15 16:14
?

What happened to 3.0.195.38? It's been out for a while now...

fallingup79
fallingup79's picture
Offline
Last seen: 13 years 5 months ago
Joined: 2010-01-02 22:38
Extensions

My extensions won't apply either. They were at work on XP, but not at home on 7.

Trevlin
Trevlin's picture
Offline
Last seen: 14 years 4 weeks ago
Joined: 2009-11-18 15:31
Any updates yet?

It's been a while since the last update for the portable app has been released.. I'd like to know if a new version is coming out anytime soon! Please replay ASAP.

(Especially for the dev/beta builds!)

g-man
Offline
Last seen: 14 years 1 month ago
Joined: 2010-01-24 13:58
Has there been any recent

Has there been any recent activity on this? Is the source code for the installer available anywhere?

Chris Morgan
Chris Morgan's picture
Offline
Last seen: 8 years 8 months ago
Joined: 2007-04-15 21:08
Inside

The installer is just the PortableApps.com Installer. The launcher source code is in Other\Source. The installer configuration is done in App\AppInfo\appinfo.ini and App\AppInfo\installer.ini.

I am a Christian and a developer and moderator here.

“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1

Kermode
Offline
Last seen: 11 years 3 months ago
Joined: 2008-07-18 17:11
EncryptPortablePasswords

EncryptPortablePasswords in what ini file?

OliverK
OliverK's picture
Offline
Last seen: 2 years 8 months ago
Developer
Joined: 2007-03-27 15:21
There's a ini file in

There's a ini file in Other\Source. SHould be called ChromePortable.ini or somethign similiar.

Copy that to the ChromePortable directory, and then look for the right value to set to true Smile

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

Log in or register to post comments