Dumping Keychain item on iOS 8.4 with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly protection class

[noelsmith]

First off, I recently discovered IDB and it is an awesome tool...thanks for all the effort!

This is probably more a gap in understanding than an issue with the tool, but I located a keychain item with the keychain protection class: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly

My understanding is that I should be able to dump this keychain item in the following scenario: my device is booted up, i entered the pin, then locked the device.

I can successfully dump the keychain item when i unlock the device, but not while the device is locked.

Is there another condition that I am not understanding related to that particular keychain protection class?

Thanks so much for your time.

[dmayer]

Sorry for taking so long to get back to you on this. That is also my understanding, it should be accessible when the device has been unlocked after reboot and locked subsequently.

I think this may be a limitation of the keychaineditor (https://github.com/NitinJami/keychaineditor) I'm using. I tried dumping the keychain when the device is locked and it returns an error. I think for educational purposes it would be good to allow dumping when the device is locked and I filed a bug report https://github.com/NitinJami/keychaineditor/issues/9

Hopefully @NitinJami has some time to work on it :)