Keychain-Dumper icon indicating copy to clipboard operation
Keychain-Dumper copied to clipboard

Published 20 hours ago verified publisher icon ptoomey3

keychaindumper Not working on ios 12.1.1 jailbreak.

Open Mr007jd opened this issue 5 years ago • 13 comments

How to Reproduce:

  1. iphone 6.
  2. ios version 12.1.1
  3. uncover Jailbreak.

I uploaded keychaindumper through ssh. ./keychain_dumper chmod +r /private/var/Keychains/keychain-2.db

Error: Killed: 9

and i have tried other too , none works. Please solve the issue.

Mr007jd avatar Apr 19 '19 11:04 Mr007jd

12.0.1 none works too

ddddyyy avatar May 21 '19 08:05 ddddyyy

12.1.2 not works too.

NotSoEthical avatar May 23 '19 19:05 NotSoEthical

After rebuilding from scratch, which solved the Killed 9 error.

Same with Chimera on 12.1.1. Access groups/entitlements are exported properly, but neither specific nor wildcard version fetches more than just some basic Apple stuff, no application-related credentials.

suculent avatar Jun 11 '19 08:06 suculent

Can you see if https://github.com/ptoomey3/Keychain-Dumper/pull/38 addresses your needs?

ptoomey3 avatar Jun 11 '19 14:06 ptoomey3

I’ve injected exported entitlements, but I’m still unable to inspect Keychain from AppStore build (blackbox testing).

Same when signing Dumper with same Distribution identity as the app (whitebox testing).

It helps fetching at least some internet and generic passwords, but I’m not sure how those are selected.

Tried both with locked/unlocked device with expectably beter results on the Unlocked one.

Can you see if #38 addresses your needs?

suculent avatar Jun 11 '19 14:06 suculent

That sounds uncommon, please confirm that you execute keychain-dumper with root permissions. Always make sure to have your phone unlocked. If everything works fine you should be presented with the pin-pad again once you executed the tool. Enter the device pin again, et voila.

mechanico avatar Jun 14 '19 13:06 mechanico

btw. it should make no difference from my point of view, if the app is downloaded from the Appstore or e.g. installed with Apple Configurator.

mechanico avatar Jun 14 '19 13:06 mechanico

@mechanico I've been previously able to reproduce behaviour you describe. The app is either from AppStore or from XCode. PIN Pad opens, but keychain dump is visibly short and limited to Apple stuff only.

suculent avatar Jun 14 '19 15:06 suculent

@suculent can you execute the keychain_dumper command with the -s option, and paste the output here?

mechanico avatar Jun 15 '19 07:06 mechanico

same 12.4 to just directly visit by sqlite3 /path/to/keychain-2.db

Yongle-Fu avatar Sep 22 '19 17:09 Yongle-Fu

@yonglefu can you closer describe your workaround?

The tool worked on every device I used it so far, if you have any issues with a certain app, please let me know. I will try to assist if I have time.

mechanico avatar Sep 30 '19 06:09 mechanico

Can folks here try out the binary release in https://github.com/ptoomey3/Keychain-Dumper/releases/tag/1.0.0. I built that using Xcode 10.3 for the iOS 12.4 SDK.

ptoomey3 avatar Sep 08 '20 15:09 ptoomey3

@ptoomey3 release works on iphone 6 12.4.3 also works on 7plus 11.2.5

can I request a way to filter based on entitlement group?

bensh avatar Dec 09 '20 11:12 bensh