objection icon indicating copy to clipboard operation
objection copied to clipboard

Published 20 hours ago verified publisher icon sensepost

iOS Keychain ACL Parsing Broken

Open leonjza opened this issue 5 years ago • 1 comments

Describe the bug Keychain ACL Parsing appears to be broken even though entries have ACL's configured. Current debugging shows that this line is always hit, possibly meaning that SecAccessControlGetConstraints did not return anything (maybe internal API change?).

To Reproduce

  1. Run command ios keychain dump
  2. Observe that all keychain entries have a None ACL.

Printing the Access Control references from the entry received in decodeAcl() with console.log(entry.objectForKey_(kSec.kSecAttrAccessControl)) shows:

<SecAccessControlRef: ak>
<SecAccessControlRef: ak>
<SecAccessControlRef: dku>
<SecAccessControlRef: dku>
<SecAccessControlRef: dku>
<SecAccessControlRef: dku>
<SecAccessControlRef: cku>
<SecAccessControlRef: cku>

Expected behavior Correctly decoded Access Control Entries

Environment (please complete the following information):

  • Device: iPhone 8
  • OS: iOS 12.4
  • Frida Version: 12.7.10
  • Objection Version: v1.7.5

leonjza avatar Oct 16 '19 19:10 leonjza

This does not appear to be the case on all apps/devices though.

leonjza avatar Oct 18 '19 00:10 leonjza