diff --git a/README.md b/README.md index 227e684..cb67f8f 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,11 @@ You should be able to compile the project using the included makefile. If all goes well you should have a binary `keychain_dumper` placed in the same directory as all of the other project files. +If you are not able to compile with default Apple SDK, try to replace SDK path in Makefile with Theos SDK: + + SDK="/path/to/theos/sdks/iPhoneOS14.5.sdk" + + ### Sign It First we need to find the certificate to use for signing. @@ -65,6 +70,23 @@ You should now be able to follow the directions specified in the Usage section a The resulting file can be used in place of the included entitlements.xml file. +Large amount of access groups in entitlements.xml may result in tool not dumping any keys. Include only access groups that you want to dump keys from. Example of correct entitlements.xml file: + +```xml + + + + + keychain-access-groups + + groupName + + platform-application + com.apple.private.security.no-container + + +``` + ## Contact & Help If you find a bug you can [open an issue](http://github.com/ptoomey3/Keychain-Dumper/issues). diff --git a/main.m b/main.m index 8f70bd4..1c12c2c 100644 --- a/main.m +++ b/main.m @@ -340,6 +340,19 @@ void printAccessibleAttribute(NSString *accessibleString) { } } +void printSecAccessControl(NSObject *accessControlObject){ + NSString* accessControlString = accessControlObject.debugDescription; + if ([accessControlString rangeOfString:@"pbioc"].location != NSNotFound && [accessControlString rangeOfString:@"pbioh"].location != NSNotFound) { + printToStdOut(@"%sSecAccessControl flag: .biometryCurrentSet%s\n", KGRN, KWHT); + }else if ([accessControlString rangeOfString:@"pbioc"].location != NSNotFound && [accessControlString rangeOfString:@"pbioh"].location == NSNotFound) { + printToStdOut(@"%sSecAccessControl flag: .biometryAny%s\n", KYEL, KWHT); + }else if ([accessControlString rangeOfString:@"cpo(DeviceOwnerAuthentication)"].location != NSNotFound) { + printToStdOut(@"%sSecAccessControl flag: .userPresence%s\n", KRED, KWHT); + }else if ([accessControlString rangeOfString:@"cup(true));odel(true)"].location != NSNotFound) { + printToStdOut(@"%sSecAccessControl flag: .devicePasscode%s\n", KRED, KWHT); + }; +} + void printGenericPassword(NSDictionary *passwordItem) { printToStdOut(@"Generic Password\n"); printToStdOut(@"----------------\n"); @@ -366,6 +379,7 @@ void printInternetPassword(NSDictionary *passwordItem) { printToStdOut(@"Label: %@\n", [passwordItem objectForKey:(id)kSecAttrLabel]); NSString* accessibleString = [passwordItem objectForKey:(id)kSecAttrAccessible]; printAccessibleAttribute(accessibleString); + printSecAccessControl([passwordItem objectForKey:(id)kSecAttrAccessControl]); NSData* passwordData = [passwordItem objectForKey:(id)kSecValueData]; printDataToStdOut("Keychain Data", passwordData); } @@ -382,6 +396,7 @@ void printCertificate(NSDictionary *certificateItem) { printToStdOut(@"Label: %@\n", [certificateItem objectForKey:(id)kSecAttrLabel]); NSString* accessibleString = [certificateItem objectForKey:(id)kSecAttrAccessible]; printAccessibleAttribute(accessibleString); + printSecAccessControl([certificateItem objectForKey:(id)kSecAttrAccessControl]); printToStdOut(@"Serial Number: %@\n", [certificateItem objectForKey:(id)kSecAttrSerialNumber]); printToStdOut(@"Subject Key ID: %@\n", [certificateItem objectForKey:(id)kSecAttrSubjectKeyID]); printToStdOut(@"Subject Key Hash: %@\n\n", [certificateItem objectForKey:(id)kSecAttrPublicKeyHash]); @@ -408,6 +423,7 @@ void printKey(NSDictionary *keyItem) { printToStdOut(@"Label: %@\n", [keyItem objectForKey:(id)kSecAttrLabel]); NSString* accessibleString = [keyItem objectForKey:(id)kSecAttrAccessible]; printAccessibleAttribute(accessibleString); + printSecAccessControl([keyItem objectForKey:(id)kSecAttrAccessControl]); printToStdOut(@"Application Label: %@\n", [keyItem objectForKey:(id)kSecAttrApplicationLabel]); printToStdOut(@"Application Tag: %@\n", [keyItem objectForKey:(id)kSecAttrApplicationTag]); printToStdOut(@"Key Class: %@\n", keyClass);