Keychain-Dumper: keychain_dumper is not finding items on iOS 13.5
Hi,
I am wondering if it’s only me (maybe a package I have installed that is causing this), but keychain_dumper is not finding items on iOS 13.5. It does not even prompt for a passcode when I run the tool.
# ./keychain_dumper -a
[INFO] No Generic Password Keychain items found.
[HINT] You should unlock your device!
[INFO] No Internet Password Keychain items found.
[HINT] You should unlock your device!
[INFO] No Identity Keychain items found.
[HINT] You should unlock your device!
[INFO] No Certificate Keychain items found.
[HINT] You should unlock your device!
[INFO] No Key Keychain items found.
[HINT] You should unlock your device!
# ls -l /private/var/Keychains/keychain-2.db
-rw-r--r-- 1 _securityd wheel 1732608 Jun 3 01:13 /private/var/Keychains/keychain-2.db
Tried it with:
- iPhone X and iPad Pro Gen 2
- both with iOS version 13.5
- both jailbroken with checkra1n 0.10.2
- Used the latest-greatest binary from this repo (~12h old ATM)
Can someone please confirm/refute this?
Thanks!
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 47 (16 by maintainers)
I wrote a blog post describing how I was able to extract data from the Keychain on iOS 13.6.1. The post is specifically about extracting Signal’s database but covers
keychain_dumper.Exporting messages from Signal for iOS: a journey
This address “shorturl.at/adEQ3” cannot be accessed anymore
I made some changes to keychaineditor to make it work on the latest iOS 13.5. The idea is to have a postscript generate new entitlement (with @vocaeq) for app-specific rather than using a wildcard as it’s not working and use ldid to pseudo sign the executate after installing. I uploaded the keychaineditor source code here, feel free to have a look and give it a try with pre-packed .deb file: shorturl.at/adEQ3 Feel free to connect and drop me a chat on Twitter 😃