forked from xperylabhub/ios_keychain_decrypter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
keyclass_unwrapper.c
107 lines (93 loc) · 4.45 KB
/
keyclass_unwrapper.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/*###############################################################################################
# #
# iOS Keychain Decrypter #
# inspired by https://github.com/n0fate/iChainbreaker #
# and https://github.com/nabla-c0d3/iphone-dataprotection.keychainviewer/tree/master/Keychain #
# #
# Copyright Matthieu Regnery 2020 #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <https://www.gnu.org/licenses/>. #
###############################################################################################*/
#include <CoreFoundation/CoreFoundation.h>
#include <Security/Security.h>
#include "IOKit.h"
#define kAppleKeyStoreInitUserClient 0
#define kAppleKeyStoreKeyUnwrap 11
CFStringRef keychain_protectionClassIdToString(uint32_t protection_class)
{
static CFStringRef protectionClasses[] = {
CFSTR("WhenUnlocked"),
CFSTR("AfterFirstUnlock"),
CFSTR("Always"),
CFSTR("WhenUnlockedThisDeviceOnly"),
CFSTR("AfterFirstUnlockThisDeviceOnly"),
CFSTR("AlwaysThisDeviceOnly")
};
protection_class &= 0xF;
if (protection_class >= 6 && protection_class <= 11)
return protectionClasses[protection_class - 6];
return CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("Unknown protection class %d"), protection_class);
}
int AppleKeyStoreKeyBagInit()
{
uint64_t out = 0;
uint32_t one = 1;
return IOKit_call("AppleKeyStore",
kAppleKeyStoreInitUserClient,
NULL,
0,
NULL,
0,
&out,
&one,
NULL,
NULL);
}
IOReturn AppleKeyStore_keyUnwrap(uint32_t protection_class, const uint8_t* buffer, size_t bufferLen, uint8_t* out)
{
size_t outputStructCnt = bufferLen+8;
uint64_t input[2]={0, protection_class};
return IOKit_call("AppleKeyStore",
kAppleKeyStoreKeyUnwrap,
input,
2,
buffer,
bufferLen,
NULL,
NULL,
out,
&outputStructCnt);
}
int main(int argc, char* argv[])
{
AppleKeyStoreKeyBagInit();
if (argc == 3) {
uint32_t keylen = strlen(argv[1])/2;
unsigned char wrappedKey [keylen];
const char *pos = argv[1];
uint32_t keyclass = atoi(argv[2]);
for (size_t count = 0; count < keylen; count++) {
sscanf(pos, "%2hhx", &wrappedKey[count]);
pos += 2;
}
uint8_t unwrappedKey [48];
AppleKeyStore_keyUnwrap(keyclass, &wrappedKey, 40, unwrappedKey);
for(size_t count = 0; count < keylen; count++)
printf("%02x", unwrappedKey[count]);
}
else{
printf("Usage : keychain key keyclass");
}
return 0;
}