Small script to decrypt keychains on iOS. Needs an agent on the iDevice to unwrap keys. Rest of decryption/parsing id done on host
Tested on an iPhone 7 iOS 14.0
This works on MacOS Catalina and should work on Linux Windows support may require to adapt ssh commandlines
pip install requirements.txt
Jailbroken device accessible via ssh (default checkra1n behaviour)
sshpass, ssh and iproxy configured in your PATH
To compile phone agent, Xcode should be installed.
- jailbreak your device
- run iproxy in a terminal mapping localport 2222 - for checkra1ned devices:
iproxy 2222 44
- open a new terminal window
- Upload the agent on your device
sshpass -p alpine scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P2222 keyclass_unwrapper root@localhost:
- Download keychain database from your device
sshpass -p alpine scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -P2222 root@localhost:/private/var/Keychains/keychain-2.db .
- unlock your device and keep it unlocked until the dump is finished
- run the python script
python3 keychain_decrypt.py
-
You should obtain a keychain_decrypted.plist file If an error occure, try again, sometimes it is a timing problem
-
Clean
sshpass -p alpine ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p2222 root@localhost "rm /var/root/keyclass_unwrapper; shutdown -h now"
You should have an identity to sign the code
make
- iChainbreaker
- iphone-dataprotection.keychainviewerhttps://github.com/nabla-c0d3/iphone-dataprotection.keychainviewer/tree/master/Keychain)
- Apple Open Sourceshttps://opensource.apple.com/source/Security/Security-59306.80.4/keychain/securityd/)
GPL V2