Some entries are discarded from the keychain (OS X Snow Leopard)

juuso / keychaindump

A proof-of-concept tool for reading OS X keychain passwords

508 stars 129 forks source link

Some entries are discarded from the keychain (OS X Snow Leopard) #2

Open Sekiltoyai opened 12 years ago

Sekiltoyai commented 12 years ago

Entries marked "application password" are not displayed because they haven't 20 attributes but 16. Please find a patch at the following address [http://misc.sekil.fr/dev/keychaindump.diff] that solves this problem.

Best regards

juuso commented 12 years ago

Hi, thanks for the patch! I applied it, and was happy to see more relevant data exposed, such as wifi network passwords.

The output is somewhat noisy after the patch, though. For example:

skype;.token.0;;?????p=F??-AR??-8&??d?
;xxxx;disqus.com;xxxx
com.apple.assistant;8166CE23-33AF-0B74-C8C0-BB6D12CA9209 - Validation Data;;F??)?J(pW$**????????aG??!?x

While I'm sure the data itself is useful, it's not very easy on the eyes. It might be better to separate the 20-attribute and 16-attribute items into their own lists with optimized output for each.

Sekiltoyai commented 12 years ago

Hello,

You might reorganize or filter the list depending on the "type" of the entry. For example, in the keychain application, a WiFi entry is marked "AirPort network password". This information must be somewhere in the remaining unused attributes.

Moreover, beware that i replaced ':' by ';' for my personnal use, and i forgot to undo the replacement before creating the diff.

Best regards

alienandra commented 11 years ago

Hi Juuso I have some doubts about running the program, but I haven't seen any activity... can you still help me?