Open sheharyarn opened 9 years ago
+1
Doesn't work for me either, wondering if disabling SIP will allow it to work again?
Here is a version that only re-enables debugging (which – I guess – is enough): http://totalspaces.binaryage.com/elcapitan
csrutil enable --without debug
Same here: doesn't work on OS-X 10.11 El-Capitan Running it as root I receive:
[*] Searching process 95 heap range 0x7ff491c00000-0x7ff492000000
[-] Requested 4194304 bytes, got 112 bytes
[-] Error (268435459) reading task memory @ 0x7ff491c00000
[*] Searching process 95 heap range 0x7ff493000000-0x7ff493400000
[-] Requested 4194304 bytes, got 112 bytes
[-] Error (268435459) reading task memory @ 0x7ff493000000
[*] Found 0 master key candidates
Debug$
Seems like
kern_return_t r = vm_read_overwrite(task, start, sz, (vm_address_t)buffer, &read_sz);
has been blocked on El-Capitan? or maybe I need to upgrade the program in some way?
Will signing it with an eligible developer certificate change anything?
Maybe the APIs changed, and some work will bring the program back to life? any hint will be greatly appreciated.
The short-term solution would probably be to copy the keychain file to an older Mac and dump it there.
(Not to say that answering your query would not be great, anyway.)
Yep, SIP/rootless prevents spying on securityd. As far as I know, only Apple has the right entitlements to bypass the restriction, and they don't hand them out to outsiders.
I think turning off SIP is the only reasonable way to resurrect keychaindump. Please correct me if I'm wrong!
Actually, I was not that interested in deciphering the key-chain brute-force, because my task is legit — I described it in the discussion part of your original essay (not in the repository).
To make things short -
I need my daemon (running by launchd as root) to connect to our server on clients enterprise machines. Sometimes I need to go through HTTP proxy (hate them, but still, I need to support).
Reading HTTP proxy settings is easy - there’s nice CFNetwork API. I was happy to find the proxy settings are system-wide. However - when the proxy needs to be authenticated (when you type in a user/password pair in the proxy settings panel) then CFNetwork won’t read them for you - they’re on the user’s login key-chain (stored and encrypted per user) which is a little strange, but OK.
Now I have two problems, and lots of wonders…
I know these are many questions, but I really need to do this, and I KNOW for a fact that NSURLSession (higher level networking API) does all this for you - only it doesn’t support general-purpose proprietary format messages - only HTTP messages. Unluckily our server is not HTTP.
Any clue or idea, or direction I could go?
Motti Shneor e-mail: motti.shneor@gmail.com phone: +972-8-9267730 mobile: +972-54-3136621
— Windows is not a virus! A virus is small and efficient. — Jonathan Leffler, Informix
On 12 בספט׳ 2016, at 11:07 לפ׳, Juuso Salonen notifications@github.com wrote:
Yep, SIP/rootless prevents spying on securityd. As far as I know, only Apple has the right entitlements to bypass the restriction, and they don't hand them out to outsiders.
I think turning off SIP is the only reasonable way to resurrect keychaindump. Please correct me if I'm wrong!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/juuso/keychaindump/issues/9#issuecomment-246276730, or mute the thread https://github.com/notifications/unsubscribe-auth/AChnayvjoAuqT5Qi2UNz7VBUkg3QBD3qks5qpQg0gaJpZM4GIfI2.
For it's own daemons, e.g. WiFi access, Apple copies the password to the System keychain. That might be the way to go.
I love
keychaindump
, I love it so so much. I've used it on Mavericks and Yosemite without any issues, but it's not working on my new macbook running OS X El Capitan. Has something changed in the new update or is it something else?I get this: