Macos Big Sur 11.6.2 [Invalid Password / Keychain Locked]

[zangse]

I'm using this repo https://github.com/nkraetzschmar/chainbreaker. I can export the private keys from one of my Mac(Big Sur 11.6.1), but it not work with my another Mac(11.6.2).

I run command and got the results. command:

sudo python2.7 chainbreaker.py --dump-private-keys /Library/Keychains/System.keychain --unlock-file /var/db/SystemKey

2022-02-24 18:00:54,172 - INFO - Dump Start: 2022-02-24 18:00:54.172610
2022-02-24 18:00:54,173 - INFO - 5 Private Keys
2022-02-24 18:00:54,173 - INFO -    [+] Private Key
2022-02-24 18:00:54,173 - INFO -     [-] Print Name: imported private key
2022-02-24 18:00:54,173 - INFO -     [-] Key Class: CSSM_KEYCLASS_PRIVATE_KEY
2022-02-24 18:00:54,173 - INFO -     [-] Key Type: CSSM_ALGID_RSA
2022-02-24 18:00:54,173 - INFO -     [-] Key Size: 2048
2022-02-24 18:00:54,173 - INFO -     [-] Effective Key Size: 2048
2022-02-24 18:00:54,173 - INFO -     [-] CSSM Type: Core CSP (local space)
2022-02-24 18:00:54,174 - INFO -     [-] Base64 Encoded PrivateKey: [Invalid Password / Keychain Locked]
...

When I run this command, I got this result

systemkeychain -vt

Testing system unlock of /Library/Keychains/System.keychain
(If you are prompted for a passphrase, cancel)
System unlock is working

Check out the code and do some simple prints, I found the ciphertext in function _find_wrapping_key is an empty string. I know nothing at python, I hope someone can help look at this problem, thanks~

[pencarsa]

@zangse is csrutil disabled ?

[zangse]

Yes，csrutil disabled. I give up on this laptop, I got a new one, it's can work, I think there is someting wrong with my old laptop.