search

n0fate / iChainbreaker

Breaking the iCloud Keychain Artifacts
https://n0fate.github.io
GNU General Public License v2.0
94 stars 25 forks source link

Added support for macOS 10.12 keychain #2

Closed kleest closed 6 years ago

kleest commented 6 years ago

Previously to macOS 10.12, keychain items had an empty IV and no authenticated data. Now they have a static IV.

For more information see published source code of securityd: Security-57740.51.3/OSX/sec/securityd/SecDbKeychainItem.c

It might be useful to detect whether an IV and authenticated data must be processed or not. The reported meta information of a macOS 10.12 keychain is:

[+] Keybag Header
 [-] versions : 4
 [-] type : System Keybag
n0fate commented 6 years ago

Nice work for this project ;-)

I will write a code about macos version option.