Support Local Items keychains from Mojave

n0fate / iChainbreaker

Breaking the iCloud Keychain Artifacts

https://n0fate.github.io

GNU General Public License v2.0

94 stars 25 forks source link

Support Local Items keychains from Mojave #6

Closed hah0Na closed 5 years ago

hah0Na commented 5 years ago

On hardware with a Secure Enclave Processor, e.g., a MacBook Pro with Touch Bar, keys from the SEP are needed to decrypt the keychain. So this code will only work on other hardware. But that was already the case with High Sierra.

I intend to publish a writeup on how I figured this out, but that will take a while.

Fixes #5

n0fate commented 5 years ago

I think each mac has different key on T1/2 chip. Did you solve this issues using static key for High Sierra. right?

hah0Na commented 5 years ago

This works for the Local Items keychain in a VM on Mojave. It fails for the keychain from a physical MacBook Pro with Touch Bar. I assume the SEP chip is the reason it fails on that hardware, but haven’t had a chance to confirm that in detail.

schmittner commented 5 years ago

I've verified that this patch works partially with 10.14 on a non-T1/T2 MacBook.

AESUnwrap fails for keyclass 8 (dk)
The code ignores keyclass 11 (dku)

Any ideas?