iOS 11.3+ : Access an item with TouchID/FaceID

ptoomey3 / Keychain-Dumper

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken

BSD 3-Clause "New" or "Revised" License

1.34k stars 299 forks source link

iOS 11.3+ : Access an item with TouchID/FaceID #32

Closed priyankn closed 4 years ago

priyankn commented 6 years ago

Hi,

Can keychain items be accessed normally via this tool when the following SecAccessControlCreateFlags are set?

https://developer.apple.com/documentation/security/secaccesscontrolcreateflags

I tested it quickly and the answer is no (well, except for .userPresence, where a passcode is required), but want to be 100% sure if my test app was behaving correctly.

ismyhc commented 6 years ago

@priyankn Im interested in this too. Are you saying that you can or cannot see decrypted data when the .usePresence flag was use to store value?

priyankn commented 6 years ago

@ismyhc Yes, I can see the data, because it constrains to access an item with either biometry OR passcode.

Nevertheless, I found the objection framework to work better in this case - FYI to all future ppl https://github.com/sensepost/objection

ptoomey3 commented 4 years ago

Closing as stale.