ptoomey3 / Keychain-Dumper

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
BSD 3-Clause "New" or "Revised" License
1.35k stars 299 forks source link

iOS 12 support #36

Closed hubert3 closed 5 years ago

hubert3 commented 5 years ago

This may be a problem with the unc0ver jailbreak (v3.0.0-b46) on iPhone 5s and not a bug in Keychain-Dumper, however trying to run a binary I compiled myself on iOS 12 I'm getting:

# ./keychain_dumper
Killed: 9

dmesg output:

Sandbox: bash(1243) System Policy: deny(1) process-exec* /private/var/root/keychain_dumperSandbox: hook..execve() killing keychain_dumper[pid=1243, uid=0]: (err=1) process-exec denied while updating labe
hubert3 commented 5 years ago

Works with a few more entitlements added. I'm not sure if all of these were necessary but keychain_dumper now works on iOS 12 with unc0ver jailbreak

entitlements.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>keychain-access-groups</key>
        <array>
            <string>*</string>
        </array>
        <key>platform-application</key> <true/>
        <key>com.apple.private.security.no-container</key>  <true/>
    </dict>
</plist>
ptoomey3 commented 5 years ago

Can you see if https://github.com/ptoomey3/Keychain-Dumper/pull/38 addresses your needs?

suculent commented 5 years ago

Well, I’ll give it a try once again. I have 12.1.2 with Chimera and 9.3.5 Phoenix (both 32/64bit versions) for compare.

Odesláno z iPhonu

    1. 2019 v 16:15, Patrick Toomey notifications@github.com:

Can you see if #38 addresses your needs?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

a3135134 commented 5 years ago

Works with a few more entitlements added. I'm not sure if all of these were necessary but keychain_dumper now works on iOS 12 with unc0ver jailbreak

entitlements.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
      <key>keychain-access-groups</key>
      <array>
          <string>*</string>
      </array>
      <key>platform-application</key> <true/>
      <key>com.apple.private.security.no-container</key>  <true/>
  </dict>
</plist>

The original dumper doesn't work either on IOS 12.2. I tried as hubert3 said (editing the xml file and rebuild using my developer certificate), then it works. May this be merged?

ptoomey3 commented 5 years ago

I've updated the entitlements and pushed a new binary. Thanks!