workparty331 / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

ios 7 keychain support #115

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Handle new ASN1 data column encoding

Original issue reported on code.google.com by jean.sig...@gmail.com on 24 Jul 2013 at 8:35

GoogleCodeExporter commented 8 years ago
Some update here ? I will love to do a demo with iOS 7 :) 

Original comment by pfister....@gmail.com on 23 Aug 2013 at 11:03

GoogleCodeExporter commented 8 years ago
I've attached the patch that I use to read iOS 7 databases.  It requires pyasn1 
to be installed.

Original comment by dunhamst...@gmail.com on 4 Sep 2013 at 4:52

Attachments:

GoogleCodeExporter commented 8 years ago
Please note my patch base64 encodes the value and prefixes it with "base64" if 
it is binary, you probably want to change this before applying it to the 
repository.  

Original comment by dunhamst...@gmail.com on 4 Sep 2013 at 4:57

GoogleCodeExporter commented 8 years ago
Here is a revised patch that doesn't do the base64 encoding.  (The resulting 
entries can't be dumped as JSON if they aren't valid utf8 strings.)

Original comment by dunhamst...@gmail.com on 4 Sep 2013 at 5:15

Attachments:

GoogleCodeExporter commented 8 years ago
Thanks a lot ! i will integrate this when i get the chance.

Original comment by jean.sig...@gmail.com on 8 Oct 2013 at 7:59

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
The tested iphone : iphone4 and ios7.0.2

- Install pyasn1
- I patch the attached file"keychain4.py"

However there is an error
"sqlite3.DatabaseError: file is encrypted or is not a database"

Original comment by sjyangd...@gmail.com on 10 Oct 2013 at 8:51

Attachments:

GoogleCodeExporter commented 8 years ago
Hi - I am also noticing an issue with iOS 7.0.2 on iPhone 4.  I had no issues 
with the same device running iOS 7.0.0.  I'm using the updated ios7.patch.v2.  
Here is the excerpt of the error...  It looks similar to issue 50 
(https://code.google.com/p/iphone-dataprotection/issues/detail?id=50&can=1&q=key
bag#makechanges)

Keybag: SIGN check FAIL
Keybag unlocked with passcode key
Traceback (most recent call last):
  File "python_scripts/keychain_tool.py", line 72, in <module>
    main()
  File "python_scripts/keychain_tool.py", line 52, in main
    k.print_all(options.sanitize)
  File "/Users/djones/iphone-dataprotection/python_scripts/keychain/keychain.py", line 134, in print_all
    for p in self.get_passwords():
  File "/Users/djones/iphone-dataprotection/python_scripts/keychain/keychain.py", line 65, in get_passwords
    return self.get_items("genp")
  File "/Users/djones/iphone-dataprotection/python_scripts/keychain/keychain.py", line 61, in get_items
    self.items[table] = filter(lambda x:x!={}, map(self.decrypt_item, self.store.get_items(table)))
  File "/Users/djones/iphone-dataprotection/python_scripts/keychain/keychain4.py", line 49, in decrypt_item
    dict["data"] = dict["v_Data"].data
AttributeError: 'str' object has no attribute 'data'

Original comment by djo...@jenyanet.com on 13 Oct 2013 at 3:33

GoogleCodeExporter commented 8 years ago
@djo... Sorry about that, in my own code I was using decrypt_blob directly 
rather than using keychain_tool, and I had already adjusted it for this issue.  
The attached patch should handle this case. 

Original comment by dunhamst...@gmail.com on 13 Oct 2013 at 5:44

Attachments:

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
So it worked great and then I just tried again after doing a full device reset 
and now I get the following which someone else here previously posted as well:

Keybag: SIGN check FAIL
Keybag unlocked with passcode key
Traceback (most recent call last):
  File "python_scripts/keychain_tool.py", line 72, in <module>
    main()
  File "python_scripts/keychain_tool.py", line 49, in main
    k = keychain_load(args[0], kb, p["key835"].decode("hex"))
  File "/Users/djones/iphone-dataprotection/python_scripts/keychain/__init__.py", line 6, in keychain_load
    version = sqlite3.connect(filename).execute("SELECT version FROM tversion").fetchone()[0]
sqlite3.OperationalError: no such table: tversion

Original comment by djo...@jenyanet.com on 18 Oct 2013 at 7:14

GoogleCodeExporter commented 8 years ago
Anything :-(

Original comment by djo...@jenyanet.com on 21 Oct 2013 at 12:01

GoogleCodeExporter commented 8 years ago
Disregard.  The issue had to do with demo_bruteforce.py.  I had to slightly 
modify the script to download all 3 components of the sqlite DB (.db, db-shm, 
and db-wal.).  

Original comment by djo...@jenyanet.com on 21 Oct 2013 at 8:24

GoogleCodeExporter commented 8 years ago
Sorry to bring this dead thread back to life, but how do I update my local 
files with the .patch.v3 file?

Original comment by c0t...@gmail.com on 24 Dec 2013 at 10:40

GoogleCodeExporter commented 8 years ago
@c0taxt try running "patch < ios7.patch.v3 " from the command line in the root 
folder of the tools.

Original comment by jean.sig...@gmail.com on 29 Dec 2013 at 11:39

GoogleCodeExporter commented 8 years ago
@jean.sig

thank you so much. I am very grateful for your reply. 

Original comment by c0t...@gmail.com on 29 Dec 2013 at 8:21

GoogleCodeExporter commented 8 years ago
Hey guys,

I seems to be able to decrpyt everyhting but not the password from safari, any 
idea?

Original comment by martin.h...@gmail.com on 13 May 2014 at 2:49

GoogleCodeExporter commented 8 years ago
Or from the email accounts I configure 

Original comment by martin.h...@gmail.com on 13 May 2014 at 2:54

GoogleCodeExporter commented 8 years ago
Issue 144 has been merged into this issue.

Original comment by jean.sig...@gmail.com on 24 Jul 2014 at 9:55

GoogleCodeExporter commented 8 years ago
Thanks. I applied file  ios7.patch.v3 to the most recent commit. Upon running 
the keychain_tool,py script, I get this error:

$ python python_scripts/keychain_tool.py -d /XXXXX/keychain-2.db 
/XXXXX/b8bc987ada7c0547.plist 
Keybag unlocked with passcode key
Traceback (most recent call last):
  File "python_scripts/keychain_tool.py", line 73, in <module>
    main()
  File "python_scripts/keychain_tool.py", line 53, in main
    k.print_all(options.sanitize)
  File "/iphone-dataprotection/python_scripts/keychain/keychain.py", line 139, in print_all
    KSECATTRACCESSIBLE.get(p["clas"])[18:]]
TypeError: 'NoneType' object is not subscriptable

Original comment by fated.dr...@gmail.com on 24 Jul 2014 at 2:13

GoogleCodeExporter commented 8 years ago
ok, try adding those 2 lines in python_scripts/keychain/keychain4.py

         version, clas = struct.unpack("<LL", row["data"][0:8])
+        clas = clas & 0xF

         version, clas = struct.unpack("<LL",blob[0:8])
+        clas = clas & 0xF

Original comment by jean.sig...@gmail.com on 25 Jul 2014 at 9:00

GoogleCodeExporter commented 8 years ago
Thank you!  After applying those two lines, the script runs without errors.

Original comment by fated.dr...@gmail.com on 25 Jul 2014 at 1:22

GoogleCodeExporter commented 8 years ago
This issue was updated by revision 195f7cad875f.

keychain4.py: mask clas field for iOS 7

Original comment by jean.sig...@gmail.com on 3 Sep 2014 at 4:27

GoogleCodeExporter commented 8 years ago
This issue was updated by revision 44cf8b8dcb78.

Support for iOS 7 ASN1 keychain blobs, thanks to Steve Dunham

Original comment by jean.sig...@gmail.com on 21 Sep 2014 at 1:10

GoogleCodeExporter commented 8 years ago
hi .. I have tried to decrypt the iPad2 keychain from the backup (with password)
everything seemed ok but the last step, the password was requested:
"If you have key835 for device 575xxx enter it
(in hex)"
I entered my backup password but it did not work and shown "Cannot decrypt 
backup keybag. Wrong password ?"
please let me know what was wrong with it?
now ipad2 is in IOS 7.1 and the backup was created by itunes  11.4
thanks 

Original comment by vth...@gmail.com on 14 Dec 2014 at 11:38

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Hi I just came accross this and have done everything I need to do to run the 
tool on windows command prompt but i get an error.

ImportError: No module named pyasn1.codec.der.decoder

Original comment by mr1989aw...@gmail.com on 23 Feb 2015 at 11:32