Skip to content
Breaking the iCloud Keychain Artifacts
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
crypto
tests
LICENSE
README.md add a option and some data type Jan 22, 2018
blobparser.py
exportDB.py Support to decrypt items encrypted by device key on macOS 10.13 or la… Jul 24, 2019
iChainbreaker.py
itemv7.proto
itemv7.py Support to decrypt items encrypted by device key on macOS 10.13 or la… Jul 24, 2019
itemv7_pb2.py Support Local Items keychains from Mojave Apr 2, 2019
keybag.py Support to decrypt items encrypted by device key on macOS 10.13 or la… Jul 24, 2019
requirements.txt Support Local Items keychains from Mojave Apr 2, 2019

README.md

iChainbreaker

iChainbreaker is just PoC code for analyzing iCloud Keychain. This project will be merged with Chainbreaker

How to use

n0fate@MacBook-Pro:~/iChainbreaker$ python iChainbreaker.py -h
usage: iChainbreaker.py [-h] -p PATH -k KEY [-x EXPORTFILE] -v VERSION

Tool for iCloud Keychain Analysis by @n0fate

optional arguments:
  -h, --help            show this help message and exit
  -p PATH, --path PATH  iCloud Keychain Path(~/Library/Keychains/[UUID]/)
  -k KEY, --key KEY     User Password
  -x EXPORTFILE, --exportfile EXPORTFILE
                        Write a decrypted contents to SQLite file (optional)
  -v VERSION, --version VERSION
                        macOS version(ex. 10.13)
n0fate@MacBook-Pro:~/iChainbreaker$ 

Reference

Sogeti ESEC Lab, iPhone data protection in depth, HITB Amsterdam 2011.

License

GPL v2

You can’t perform that action at this time.