#!/bin/bash #Original keychain_dumper by Patrick Toomey #Scrpt by @ReverseThatApp and @vocaeq KEYCHAIN_DUMPER_FOLDER=/usr/bin if [ ! -d "$KEYCHAIN_DUMPER_FOLDER" ] ; then mkdir "$KEYCHAIN_DUMPER_FOLDER" ; fi # set -e ; ENTITLEMENT_PATH=$KEYCHAIN_DUMPER_FOLDER/ent.xml dbKeychainArray=() declare -a invalidKeychainArray=("com.apple.bluetooth" "com.apple.cfnetwork" "com.apple.cloudd" "com.apple.continuity.encryption" "com.apple.continuity.unlock" "com.apple.icloud.searchpartyd" "com.apple.ind" "com.apple.mobilesafari" "com.apple.rapport" "com.apple.sbd" "com.apple.security.sos" "com.apple.siri.osprey" "com.apple.telephonyutilities.callservicesd" "ichat" "wifianalyticsd" ) echo "" > $ENTITLEMENT_PATH echo "" >> $ENTITLEMENT_PATH echo "" >> ENTITLEMENT_PATH echo " " >> $ENTITLEMENT_PATH echo " keychain-access-groups" >> $ENTITLEMENT_PATH echo " " >> $ENTITLEMENT_PATH sqlite3 /var/Keychains/keychain-2.db "SELECT DISTINCT agrp FROM genp" > ./allgroups.txt sqlite3 /var/Keychains/keychain-2.db "SELECT DISTINCT agrp FROM cert" >> ./allgroups.txt sqlite3 /var/Keychains/keychain-2.db "SELECT DISTINCT agrp FROM inet" >> ./allgroups.txt sqlite3 /var/Keychains/keychain-2.db "SELECT DISTINCT agrp FROM keys" >> ./allgroups.txt while IFS= read -r line; do dbKeychainArray+=("$line") if [[ ! " ${invalidKeychainArray[@]} " =~ " ${line} " ]]; then echo " ${line}">> $ENTITLEMENT_PATH else echo "Skipping ${line}" fi done < ./allgroups.txt # cat ./allgroups.txt | sed 's/.*/\ \ \ \ \ \ \ \ \&\<\/string\>/' >> $ENTITLEMENT_PATH rm ./allgroups.txt echo " ">> $ENTITLEMENT_PATH echo " platform-application ">> $ENTITLEMENT_PATH echo " com.apple.private.security.no-container ">> $ENTITLEMENT_PATH echo " ">> $ENTITLEMENT_PATH echo "">> $ENTITLEMENT_PATH cd $KEYCHAIN_DUMPER_FOLDER ldid -Sent.xml keychain_dumper rm ent.xml echo "Entitlements updated"