Notes About The Keychain Dumper
Leon Jacobs edited this page Jul 11, 2017
·
2 revisions
Pages 29
Table of Contents
Generic Guides
- Components
- Installation
- Updating
- Using objection
- Early Instrumentation
- Working with Jobs
- Logging Information
- Resources
- Hacking
- Development Environment Installation
- Agent Development Environment
- Plugins
- Gadget Configurations
iOS
without a jailbreak
with a jailbreak
other
Android
without root
with root
other
API
Clone this wiki locally
It is possible to dump the entries in the iOS keychain with objection and the ios keychain dump command. This is achieved by building a query dictionary just like you would in an iOS application, and querying for all of the available object class types such as kSecClassKey, kSecClassIdentity and kSecClassInternetPassword.
There are a few important things to keep in mind though:
- This command will only dump keychain entries for the current application. In fact, a more 'correct' way of saying this is that it will only dump entries for the current entitlement group.
- The entitlement group your application will use comes from the
embedded.mobileprovisionfile used when patching and resigning the IPA. - When patching multiple IPA's, it is common to re-use an
embedded.mobileprovisionfile. This is fine, but it is important to remember that other applications keychain entries may exist when you dump the keychain.