macOS

【macOS】Keychain 破解

Posted by 西维蜀黍 on 2022-03-01, Last Modified on 2023-05-16

Keychain

A keychain is a locked, encrypted container used in Keychain Access to store account names and passwords for apps, servers, AirPort base stations, and websites. You can also use keychains to store confidential information such as credit card numbers or personal identification numbers (PINs) for bank accounts.

The keychain files are stored in ~/Library/Keychains, /Library/Keychains/ and /Network/Library/Keychains/. These files are viewed and edited through an application called Keychain Access, found in the Utilities folder in the Applications folder.

  • Your keychain (for your personal account) is stored in the Library: /Users/<accountname>/Library/Keychains/login.keychain

Creack

https://github.com/n0fate/chainbreaker

https://github.com/nkraetzschmar/chainbreaker

# disable SIP, and reboot

# https://github.com/nkraetzschmar/chainbreaker/archive/refs/tags/v0.9.zip
$ git clone https://github.com/nkraetzschmar/chainbreaker.git

# crack System.keychain
# able to get all private keys on macOS Monterey 12.6
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-private-keys --unlock-file /var/db/SystemKey /Library/Keychains/System.keychain
# able to get all private keys on macOS Monterey 12.6
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-public-keys --unlock-file /var/db/SystemKey /Library/Keychains/System.keychain

# crack /Users/[username]/Library/Keychains/login.keychain OR /Users/[username]/Library/Keychains/login.keychain-db
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-private-keys --password-prompt /Users/[username]/Library/Keychains/login.keychain 
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-public-keys --password-prompt /Users/[username]/Library/Keychains/login.keychain 

# Alternatively, you could dump/export the certificate from Keychain Access App directly
# And then, convert a certificate between binary DER encoding (.cer) and textual PEM encoding
$ openssl x509 -inform der -in output.cer -out my_output.pem

# Manually compose a cert with a private key by using the following format
$ vim my-cer.pem
-----BEGIN CERTIFICATE-----
<paste the cert dumped to be here>
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
<paste the private key dumped to be here>
-----END PRIVATE KEY-----%

# import a certificate with a private key into System.keychain
$ sudo security import my-cer.pem -k /Library/Keychains/System.keychain

关于证书相关转换,refer to https://swsmile.info/post/certificates/

Reference

FEATURED TAGS
algorithm algorithmproblem architecturalpattern architecture aws c# cachesystem codis concurrentcontrol database dataformat datastructure debug design designpattern distributedsystem django docker domain engineering freebsd git golang grafana hackintosh hadoop hardware hexo http hugo ios iot java javaee javascript kafka kubernetes linux linuxcommand linuxio lock macos markdown microservices mysql nas network networkprogramming nginx node.js npm oop openwrt operatingsystem padavan performance programming prometheus protobuf python redis router security shell software-testing spring sql systemdesign truenas ubuntu vmware vpn windows wmware wordpress zookeeper
FRIENDS

TOC