【macOS】Keychain 破解

Posted by 西维蜀黍 on 2022-03-01, Last Modified on 2022-03-09

Keychain

A keychain is a locked, encrypted container used in Keychain Access to store account names and passwords for apps, servers, AirPort base stations, and websites. You can also use keychains to store confidential information such as credit card numbers or personal identification numbers (PINs) for bank accounts.

The keychain files are stored in ~/Library/Keychains, /Library/Keychains/ and /Network/Library/Keychains/. These files are viewed and edited through an application called Keychain Access, found in the Utilities folder in the Applications folder.

  • Your keychain (for your personal account) is stored in the Library: /Users/<accountname>/Library/Keychains/login.keychain

Creack

https://github.com/n0fate/chainbreaker

https://github.com/nkraetzschmar/chainbreaker

# crack System.keychain
$ sudo python2.7 chainbreaker/chainbreaker.py --dump-private-keys --unlock-file /var/db/SystemKey /Library/Keychains/System.keychain

# import a certificate with a private key into System.keychain
$ sudo security import my-cer.pem -k /Library/Keychains/System.keychain

关于证书相关转换,refer to https://swsmile.info/post/certificates/

Reference