Login/Register
iOS Simulator - View content of Keychain
Asked Answered
Solved ioskeychain
B

1

26

I am storing username and password of my application in iOS keychain. I am developing the application using Appcelerator and am using the following module. Through the API, I can perform all the CRUD operations ob both device and simulator.

After reading few blogs and topics on penetration testing for keychain, I came to know the keychain information is stored on a SQL database. My objective is to find this particular database and open to read its content. I want to see that the information has been stored there (accepted that the data will be encrypted and all gibberish) but hoping that there will be an identifier which will specify the access group.

I just want to open the database, check the table and ensure that the content has been saved in that table. I will be performing this entire task on iOS 9.3 simulator as I do not have a jail-broken device.

Bryant answered 25/1, 2017 at 22:38 Comment(3)
If you want to dump the keychain table , you need a jailbraken device. github.com/ptoomey3/Keychain-Dumper .Fluorine
Will that not be possible to do the same thing using iOS Simulator?Bryant
raywenderlich.com/45645/ios-app-security-analysis-part-1 , this is an outdated guide and I have not checked if it is working nowadays. But thats a complete guide how to do it on the simulator if possible, I think, (not read through it all) but thats all I could find for you. :)Fluorine
W
90

This should not be anything too hard, especially having in mind that you are prepared to see "encrypted and gibberish" content in there.

You should simply go to ~/Library/Developer/CoreSimulator/Devices folder and find UUID of your desired simulator whose Keychain you want to access. Once you have found which UUID-named folder belongs to your Simulator, go inside that folder and go to data/Library/Keychains folder.

In there, you will see keychain-2-debug.db file which is the SQLite database file you are looking for.

After that, use a tool like http://sqlitebrowser.org/ to browse the database.

SQLite browser

I managed to find things I was writing into Keychain when I have opened the database with this tool, then going to Browse Data and picking up genp for the table. After that, check agrp column field value, because it shows who wrote that entry to Keychain database. You will find stuff you wrote with your app by spotting TEAMID.com.your.app.bundle.id value in there.

Cheers

Westland answered 2/3, 2017 at 19:57 Comment(7)
To find the UUID of the device in your simulator, enter xcrun simctl list | egrep '(Booted)' in the terminal. Shout out to TiBooX at #6952779 for this lovely gem.Wulfenite
@c4k - Are you asking for the code snippet used to read value from the Keychain that got written?Westland
@Westland no I was wondering how to read the data in sqlite browser (if it is possible)Leeuwarden
@Leeuwarden Ah. Sorry, didn't understand you at first. Honestly, I never tried it nor I think it's possible. I was simply writing the values in Keychain from my app and verified if they were successfully written by reading them also from the app and comparing with what I tried to write.Westland
To find the UUID of a device, you can now look in the device_set.plist found in the ~/Library/Developer/CoreSimulator/Devices folder.Monahon
I sorted devices folder by 'date modified' desc and my simulator was on topArchiearchiepiscopacy
I use this alias to open the keychain directory of the currently booted simulator: alias openBootedSimKeychains="open \$(echo \$(xcrun simctl list | egrep '(Booted)') | grep -oE '\([A-F0-9-]+\)' | tr -d '()' | xargs -I {} echo ~/Library/Developer/CoreSimulator/Devices/{}/data/Library/Keychains)"Necrophilia

© 2022 - 2024 — McMap. All rights reserved.