Dumping iOS Keychain Contents

In this post we will look at dumping the contents of the keychain on an iOS device. To do this we will use the Keychain Dumper tool available here

A keychain is a secure storage container that can be used to store sensitive information such as passwords, WiFi passwords and authentication tokens for different applications.The devices passcode is used to encrypt the keychain so once the device is jailbroken it is possible to read the contents of the .db file.

The steps outlined below are performed using a Jailbroken iPad (7.0.6) and a Mac.

First we need to sftp into the jailbroken iOS device. The default password is 'alpine'

Next we want to upload the keychain_dumper binary to the iOS device. We can move it to the temp folder.

We also want to make sure that it is executable, you can do this using the chomd command

Next we want to make sure that the keychain is readable, again we can use chmod

Now we can run the binary. To do this you can run the ./key_dumper command in the tmp folder

The tool dumps out all the contents of the keychain. This can include usernames and passwords used by applications and also wireless keys.

You can see usage information by using the -h switch

One of the best ways to make your keychain more secure is to use a strong passcode. As shown in an older post it is possible to brutefore a 4 digit passcode in a matter of minutes using the iPhone dataprotection tools.