Recover lost keychain passwords with swift

Overview

brutalkeychain

Recover lost keychain passwords using a simple swift script (so can run natively on Mac or compile and be used in other tools).

V2

Download the compiled binary or the Xcode Project (e.g. to tweak the logic). The binary has the -l (integer of length), -n (name of keychain), and -p (patterns like "tes 123") options as follows:

./BruteforceKeychain -l 8 -n login.keychain-db

The above would test a locked login keychain for all possible 8 character combinations. Given you don't need to brute force an unlocked keychain, the script will fail if the keychain is not locked.

V1

The first version of this script is really written to just be run in xcode.

Enter name or path of the keychain to crack: >>> test.keychain

Enter the parts of the password you can remember. Replace the characters you can't remember with spaces. Just press enter if can't remember anything: >>> tes 123

How long is the password? >>> 7

Then it just loops through and tries each combination of characters, working around those that are missing. The above example is only missing one character but leave that field blank and it would start with aaaaaaa and loop through until the process is stopped.

Notes

The core of the script is really this line:

let result = runCommand(cmd: "/usr/bin/security", args: "unlock-keychain", "-p", key, keychain)

Leveraging the native keychain APIs in swift would be more efficient and provide more options from a runtime perspective. For example, the keychain must be locked or the script will error out. That could be fixed by shelling out a quick function that uses this instead but was outside this scope (PRs accepted):

let result = runCommand(cmd: "/usr/bin/security", args: "lock-keychain" keychain)

But this suits the needs at hand. Changing the runCommand structure though, could be used to fix future bugs introduced by breaking changes to the security binary or even swap out to other commands to port to other tools (e.g. curl for websites/JWTs/whatevers). Also should probably compile it and make operators for -keychain -length and -patterns so it can run outside of xcode. And add a sanity check to see if the keychain is unlocked before just erroring out. Or not...

Attribution

V1 used the Ruby script at https://github.com/peterhil/keychainrecovery for the structure and a few ideas to speed up recovery (like allowing for entering parts of the password that are known) but wanted to run natively in swift.

You might also like...
Simple Objective-C wrapper for the keychain that works on Mac and iOS

SAMKeychain SAMKeychain is a simple wrapper for accessing accounts, getting passwords, setting passwords, and deleting passwords using the system Keyc

Example of using TOTP with iCloud Keychain in iOS 15

Installation This example needs Ngrok and Ruby 3.0.3+. Setup project with Makefi

A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken

Keychain Dumper Usage All that should be needed to use keychain_dumper is the binary that is checked in to the Keychain-Dumper Git repository. This bi

Recover lost keychain passwords with swift

brutalkeychain Recover lost keychain passwords using a simple swift script (so c

Generate passwords and save them in Keychain. Made with SwiftUI.
Generate passwords and save them in Keychain. Made with SwiftUI.

lockd Generate strong passwords and save them in Keychain. Join lockd Beta on TestFlight: https://testflight.apple.com/join/xJ5AlvS3 Features: Generat

Generate strong passwords and save them in Keychain. Made with SwiftUI.
Generate strong passwords and save them in Keychain. Made with SwiftUI.

lockd Password manager iOS app, generate strong passwords and save them in Keychain. Download lockd on the App Store: https://apps.apple.com/us/app/lo

Keychain - Keychain wrapper with swift

Keychain wrapper. Store a value as a generic password: let account = "an-arbitra

Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works.

Valet Valet lets you securely store data in the iOS, tvOS, watchOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy.

Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.

Valet Valet lets you securely store data in the iOS, tvOS, watchOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy.

UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults.

UICKeyChainStore UICKeyChainStore is a simple wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs as easy as NSUserDefaults. Lo

A Layer-2 framework built over Keychain API which helps in using Keychain in all your Apple devices with easiness and flexibility.
A Layer-2 framework built over Keychain API which helps in using Keychain in all your Apple devices with easiness and flexibility.

Keychain Manager Keychain Manager is a Layer-2 framework built over Keychain API which helps in using Keychain in all your Apple devices with easiness

LaiFeng IOS Live Kit,H264 and AAC Hard coding,support GPUImage Beauty, rtmp transmission,weak network lost frame,Dynamic switching rate
LaiFeng IOS Live Kit,H264 and AAC Hard coding,support GPUImage Beauty, rtmp transmission,weak network lost frame,Dynamic switching rate

LFLiveKit LFLiveKit is a opensource RTMP streaming SDK for iOS. Features Background recording Support horizontal vertical recording Support Beauty Fac

Open Source Project of LOST Locations iOS app.

LOST Location Description: LOST Location is a fan made app designed for people visiting Honolulu, Hawaii. This app lists different locations used to s

Generating OTP one-time passwords in Swift.
Generating OTP one-time passwords in Swift.

One Time Password Navigate Installation Swift Package Manager CocoaPods Manually Usage Apps Using Installation Ready to use on iOS 13+, tvOS 13+ & wat

A customisable view for entering arbitrary length pins, codes or passwords in iOS. Supports iOS 12 one time codes.
A customisable view for entering arbitrary length pins, codes or passwords in iOS. Supports iOS 12 one time codes.

CBPinEntryView CBPinEntryView is a view written in Swift to allow easy and slick entry of pins, codes or passwords. It allows backspacing, dismissal o

CHIOTPField is a set of textfields that can be used for One-time passwords, SMS codes, PIN codes, etc. Mady by @ChiliLabs - https://chililabs.io
CHIOTPField is a set of textfields that can be used for One-time passwords, SMS codes, PIN codes, etc. Mady by @ChiliLabs - https://chililabs.io

CHIOTPField CHIOTPField is a set of textfields that can be used for One-time passwords, SMS codes, PIN codes, etc. All fields support insertion of one

A customizable verification code textField. Can be used for phone verification codes, passwords etc
A customizable verification code textField. Can be used for phone verification codes, passwords etc

KKPinCodeTextField A customizable verification code textField. Can be used for phone verification codes, passwords etc. Настраиваемое текстовое поле д

SVPinView is a light-weight customisable library used for accepting pin numbers or one-time passwords.
SVPinView is a light-weight customisable library used for accepting pin numbers or one-time passwords.

SVPinView SVPinView is a light-weight customisable library used for accepting pin numbers or one-time passwords. Getting Started An example project is

Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.

KeychainAccess KeychainAccess is a simple Swift wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs extremely easy and much mor

Comments
  • Scripts break when reaching yE

    Scripts break when reaching yE

    As you can see from attatchet image the script breaks when reaching aaaaaaaaaayE, it's done this on every test I have ran.

    I've tested char lengths of 8, 11 & 12 and it erros out at the same spot.

    If you need me to do any further testing please let me know.

    Command issued: ./BruteforceKeychain\ 2 -l 8 -n login.keychain-db

    Screenshot 2022-01-03 at 15 04 42
    opened by Fifa12fcb 1
Owner
Charles Edge
Charles Edge
Keychain - Keychain wrapper with swift

Keychain wrapper. Store a value as a generic password: let account = "an-arbitra

Alejandro Ramirez 0 Mar 14, 2022
Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.

Valet Valet lets you securely store data in the iOS, tvOS, watchOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy.

Square 3.8k Jan 4, 2023
UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults.

UICKeyChainStore UICKeyChainStore is a simple wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs as easy as NSUserDefaults. Lo

Kishikawa Katsumi 3.1k Dec 28, 2022
A Layer-2 framework built over Keychain API which helps in using Keychain in all your Apple devices with easiness and flexibility.

Keychain Manager Keychain Manager is a Layer-2 framework built over Keychain API which helps in using Keychain in all your Apple devices with easiness

Gokul Nair 14 Jan 1, 2023
Generating OTP one-time passwords in Swift.

One Time Password Navigate Installation Swift Package Manager CocoaPods Manually Usage Apps Using Installation Ready to use on iOS 13+, tvOS 13+ & wat

Sparrow Code 15 Nov 11, 2022
Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.

KeychainAccess KeychainAccess is a simple Swift wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs extremely easy and much mor

Kishikawa Katsumi 7.2k Jan 5, 2023
A powerful, protocol-oriented library for working with the keychain in Swift.

Locksmith A powerful, protocol-oriented library for working with the keychain in Swift. ?? iOS 8.0+ ?? Mac OS X 10.10+ ⌚️ watchOS 2 ?? tvOS ?? I make

Matthew Palmer 2.9k Dec 21, 2022
A simple wrapper for the iOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift.

SwiftKeychainWrapper A simple wrapper for the iOS / tvOS Keychain to allow you to use it in a similar fashion to User Defaults. Written in Swift. Prov

Jason 1.5k Jan 8, 2023
Modern Swift wrapper for Keychain Services API with the benefits of static typing

SwiftyKeychainKit SwiftyKeychainKit is a simple Swift wrapper for Keychain Services API with the benefits of static typing. Define your keys in one pl

Andriy Slyusar 18 Jan 1, 2023
A keychain wrapper that is so easy to use that your cat could use it.

A keychain wrapper that is so easy to use that your cat could use it.

HyperRedink 71 Oct 15, 2022