Decrypt Keychain.plist 6,7/10 9514 votes Apr 11, 2012. This post details the step-by-step method required to extract a plist/OAuth token from a standard (non encrypted) iTunes backup of any iOS device. EPB is able to decrypt keychain data from password-protected backups (iOS 4 and later) if the backup password is known (or has been recovered using EPB for Windows). For iTunes backups that do not have the password set, as well as for iCloud backups, keychain can be decrypted only if.
Internals of Safari Encryption Algorithm: The generated XML file (as shown above) contains encrypted password data along with website URL and username information. This stored password data is encoded using BASE64 algorithm. Note that original password data. Here is the command to covert cryptic 'keychain.plist' file to easily readable 'keychain.xml' file. Plutil.exe -convert xml1 -s -o c:keychain.xml 'c:usersadministratorappdataroam ingapple computerpreferenceskeychain.plist' This is how it will look like after decoding to XML file. Internals of Safari Encryption Algorithm.
Part 1 of this series may be found here.
Part 2 of this series may be found here.
Part 3 of this series may be found here.
Part 4 of this series may be found here.
Part 2 of this series may be found here.
Part 3 of this series may be found here.
Part 4 of this series may be found here.
Safari
I must admit, I was pretty surprised by how hidden Apple made their security information. After years of hearing how horrible Safari is in terms of general security – their password security is actually pretty decent. unfortunately, it too is able to be hacked if you know what you’re doing.
Safari stores your usernames and passwords in a file called “keychain.plist” in the following folders:
Sorry Mac users, I don’t know where this is stored on a Mac… If someone wants to give me a Mac, I’ll be more than happy to research it for them… ?
The contents of this file are pseudo-encrypted because it’s stored in a “Binary Property List” file format which is an Apple format for storing binary data. If you just open the file it will look like garbage. However, Apple provides a tool called plutil.exe that can read this format and it’s actually provided with Safari in the following folders:
Run this program in DOS using the following commands:
Decrypt Keychain.plist Iphone
This will convert the .plist file into an XML file. In the XML file, everything will be decoded except for your password which will be inside an tag called
The encrypted password is encoded using the BASE64 algorithm. Bizarrely enough, the original password data stored in the keychain.plist file is not encoded with BASE64. It is only encrypted to BASE64 when converting the .plist file into XML using the plutil program. In the .plist file, the password is encrypted using standard Windows Data Protection (DPAPI), which provides the known functions of CryptProtectData and CryptUnprotectData for encrypting / decrypting of data using your Windows authentication password. When using CryptProtectData, Safari uses a standard, static salt for all passwords which is also stored in the keychain.plist file.
So to actually decode the XML file, you must first decrypt the BASE64 encrypted data, then decrypt the Windows DPAPI encrypted data. Easy right?
BASE64 encryption can easily be broken with free code available online. From there, you need to figure out the salt to use with the Windows DPAPI CryptUnprotectData function.
For the curious, the salt generation algorithm and decryption functions are available in the Apple supplied CFNetwork.dll file which can be found in the following folders:
The salt data in the .plist file is 144 bytes long and ends with “com.apple.Safari”. Once you find the Salt in the .plist file, you can easily decrypt the passwords using the CryptUnprotectData function (available on the Microsoft MSDN website).
As you can see, Safari is much more complicated than other browsers but in the end, it’s just as easy for someone who knows what they are doing to hack.
Summary
I think that all the browsers fall short in one area or another. Firefox comes the closest but only if you enable a Master Password. IE9 has good security for Autocomplete data, but only if you do not store website history. Chrome fails in terms of protecting your usernames and passwords from any key loggers. Opera fails completely because it uses a known, static salt. Safari surprisingly enough provides decent security from someone who doesn’t know what they are doing but a true hacker should be able to decrypt your passwords with some patience.
My recommendation? Use Firefox, keep it updated and enable a strong Master Password. Again, I refer you to check out XKCD’s Password Strength cartoon for tips.
-->Entitlements are special app capabilities and security permissions granted to applications that are correctly configured to use them.
In iOS, apps run in a sandbox, which provides a set of rules that limit access between the application and certain system resources or user data. Entitlements are used to request that the system expand the sandbox to give your app additional capabilities.
To extend the capabilities of your app, an entitlement must be provided in your app’s Entitlements.plist file. Only certain capabilities can be extended and these are listed in the Working with Capabilities guide and described below. Entitlements are passed to the system as a Key/Value pair, and generally only one is required per capability. The specific Keys and Values are described in the Entitlement key reference section later in this guide.Visual Studio for Mac and Visual Studio provide a clear interface for adding entitlements in a Xamarin.iOS app through the Entitlements.plist editor.This guide introduces the Entitlements.plist editor and how to use it. It also provides a reference of all the entitlements that can be added to an iOS project for each capability.
Entitlements and provisioning
The Entitlements.plist file is used to specify entitlements and is used to sign the application bundle.
However, some additional provisioning is required to ensure that the app is code signed correctly. The provisioning profile used must contain an App ID that has the required capability enabled. For information on how to do this, refer to the Working with Capabilities guide.
Important
The Entitlements.plist file helps fill in the correct properties for an application using capabilities, but it can't generate a provisioning profile as it is not linked to an Apple developer account. You will still need to generate a provisioning profile using the developer portal to deploy and distribute the application.
Set entitlements in a Xamarin.iOS project
In addition to selecting and configuring the required application services when defining the App ID, the entitlements must also be configured in the Xamarin.iOS project by editing the Info.plist and Entitlements.plist files.
To configure the entitlements in Visual Studio for Mac, do the following:
- In the Solution pad, double-click the Info.plist file to open it.
- In the Identity section, fill in a name for the application and enter the Bundle Identifier that was created when the App ID was defined:
- Save the changes to the Info.plist file.
- In the Solution pad, double-click the Entitlements.plist file to open it for editing:
- Select and configure any entitlements required for the Xamarin.iOS application so that they match the setup that was defined when the App ID was created.
- Save the changes to the Entitlements.plist file.
To configure the entitlements in Visual Studio, do the following:
- In the Solution Explorer, double-click the Info.plist to open it for editing.
- In the iOS Application Target section, fill in a name for the application and enter the Bundle Identifier that was created when the App ID was defined:
- Save the changes to the Info.plist file.
- In the Solution Explorer, double-click on the Entitlements.plist file to open it:You can also right-click the Entitlements.plist file and choose Open with... the XML Source editor which will allow you to set the Entitlement property and key value as detailed in the Entitlement key Reference section below.
- Select and configure any entitlements required for the Xamarin.iOS application so that they match the setup that was defined when the App ID was created.
- Save the changes to the Entitlements.plist file.
Adding a new Entitlements.plist file
Entitlements are added to an app via the Entitlements.plist file. This file is included in Xamarin.iOS projects by default but may be missing from older projects.
To add an Entitlements.plist file to your Xamarin.iOS do the following:
- Right-click on the project file and browse to Add > New File…:
- In the New File dialog select iOS > Property List and name it Entitlements:
Entitlement key reference
Entitlement keys can be added via the Source panel of the Entitlements.plist editor. The required keys will normally be added when using the Entitlements.plist editor but are listed below for reference.
Wallet
- Description: Formally known as Passbook, wallet is an app that stores and manages passes. These passes may be credit cards, store cards, boarding passes, or tickets.
- Pass Type Identifier
- Keys: com.apple.developer.pass-type-identifiers
- String:
$(TeamIdentifierPrefix)*
- Pass Type Identifier
- Notes:
- This will enable your app to allow all pass types. To restrict your app and only allow a subset of team pass types, set the string value to:
$(TeamIdentifierPrefix)pass.$(CFBundleIdentifier)
Where pass.$(CFBundleIdentifier) is the Pass ID that has been created above - This will enable your app to allow all pass types. To restrict your app and only allow a subset of team pass types, set the string value to:
iCloud
- Description: iCloud provides iOS users with a convenient and simple way to store their content and share it between devices. There are four ways developers can use iCloud to provide a means of storage for their users: Key-Value storage, UIDocument Storage, CoreData, and using CloudKit directly to provide storage for Individual files and directories. For more information on these, refer to the Introduction to iCloud guide.
- iCloud Documents & CloudKit
- Keys: com.apple.developer.ubiquity-container-identifiers
- String:
$(TeamIdentifierPrefix)$(CFBundleIdentifier)
- iCloud KeyValue Storage
- Key: com.apple.developer.ubiquity-kvstore-identifier
- String:
$(TeamIdentifierPrefix)$(CFBundleIdentifier)
- iCloud Documents & CloudKit
- Notes:
- The
$(TeamIdentifierPrefix)
string can be located by logging to developer.apple.com and visit the Member Center > Your Account > Developer Account Summary to get your Team ID (or Individual ID for single developers). It will be a 10 character string ( A93A5CM278 for example). - The
$(CFBundleIdentifier)
string begins withiCloud
and is set when the iCloud container is crated as per the steps in the Working with Capabilities guide. - The $
(TeamIdentifierPrefix)
and$(CFBundleIdentifier)
placeholders can be used and will be substituted for the correct values at build time.
- The
![Decrypt keychain.plist codes Decrypt keychain.plist codes](/uploads/1/1/8/9/118942700/737976883.png)
Important
Apple provides toolsto help developers properly handle the European Union's General DataProtection Regulation (GDPR).
App Groups
- Description: An App Group allows different applications (or an application and its extensions) to access a shared file storage location.
- Key: com.apple.security.application-groups
- String: group.$(CFBundleIdentifier)
Apple Pay
- Description: Apple pay enables users to pay for physical goods via their iOS device.
- Key: com.apple.developer.in-app-payments
- String: merchant.your.mechantid
Push Notifications
- Key: aps-environment
- String:
development
orproduction
Siri
- Description: SiriKit allows an iOS app to provide services that are accessible to Siri and the Maps app on an iOS device using App Extensions and the new Intents and Intents UI frameworks. For more information, refer to the Introduction to SiriKit guide.
- Key: com.apple.developer.siri
Personal VPN
- Key: com.apple.developer.networking.vpn.api
- String: allow-vpn
Keychain Sharing
- Description: Keychain sharing enables app developers to share passwords that are stored in the device keychain with other apps developed by the same team. Access can be restricted by passing a keychain access group identifier in the string.
- Key: keychain-access-groups
- String: $(AppIdentifierPrefix) $(CFBundleIdentifier)
Inter-App Audio
![Decrypt keychain.plist mac Decrypt keychain.plist mac](/uploads/1/1/8/9/118942700/992004052.jpg)
- Description: Inter-App Audio enables developers to stream audio between apps.
- Key: inter-app-audio
- Boolean: YES
Associated Domains
- Description: Associated domains that should be handled as universal links should be passed with this entitlement. Universal links can be implemented to allow deep linking between your app and website. You should provide an entry to each domain that your app supports and each entry should begin with
applinks:
- Key: com.apple.developer.associated-domains
- String: webcredentials:example.com
Data Protection
- Description: Enabling data protection uses built-in encryption hardware to store sensitive data used in your app in an encrypted format. By default, the level of protection is set to complete protection (files are only accessible when then device is unlocked).
- Key: com.apple.developer.default-data-protection
- String: NSFileProtectionComplete
HomeKit
- Description: The HomeKit framework provides a platform for setting up, configuring, and managing supported home automation devices – all from an iOS device. For more information on using HomeKit, refer to the Introduction to HomeKit guide.
- Key: com.apple.developer.homekit
- Boolean: YES
HealthKit
- Description: HealthKit is a framework introduced in iOS 8 that provides a centralized, coordinated, and secure data store for health-related information. For more information on using HealthKit, refer to the Introduction to HealthKit guide.
- Key: com.apple.developer.healthkit
- Boolean: YES
Wireless Accessory Configuration
- Description: Using the Wireless Accessory Configuration allows your app to configure MFi Wi-Fi accessories
- Key: com.apple.external-accessory.wireless-configuration
- Boolean: YES
ClassKit
- Description: ClassKit enables teachers to view student progress onassigned activities in your app.
- Key: com.apple.developer.ClassKit-environment
- String:
development
orproduction
Decrypt Keychain-backup.plist
Summary
Decrypt Keychain.plist Tool
This guide introduced entitlements and how to use them in Visual Studio for Mac and in Visual Studio. It also provided a reference of the Key/Value pairs for each capability.