KeyChain and Snoop-it, keychainsnoop-it in iOS Reverse Engineering

Source: Internet
Author: User
Tags key string

KeyChain and Snoop-it, keychainsnoop-it in iOS Reverse Engineering

The topic of today's blog is Keychain. In this blog, we will use a Login Demo to store the user name and password in the KeyChain and check what is stored in the KeyChain, export the content. Of course, the focus of this blog is not how to use Keychain to store your user name and password. However, this knowledge is used in today's blog. Apple's Development Documentation provides a complete example of Keychain (See iOS Keychain Services Tasks). The storage and updates of user names and passwords in today's blog are examples provided in the official documentation. That is to say, the code on the development document that is directly copied will not be copied up today. For details, refer to the official development document.

The topic of today's blog is to store the user name and password, and then load the key string at next login. Of course, keychain can be shared in the same group, that is, apps under the same developer account can share the keychain. We will not encrypt the user name and password, but directly store them in the keychain. Then let's take a look at the effect. Then you have to use some encryption policies to process the user name and password. The specific implementation details are shown below.

 

1. Use of KeyChain

KeyChainI have never used the Keychain before. The code for KeyChain operations in today's blog mainly comes from Apple's development documentation. The content below is a simple encapsulation of keyChain operations. keychainData is used to store data to be stored in the keychain. GenericPasswordQuery is used to query data from the KeyChain. kKeychainItemIdentifier is the unique identifier of the data stored in the keyChain.

Other Code related to KeyChain operations can be found in the above-mentioned connection development documentation, so we will not repeat it too much here.


 

After encapsulating KeyChainManager, we can call this class Singleton to perform KeyChain operations. The following describes how to use KeyChainManager. You can see from the following that the AES encryption code is commented out, that is, what content will be stored when it is passed to KeyChainManager. The usage of the Keychain is so much to be said. The above official Apple documents are very clear and I will not repeat it too much here.


 

2. view the content in the Keychain Database

InJailbreak mobile phoneYou can view the content stored in the Keychain. Keychain is stored on the device in the form of a database. The storage directory is "/private/var/Keychains ". Just beside me there is a jailbreak device, below is the storage location of the keychain, below this keychain-2.db is the key string storage content database.


Now that we have found this file, we can copy it to the Mac and check that it stores the Shenma content. After you test the above files on Mac, you can use SQLiteManager to open them. You can check the content in it. Below is the structure in the database of keychain-2.db, which has 5 tables, we can focus on the structure and content of the genp table.


Below is the printing of the data in the keychainData dictionary, that is, the data below is queried from the Keychain. We can see that the keys in the dictionary below correspond to the fields in the genp table. Therefore, some data in the keychain is actually stored in the genp table.


Below is our query of the relevant data. There are a lot of data in the table, but we do not have SQL statements. You can view the data according to your own information. Of course, from this we can see that some data, even if you do not have encrypted data in the Keychain, is encrypted in the table. This is relatively safe.


 

3. Use Snoop-it to capture data in the Keychain of the corresponding app

We can use Snoop-it to view some App data. Here we will take my own Demo as an example. Previously we had data in the Keychain and stored it directly in the form of strings without any processing in the Code. Then we will use Snoop-it to view the data.

(1). Briefly describe the configuration and use of Snoop-it

Snoop-it is a very powerful tool. it is one of its functions to view the data stored in the keychain. Let's take a look at this tool. First add this (http://repo.nesolabs.de) source in your Cydia store, and then search snoop-it for installation. After installation, you will have an App with a yellow hat icon on your mobile phone. This is the Snoop-it we will use. Below is the interface when Snoop-it is opened. Click "Select App Store Apps" to Select the App you want to analyze and configure the App in Settings.


 

Enter the http access address in the Mac browser, open the App you want to listen to, and refresh the page. From the bottom, we can see that some stored information is obtained in plaintext. This shows that there is still some risk of directly storing information in plain text, so we need to encrypt the data.


We open the AES-encrypted code in the Code and store the encrypted data in the keychain to see the effect. The following code calls the AES encryption module to encrypt the data and store it in the Keychain. After opening, we re-run the project and then observe its effect.


Of course, we perform AES encryption on the data, and Snoop-it listens to the encrypted data, which increases the difficulty of reverse engineering.


 

After the above steps, we can see that the user name and password are stored in the Keychain, for the sake of security, encryption is still required. Speaking of this, when we were doing this Demo today, we also introduced the content of the keychain data shared between apps. The process is not complicated. We need to turn on the Keychain Sharing switch, and add the Boundle ID of other apps.


 

4. Other functions of Snoop-it

Snoop-itNext, let's look at another powerful function of Snoop-it. It can browse the App class hierarchy on your mobile phone. Of course, the App downloaded on the AppStore is also applicable. You can also view the attributes and methods of a file in the App. The method is all the methods corresponding to this class. Even if no calling interface is left in the. h file, it can be viewed. The function is quite powerful. Now, let's get started with today's blog.


 

5. Keychain-Dump

You can also use the KeyChain-Dump tool to view the content in the key string, that is, the keychain-dump tool can export data in the keychain. Keychain-dump is (https://github.com/ptoomey3/Keychain-Dumper) on github ). Copy the binary file keychain-dump to the jailbreak device for execution. You have no execution permission for the binary file you just copied. In order to save the trouble, you are assigned the highest permission to execute the binary file.


After the execution is complete, the content stored in the keychain will be exported. below is the data stored in the keychain by our Demo above.


When browsing data, you accidentally see sensitive data. The following figure shows the home wi-fi account and password. It can be seen that it is stored in plaintext. All the Wi-Fi passwords stored on this device can be seen before. Simply search for the AirPort.


 

For personal reasons, the Login Demo used in today's blog will not be put on github. I hope you will understand it.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.