Notes About The Keychain Dumper

It is possible to dump the entries in the iOS keychain with objection and the ios keychain dump command. This is achieved by building a query dictionary just like you would in an iOS application, and querying for all of the available object class types such as kSecClassKey, kSecClassIdentity and kSecClassInternetPassword.

There are a few important things to keep in mind though:

This command will only dump keychain entries for the current application. In fact, a more 'correct' way of saying this is that it will only dump entries for the current entitlement group.
The entitlement group your application will use comes from the embedded.mobileprovision file used when patching and resigning the IPA.
When patching multiple IPA's, it is common to re-use an embedded.mobileprovision file. This is fine, but it is important to remember that other applications keychain entries may exist when you dump the keychain.

Generic Guides

iOS

without a jailbreak

with a jailbreak

Running On A Jailbroken Device

other

Android

without root

with root

Running On A Rooted Device

other

Android APK Patching

API

API Documentation

Notes About The Keychain Dumper

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Table of Contents

Generic Guides

iOS

without a jailbreak

with a jailbreak

other

Android

without root

with root

other

API

Clone this wiki locally