iOS模拟器 - 查看钥匙串的内容 [英] iOS Simulator - View content of Keychain

问题描述

我在iOS钥匙串中存储我的应用程序的用户名和密码。我正在使用Appcelerator开发应用程序，并使用以下

我设法找到我写的东西使用此工具打开数据库时的钥匙串，然后转到浏览数据并为表格选择 genp 。之后，检查 agrp 列字段值，因为它显示了谁将该条目写入Keychain数据库。您可以通过在那里找到 TEAMID.com.your.app.bundle.id 值找到您在应用中编写的内容。

干杯

I am storing username and password of my application in iOS keychain. I am developing the application using Appcelerator and am using the following module. Through the API, I can perform all the CRUD operations ob both device and simulator.

After reading few blogs and topics on penetration testing for keychain, I came to know the keychain information is stored on a SQL database. My objective is to find this particular database and open to read its content. I want to see that the information has been stored there (accepted that the data will be encrypted and all gibberish) but hoping that there will be an identifier which will specify the access group.

I just want to open the database, check the table and ensure that the content has been saved in that table. I will be performing this entire task on iOS 9.3 simulator as I do not have a jail-broken device.

If this is against SO or not related to development question, would request the mods to close it and not give downvote.

解决方案

This should not be anything too hard, especially having in mind that you are prepared to see "encrypted and gibberish" content in there.

You should simply go to ~/Library/Developer/CoreSimulator/Devices folder and find UUID of your desired simulator whose Keychain you want to access. Once you have found which UUID-named folder belongs to your Simulator, go inside that folder and go to data/Library/Keychains folder.

In there, you will see keychain-2-debug.db file which is the SQLite database file you are looking for.

After that, use tool like http://sqlitebrowser.org/ to browse the database.

I managed to find things I was writing into Keychain when I have opened the database with this tool, then going to Browse Data and picking up genp for the table. After that, check agrp column field value, because it shows who wrote that entry to Keychain database. You will find stuff you wrote with your app by spotting TEAMID.com.your.app.bundle.id value in there.

Cheers

这篇关于iOS模拟器 - 查看钥匙串的内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！