By Patrick Toomey
So, apparently when I released the initial version of Keychain Dumper I failed to account for the fact that the keychain stores protected data in a few different tables within the keychain-2.db SQlite database. Someone left a comment on the initial release letting me know they were not seeing mail accounts, etc being dumped. A quick look at my code and the Apple development docs and I noticed that sure enough, I was only decrypting items with the “kSecClassGenericPassword” security class. I quickly updated the code to also decrypt the “kSecClassInternetPassword” security class as well. There are additional security classes, but they don’t appear all that interesting to the average user (let me know if this isn’t correct). So, I’ve updated the code on GitHub here. I performed a 30 second check, and it appears to now dump all of the same items as before, as well as items from the Internet passwords table. Let me know if anyone has any issues with the update.
On a final note, the README.md on GitHub mentions creating a symbolic link to build the project. The link in the readme refers to the iOS 4.2 SDK. However, when I updated the tool I noticed that my SDK was now set to 4.3, and I had to update the symbolic link accordingly. So, either just download the binary release on GitHub, or make sure you take note of your SDK version.