前提条件:ios设备越狱,已安装ssh工具
1.Mac终端命令连接到设备上 ssh root@192.168.1.100(你的设备ip)
mac-mini:~ ice$ ssh root@192.168.50.125
root@192.168.50.125's password:
Icede-4s:~ root#
2.赋予Keychain数据库可读权限
Icede-4s:~ root# cd /private/var/Keychains/
Icede-4s:/private/var/Keychains root# ls
TrustStore.sqlite3 keychain-2.db ocspcache.sqlite3-shm
accountStatus.plist keychain-2.db-shm ocspcache.sqlite3-wal
caissuercache.sqlite3 keychain-2.db-wal
caissuercache.sqlite3-journal ocspcache.sqlite3
Icede-4s:/private/var/Keychains root# chmod +r keychain-2.db
3.下载 Keychain-Dumper
4.上传keychain_dumper可执行文件到ios设备 /bin 目录下
(1)Ctrl+D 退出iOS设备 SSH连接
(2)上传keychain_dumper可执行文件
mac-mini:~ ice$ scp /Users/ice/Downloads/Keychain-Dumper-master/keychain_dumper root@192.168.50.125:/bin
root@192.168.50.125's password:
keychain_dumper 100% 207KB 206.6KB/s 00:00
5.查看keychain_dumper是否有可执行权限到iOS设备的/bin目录下
Icede-4s:~ root# ls -l /bin/keychain_dumper
-rwxr-xr-x 1 root wheel 211584 Aug 18 10:12 /bin/keychain_dumper
6.没有则为其添加执行权限
Icede-4s:~ root# chmod +x /bin/keychain_dumper
7.解密keychain信息
Icede-4s:~ root# /bin/keychain_dumper
8.将keychain生成文件
iPhone:~ root# cd /private/var/Keychains
iPhone:/private/var/Keychains root# /bin/keychain_dumper > keychain-export.txt
iPhone:/private/var/Keychains root#
如图所示:
9、导出txt文件,并查看
scp root@192.168.2.39:/private/var/Keychains/keychain-export.txt /Users/young/Desktop/qwe