lifepillar / csvkeychain Goto Github PK
View Code? Open in Web Editor NEWImport/export between Apple Keychain.app and plain CSV file.
Import/export between Apple Keychain.app and plain CSV file.
You mention that the "script always asks for the password to unlock your keychain (you recognise the dialog by the Script Editor icon). Since that dialog is not very secure, it is recommended that you change your keychain's password in Keychain.app before exporting your keychain, and restore the original password afterwards."
Do you have further information on the attack vector here? Is it based on:
o Unknown origin of this script?
o Applescript security vulnerability?
o Memory storage of the password? But then, how would Keychain app handle this?
I'm trying to keep a portable backup of my Keychain data and was hoping this script would solve this. I'm just concerned about security implications and having to change the Keychain login password every time.
Thanks for the pointers.
I entered the wrong password and now when running the script again I'm unable to enter the correct info...how can I resolve that issue?
Getting the error:
This script will be terminated prematurely because the following error has occurred:
security: SecKeychainUnlock /Users/mlawler/Library/Keychains/login.keychain-db: The user name or passphrase you entered is not correct.
(Error number: 51)
I created a new keychain and a passwort item in this keychain.
I edited the exported csv, altered the entry and imported the csv to the same (also tried another new) keychain.
The script declares the import succeeded but the entry doesn't show in the keychain.
This script will be terminated prematurely because the following error has occurred:
Cannot process file: mandatory "Where" field is missing.
(Error number: -2700)
This is on macOS 10.14.6.
I can't select the User.keychain file on my desktop to convert it to a CSV.
File isn't encrypted and everyone has full read/write permissions.
When I try to copy my System keychain data to a new Keychain, it asks for a username and password. It works with the administrator user, but having to do this for 100 items makes this really annoying as hell. Obviously the script doesn't work for this situation.
The whole endeavor is quite maddening. I tried using security export -k /Users/ball/SystemExport.keychain -o /tmp/SystemExport -P but the System password is, of course, in binary.
Please, update readme with these workarounds to make it work on last macOS versions
This script will be terminated prematurely because the following error has occurred:
Can’t make alias "Macintosh HD:Users:esalberg:Library:Keychains:" into type alias.
(Error number: -1700)
This is on macOS 10.15 Beta (19A501i).
The comments say "The script always asks for the password to unlock your keychain (you recognise the dialog by the Script Editor icon). Since that dialog is not very secure, it is recommended that you change your keychain's password in Keychain.app before exporting your keychain, and restore the original password afterwards."
Can anyone comment further on the security issue with more details of how an exploit could occur? Thanks
I didn't know where else to put this, but I thought I'd mention it in case anyone was having the same issue.
There are no built-in tools for decrypting the System keychain, but there is a python script called chainbreaker.py which can:
https://github.com/n0fate/chainbreaker
I did a simple edit of the script around line 848:
cmd = '/usr/bin/security add-generic-password -a "%s"' % record[8].strip('\0')
cmd += ' -l "%s"' % record[8].strip('\0')
cmd += ' -s "%s"' % record[9].strip('\0')
cmd += ' -D "%s"' % record[3].strip('\0')
cmd += ' -w "%s"' % passwd.strip('\0')
cmd += ' -T "/usr/libexec/airportd" "/Library/Keychains/System.keychain"'
print 'cmd: %s' % cmd
# hexdump(cmd)
print ''
os.system(cmd)
This will only modify your System keychain if you run it as root. Be careful before you do, and make sure you're well enough versed in how the security program works, particularly the add-generic-password command. You can also copy and paste the individual commands for each wifi password you wish to migrate which is probably the safer option (although I had so many I just dumped it).
No applescript/automator magic needed.
It works really well in the beginning, then at one point it just stops with a success message, but not all passwords are exported, really odd.
Thanks for your work though.
Steps to reproduce:
Process: Keychain Access [14513]
Path: /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access
Identifier: com.apple.keychainaccess
Version: 10.5 (55237.220.1)
Build Info: KeychainAccess-55237220001000000~105
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: Keychain Access [14513]
User ID: 501
Date/Time: 2018-11-15 08:07:07.230 +0100
OS Version: Mac OS X 10.14.1 (18B75)
Report Version: 12
Bridge OS Version: 3.1 (16P1065)
Anonymous UUID: C7CB0C10-B4F2-6ED0-77FA-F29DBCD7C577
Sleep/Wake UUID: A8DF03D8-0031-4A7F-9C63-950760D50213
Time Awake Since Boot: 19000 seconds
Time Since Wake: 2500 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [14513]
VM Regions Near 0x4:
-->
__TEXT 0000000104f59000-0000000104fbb000 [ 392K] r-x/rwx SM=COW /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access
Application Specific Information:
dyld3 mode
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.security 0x00007fff5221fef3 Security::NameValueDictionary::NameValueDictionary(Security::CssmData const&) + 77
1 com.apple.security 0x00007fff523d0a71 SecKeychainItemCopyFromPersistentReference + 319
2 com.apple.security 0x00007fff5221dd70 SecIdentityCopyPreference + 873
3 com.apple.keychainaccess 0x0000000104f77f41 0x104f59000 + 126785
4 com.apple.keychainaccess 0x0000000104f760cb 0x104f59000 + 118987
5 com.apple.AppKit 0x00007fff43e01a5e -[NSTableView preparedCellAtColumn:row:] + 473
6 com.apple.AppKit 0x00007fff44095db6 -[NSOutlineView preparedCellAtColumn:row:] + 51
7 com.apple.AppKit 0x00007fff43e01704 -[NSTableView _drawContentsAtRow:column:withCellFrame:] + 47
8 com.apple.AppKit 0x00007fff44095d22 -[NSOutlineView _drawContentsAtRow:column:withCellFrame:] + 77
9 com.apple.AppKit 0x00007fff43e00e4e -[NSTableView drawRow:clipRect:] + 2011
10 com.apple.AppKit 0x00007fff43e001f1 -[NSTableView drawRowIndexes:clipRect:] + 500
11 com.apple.AppKit 0x00007fff44093d2f -[NSOutlineView drawRowIndexes:clipRect:] + 98
12 com.apple.AppKit 0x00007fff43dfdfc3 -[NSTableView drawRect:] + 1341
13 com.apple.AppKit 0x00007fff43dfa755 _NSViewDrawRect + 66
14 com.apple.AppKit 0x00007fff43df900d -[NSView(NSInternal) _recursive:displayRectIgnoringOpacity:inContext:shouldChangeFontReferenceColor:stopAtLayerBackedViews:] + 1545
15 com.apple.AppKit 0x00007fff43df89f2 __46-[NSView(NSLayerKitGlue) drawLayer:inContext:]_block_invoke + 192
16 com.apple.AppKit 0x00007fff43df8751 -[NSView(NSLayerKitGlue) _drawViewBackingLayer:inContext:drawingHandler:] + 1769
17 com.apple.AppKit 0x00007fff43ece780 -[_NSBackingLayerContents drawLayer:inContext:] + 165
18 com.apple.QuartzCore 0x00007fff51748d6e -[CALayer drawInContext:] + 281
19 com.apple.AppKit 0x00007fff43ece3da -[_NSTiledLayer drawTile:inContext:] + 605
20 com.apple.AppKit 0x00007fff43ece123 -[_NSTiledLayerContents drawLayer:inContext:] + 181
21 com.apple.QuartzCore 0x00007fff51748d6e -[CALayer drawInContext:] + 281
22 com.apple.AppKit 0x00007fff43ece063 -[NSTileLayer drawInContext:] + 148
23 com.apple.QuartzCore 0x00007fff51735a83 CABackingStoreUpdate_ + 577
24 com.apple.QuartzCore 0x00007fff5179682d invocation function for block in CA::Layer::display_() + 53
25 com.apple.QuartzCore 0x00007fff51734c78 -[CALayer _display] + 1839
26 com.apple.AppKit 0x00007fff43ecdfab -[NSTileLayer display] + 114
27 com.apple.AppKit 0x00007fff43ecc46a -[_NSTiledLayerContents update:shouldCallPrepareContent:] + 4780
28 com.apple.AppKit 0x00007fff43ecaf2a -[_NSTiledLayer display] + 411
29 com.apple.QuartzCore 0x00007fff517341a4 CA::Layer::display_if_needed(CA::Transaction*) + 634
30 com.apple.QuartzCore 0x00007fff5172242f CA::Context::commit_transaction(CA::Transaction*) + 319
31 com.apple.QuartzCore 0x00007fff51721d00 CA::Transaction::commit() + 576
32 com.apple.AppKit 0x00007fff44043d56 -[_NSScrollingConcurrentMainThreadSynchronizer _synchronize:completionHandler:] + 331
33 com.apple.AppKit 0x00007fff44043bd9 __80-[_NSScrollingConcurrentMainThreadSynchronizer initWithSharedData:constantData:]_block_invoke + 145
34 libdispatch.dylib 0x00007fff7390ddcf _dispatch_client_callout + 8
35 libdispatch.dylib 0x00007fff739105dc _dispatch_continuation_pop + 427
36 libdispatch.dylib 0x00007fff7391f8ed _dispatch_source_invoke + 2013
37 libdispatch.dylib 0x00007fff73918e25 _dispatch_main_queue_callback_4CF + 807
38 com.apple.CoreFoundation 0x00007fff4677ae8b __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9
39 com.apple.CoreFoundation 0x00007fff4677a59a __CFRunLoopRun + 2335
40 com.apple.CoreFoundation 0x00007fff46779a28 CFRunLoopRunSpecific + 463
41 com.apple.HIToolbox 0x00007fff45a12b35 RunCurrentEventLoopInMode + 293
42 com.apple.HIToolbox 0x00007fff45a1286b ReceiveNextEventCommon + 618
43 com.apple.HIToolbox 0x00007fff45a125e8 _BlockUntilNextEventMatchingListInModeWithFilter + 64
44 com.apple.AppKit 0x00007fff43cceeb7 _DPSNextEvent + 997
45 com.apple.AppKit 0x00007fff43ccdc56 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
46 com.apple.AppKit 0x00007fff43cc7cb9 -[NSApplication run] + 699
47 com.apple.AppKit 0x00007fff43cb73f7 NSApplicationMain + 780
48 libdyld.dylib 0x00007fff7395c08d start + 1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.