Apr 29, 2016 - this is thecno cominity of my frenshiplie I am Guide of jump start for wireless pplease give me money to so much so much good feeling in you.

In the previous article, we looked at the different ways in which we could analyze the network traffic and the api calls being made through an IOS application. In this article, we will look at how we can dump the contents of the Keychain from an IOS device. Ethical Hacking Training – Resources (InfoSec) Keychain Basics According to Apple, a Keychain in an IOS device is a secure storage container that can be used to store sensitive infromation like usernames, passwords,network passwords, authentication tokens for different applications. Apple itself uses the Keychain to store Wi-fi network passwords, VPN credentials etc. It’s a sqlite database file located at /private/var/Keychains/keychain-2.db and all the data stored in it is encrypted. Developers usually want to leverage this feature of the operating system to store credentials rather than storing it themseleves in NSUserDefaults, plist files etc.

The reason for this could be that the developer may not want the user to log in everytime and hence store the authentication information somewhere in the device and use it to log in the user automatically whenver the user opens up the app again. The keychain information for every app is stored outside of its sandbox. It is also possible to share keychain data between applications through keychain access groups. This group has to be specified while saving the data in the keychain. The best way of saving data in Keychain is to use the KeychainItemWrapper class by Apple.

A sample project can be found. The first step is to create an instance of the class. KeychainItemWrapper *wrapper = [[KeychainItemWrapper alloc] initWithIdentifier:@”Password” accessGroup:nil]; The identifier will help in fetching this information from the keychain later. In case you have to share information across applications, then you will have to specify an access group. Applications with the same access group can have access to the same keychain information.

KeychainItemWrapper *wrapper = [[KeychainItemWrapper alloc] initWithIdentifier:@”Account Number” accessGroup:@”YOUR_APP_ID_HERE.com.yourcompany.GenericKeychainSuite”]; To save info in the keychain, just use the setObject:forKey: method. In this case (id)kSecAttrAccount is a predefined key that we can use to define the account name for which we are storing the data. The kSecClass specifies the kind of information we are storing, in this case a generic password.The kSecValueData key can be used to store any form of data, in this case a password.

There are two main reasons why you might see a black window: TV Signal strength. Example: You will need to follow this procedure if you are scheduling recordings with Titan TV online program guide. For example, if you scan for TV channels in WinTV v7 and find that channel 2704 is WNBC but in the TitanTV electronic program guide WNBC is on channel 702, then do the following: • click your right mouse button on 2704 in the All Channel list • change the Preset to 702 • change the Name of the the channel to WNBC Then, when you select WNBC (channel 702) in TitanTV, it will tune to channel 2704, which is WNBC. Activation code for neopets. Where can I find my recorded files? If the TV signal strength is on the edge of being too low, you might see either a black screen where the live TV picture should be, or your live TV picture might be choppy.

[keychainItemWrapper setObject:kSecClassGenericPassword forKey:(id)kSecClass]; [wrapper setObject:@”username” forKey:(id)kSecAttrAccount]; [keychainItemWrapper setObject:@”password”forKey:(id)kSecValueData]; [wrapper setObject:(id)kSecAttrAccessibleAlwaysThisDeviceOnly forKey:(id)kSecAttrAccessible]; The kSecAttrAccessible variable is used to specify when does the application need access to that data. We should be careful while using this option and use the most restrictive option. There are six possible values for this key which can be found in the screenshot below from Apple’s. Click to Enlarge Ofcourse, we should never use kSecAttrAccessibleAlways. A safe option to go for would be kSecAttrAccessibleWhenUnlocked. Also, there are options that end with ThisDeviceOnly. If this option is chosen, the data is encrypted with a hardware specific key and hence could not be transferred to or viewed from another device.

Even though they enforce additional security, it might not be a good idea to use them unless you have a good reason to not allow the migration of data between backups. To fetch information from the keychain, use this. NSString *accountName = [wrapper objectForKey:(id)kSecAttrAccount]; Analyzing Keychain read-write using Snoop-it One of the great tools to analyze the data being written to the keychain is Snoop-it. If you haven’t seen it yet, check out tutorial in the same series on Snoop-it.

Now run the project on your jailbroken device and analyze it using Snoop-it. There is already a tutorial for running applications with self-signed certificates in this series which could be found. This app is just a sample project to demonstrate how to read and write from Keychain using a Obective-C wrapper class KeychainWrapper. Make sure this app is being analyzed using Snoop-it. Now open the app and this is the interface that we see.

Now enter some username and password and save it. In this case, lets enter the username as “Test User” and the password as “password”. You will see that Snoop-it detects any change to the keychain and is able to tell us the information stored in the keychain. It also tells us the protection attributes for the saved information.