KeySteal

KeySteal is a macOS <= 10.14.3 Keychain exploit that allows you to access passwords inside the Keychain without a user prompt. The vulnerability has been assigned CVE-2019-8526 number.
KeySteal consists of two parts:

KeySteal Daemon: This is a daemon that exploits securityd to get a session that is allowed to access the Keychain without a password prompt.
KeySteal Client: This is a library that can be injected into Apps. It will automatically apply a patch that forces the Security Framework to use the session of our keysteal daemon.

Building and Running

Open the KeySteal Xcode Project
Build the keystealDaemon and keystealClient
Open the directory which contains the built daemon and client (right cick on keystealDaemon -> Open in Finder)
Run dump-keychain.sh

TODO

Add a link to my talk about this vulnerability at Objective by the Sea

License

For most files, see LICENSE.txt.
The following files were taken (or generated) from Security-58286.220.15 and are under the Apple Public Source License:

handletypes.h
ss_types.h
ucsp_types.h
ucsp.hpp
ucspUser.cpp

A copy of the Apple Public Source License can be found here.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
KeySteal.xcodeproj		KeySteal.xcodeproj
keystealClient		keystealClient
keystealDaemon		keystealDaemon
.gitignore		.gitignore
LICENSE.txt		LICENSE.txt
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

KeySteal

Building and Running

TODO

License

About

Releases

Packages

Contributors 3

Languages

License

LinusHenze/Keysteal

Folders and files

Latest commit

History

Repository files navigation

KeySteal

Building and Running

TODO

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages