Decrypt Mac OS Keychain Elcomsoft Password Digger is a Windows tool for decrypting the content of system and user keychains pulled from a Mac OS computer. The tool exports the full data set into an XML file or builds a filtered dictionary for using with password recovery tools. The system and all user keychains can be decrypted.
Elcomsoft Password Digger enables access to highly sensitive information including Wi-Fi passwords, user’s Apple ID and iTunes passwords, Web site and email account passwords, as well as other sensitive information. Using Elcomsoft Password Digger together with other ElcomSoft tools opens a way to download iCloud backups created by the user’s iPhone or iPad (via ), and offers a better chance of breaking other passwords faster by generating a custom dictionary (via ). Extract macOS Passwords.
ElcomSoft iOS Forensic Toolkit provides easy access to perform physical evidence acquisition to encrypted information stored in iOS base devices. This toolkit offers investigators the ability to access protected file system dumps extracted from iPhone and iPad devices even if the data has been encrypted by iOS 4. Elcomsoft Phone Breaker enables forensic access to password-protected backups for. Of all generations released to date, including the iPhone 8/Plus, iPhone X and iOS 11. The tools are available in both Windows and Mac versions of the tool. IBooks (documents including PDF files that were added by the user).
![Elcomsoft ios forensic toolkit 4.10 Elcomsoft ios forensic toolkit 4.10](https://www.elcomsoft.ru/images/screenshots/eift_s7.png)
Build Custom Dictionary Elcomsoft Password Digger offers a one-click tool to automatically extract all relevant passwords and save them into a filtered, plain-text dictionary. Attacking many types of passwords is impossible without a quality dictionary. Even with GPU acceleration, certain types of passwords (such as those protecting Microsoft Office 2010-2013 documents) are just too slow to brute force. A custom dictionary containing the user’s other passwords is invaluable in assisting these types of attacks.
![Iphone Iphone](https://www.elcomsoft.ru/images/screenshots/eift_s6.png)
By reviewing a list of user’s passwords, experts may be able to derive a common pattern, creating a set of rules for the password recovery tool. Brute-forcing Microsoft Office 2010 passwords can take ages even with GPU acceleration Elcomsoft Password Digger can produce highly relevant password dictionaries in one click. By extracting all passwords stored in the user’s keychain and saving them into a plain, filtered text file that only contains the passwords, Elcomsoft Password Digger allows building a highly relevant custom dictionary for breaking strong passwords. The resulting file can be used for dictionary attacks with, as well as with individual password recovery tools. Extract Keychain Data In order to use Elcomsoft Password Digger, experts will need a Windows PC, keychain files extracted from Mac OS, as well as the user’s authentication information (Mac OS login and password or keychain password, if it’s different).
For decrypting system keychains, the tool will require a decryption key that must be extracted from the Mac OS computer (administrative privileges are required to extract the file from a live system). Keychain was introduced with Mac OS 8.6 as means to provide secure storage for sensitive information. Mac OS X uses keychain to manage system-wide and user passwords. System passwords such passwords to Wi-Fi networks are stored in the system keychain, while pretty much everything else ends up in the user keychain. Here’s an incomplete list of information can be extracted from Mac OS keychain. System Keychain. Wi-Fi passwords User Keychain.
Apple ID password. Password to iTunes backups. AirPort and TimeCapsule passwords. Passwords to Web sites and accounts.
VPN, RDP, FTP and SSH passwords. Passwords to mail accounts including Gmail and Microsoft Exchange. Passwords to network shares. iWork document passwords Information stored in the keychain is securely encrypted. System keychain uses a decryption key stored in a file, while user keychains are typically encrypted with keys derived from users’ Mac OS account passwords. Apple offers an in-house tool for viewing items stored in the keychain called Keychain Access. However, using Keychain Access for forensic purposes is slow and inconvenient as the Apple tool requires the user has to re-enter the password for viewing each individual record.
Elcomsoft Password Digger can save hours by dumping information stored in the keychain into an XML file that can be loaded into a forensic tool for examination. Information extracted with Elcomsoft Password Digger can be used with other ElcomSoft products to extract even more information from other sources. Extracting the user’s Apple ID password is highly valuable for an investigation. Having the user’s Apple ID password, experts can use Elcomsoft Phone Breaker to download cloud backups created by user’s iOS devices such as iPhone and iPad from Apple iCloud. Over-the-air acquisition produces a clean, unencrypted backup that can be viewed in Elcomsoft Phone Viewer or analyzed in one of the many commercial forensic tools.