Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_APPL_DB_HEADER invalid offset for header? #20

Open
AndrewSB opened this issue Jun 24, 2021 · 1 comment
Open

_APPL_DB_HEADER invalid offset for header? #20

AndrewSB opened this issue Jun 24, 2021 · 1 comment

Comments

@AndrewSB
Copy link

Hey! I'm trying to use this to dump my own internet passwords, I'm running into a crash while parsing the _APPL_DB_HEADER. here's my invocation, and the output:

./chainbreaker.py --dump-internet-passwords --password=<somepassword> -a ~/Library/Keychains/53955E52-7540-58CB-93DD-008F838B7EAD/keychain-2.db
2021-06-24 08:36:09,080 - INFO - 

ChainBreaker 2 - https://github.com/gaddie-3/chainbreaker

2021-06-24 08:36:09,081 - INFO - Runtime Command: ./chainbreaker.py --dump-internet-passwords --password=<somepassword> -a /Users/asb/Library/Keychains/53955E52-7540-58CB-93DD-008F838B7EAD/keychain-2.db
2021-06-24 08:36:09,081 - INFO - Keychain: /Users/asb/Library/Keychains/53955E52-7540-58CB-93DD-008F838B7EAD/keychain-2.db
2021-06-24 08:36:09,081 - INFO - Keychain MD5: 56c8eaa212f0f26f5b4616d2b96ff739
2021-06-24 08:36:09,081 - INFO - Keychain 256: f2824d498f1eaa89385a03c11f14bb4bd5c1a923fdb39d7eac6ed916588437a0
2021-06-24 08:36:09,081 - INFO - Dump Start: 2021-06-24 08:36:09.080976
Traceback (most recent call last):
  File "./chainbreaker.py", line 1277, in <module>
    unlock_file=args.unlock_file)
  File "./chainbreaker.py", line 71, in __init__
    self.filepath = filepath
  File "./chainbreaker.py", line 568, in filepath
    self._read_keychain_to_buffer()
  File "./chainbreaker.py", line 169, in _read_keychain_to_buffer
    self.schema_info, self.table_list = self._get_schema_info(self.header.SchemaOffset)
  File "./chainbreaker.py", line 205, in _get_schema_info
    schema_info = _APPL_DB_SCHEMA(self.kc_buffer[offset:offset + _APPL_DB_SCHEMA.STRUCT.size])
  File "/Users/asb/Developer/chainbreaker/schema.py", line 332, in __init__
    (self.SchemaSize, self.TableCount) = _APPL_DB_SCHEMA.STRUCT.unpack(buffer)
struct.error: unpack requires a string argument of length 8

the offset being used to index into the self.kc_buffer is massive, and it looks like the buffer passed into _APPL_DB_SCHEMA.STRUCT.unpack(buffer) is empty.

I'm running macOS 11.2.3 (20D91), is this something you've run into before? could you help me debug this?
@Ret2lib
Copy link

Ret2lib commented Oct 5, 2021

Bump. Having the same issue.

Version: macOS 11.6 (20G165)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AndrewSB @Ret2lib