Invalid triple DES key size. Key must be either 16 or 24 bytes long

[Explorer1092]

MBP:chainbreaker-master kevin$ python chainbreaker.py -f /Library/Keychains/System.keychain -k 2fc651f52eca28b3bd66890c35528e95fa802e52fa4d6079
[-] DB Key
00000000: 00 .
[+] Symmetric Key Table: 0x00007968
Traceback (most recent call last):
File "chainbreaker.py", line 970, in
main()
File "chainbreaker.py", line 781, in main
passwd = keychain.KeyblobDecryption(ciphertext, iv, dbkey)
File "chainbreaker.py", line 599, in KeyblobDecryption
plain = kcdecrypt(dbkey, magicCmsIV, encryptedblob)
File "chainbreaker.py", line 696, in kcdecrypt
cipher = triple_des(key, CBC, iv)
File "/Users/kevin/Downloads/chainbreaker-master/pyDes.py", line 524, in init
self.setKey(key)
File "/Users/kevin/Downloads/chainbreaker-master/pyDes.py", line 537, in setKey
raise ValueError("Invalid triple DES key size. Key must be either 16 or 24 bytes long")
ValueError: Invalid triple DES key size. Key must be either 16 or 24 bytes long

[Explorer1092]

my os x version : 10.12.6

[AlessandroZ]

I have exactly the same issue using the same mac os version. It works very well decrypting the user keychain but the system keychain fails. I have done my test using the same password on both keychain.

The following condition fails because my value of pad is equal to 188. I have tried to debug the problem without success.

However, thanks for your great work !

[n0fate]

@AlessandroZ Did you try the 24bytes System Key on macOS?
It's stored on '/private/var/db/SystemKey'

[Explorer1092]

I have tried.
my os x version : 10.13.1
@n0fate

MBP:run kevin$ sudo hexdump -e '16/1 "%02x" ""' -s 8 -n 24 /private/var/db/SystemKey |xargs python -c 'import sys;print sys.argv[1].upper()'
Password:
1C7F6F3340C29050C826B6B29EB507F3770BAE942E6D0CEE

MBP:chainbreaker-master kevin$ python chainbreaker.py -f /Library/Keychains/System.keychain -k 1C7F6F3340C29050C826B6B29EB507F3770BAE942E6D0CEE
 [-] DB Key
00000000: 00                                                .
[+] Symmetric Key Table: 0x00007968
Traceback (most recent call last):
  File "chainbreaker.py", line 968, in <module>
    main()
  File "chainbreaker.py", line 779, in main
    passwd = keychain.KeyblobDecryption(ciphertext, iv, dbkey)
  File "chainbreaker.py", line 599, in KeyblobDecryption
    plain = kcdecrypt(dbkey, magicCmsIV, encryptedblob)
  File "chainbreaker.py", line 696, in kcdecrypt
    cipher = triple_des(key, CBC, iv)

[AlessandroZ]

On 10.12.6, doing exactly what @Explorer1092 did sudo hexdump -e '16/1 "%02x" ""' -s 8 -n 24 /private/var/db/SystemKey |xargs python -c 'import sys;print sys.argv[1].upper()' it works for me.

The system keychain is well decrypted. It's weird that it failed on newer version. I will try to upgrade later, to check again.

Thanks a lot !

[n0fate]

@AlessandroZ Thank you.

@Explorer1092 I will check it asap ;-)

[n0fate]

@Explorer1092 It seems to be the DB Key decryption failed. It's occurred when the master key is invalid.
I modified some code for stability(?).
I will comment it when I find some bug on my code.

[AlessandroZ]

Hi, just to let you know, I have updated my system and I have tried chainbreaker using your last commit and it worked very well for me.

Here is my Mac OS version:

Mac OS High Sierra
Version: 10.13.1

I won't have access to a Mac anymore, that's why I did a last try :). The issue has been fixed for me. Thanks for your work.

Have a nice day.

[n0fate]

@AlessandroZ Thank you.
I don't know why the issue of @Explorer1092 is occurred.
I can't solve problem until @Explorer1092 send keychain file to me. ;-(
It's security(and privacy) issue. So I can not request your keychain file.

[Explorer1092]

@n0fate do you have a email？i can send the example keychain file to you.

[n0fate]

@Explorer1092 I got your email. but you didn't attach a SystemKey file.

[ve6yeq]

/var/db/SystemKey is a "blob" not just the raw key. I have added support for it in #6

[n0fate]

I have merged @ve6yeq 's code.