Hmm a bit more info in the readme would be helpful. My .keychain directory only contains shell snippets that set environment variables to my SSH agent.<p>Where's the vulnerability? In ssh-agent? Or are we talking about a completely different keychain tool here?
Another project (written in Python) apparently created about a year ago includes more links in the source to all the various Apple open source resources that document the KeyChain format:<p><a href="https://github.com/n0fate/chainbreaker" rel="nofollow">https://github.com/n0fate/chainbreaker</a><p>I would have to dig quite a bit further to determine what is meant by "even the seemingly unextractable ones" in the README and whether or not this Python tool accomplishes the same. (My guess would be yes since it additionally supports decrypting the keychain using the in-memory master key.)<p>It was interesting to me to see what popped up when searching for the RFC 3217 (Triple-DES and RC2 Key Wrapping) IV:<p><a href="https://www.google.com/search?q=4adda22c79e82105" rel="nofollow">https://www.google.com/search?q=4adda22c79e82105</a><p>The oldest was a keychain extractor written by Matt Johnston (the author of Dropbear) copyright 2004 but only available via the Internet Archive back to 2011: <a href="https://web.archive.org/web/20110228153630/http://www.ucc.asn.au/~matt/src/extractkeychain-0.1/extractkeychain.py" rel="nofollow">https://web.archive.org/web/20110228153630/http://www.ucc.as...</a>
Can we get the title updated to say '...keys out of OS X .keychain files', something like that? I feel like there's enough different keychain programs out there, it seemed confusing to me.