As reported by Wired, in 2019, 18-year-old German security researcher Linus Henze demonstrated his hack, dubbed KeySteal, that grabs passwords from the Keychain. Initially he withheld details of the hack, demanding Apple set up a bug bounty for macOS. Apple had however not done so when Henze subsequently revealed the hack. Salonen's keychaindump uses pattern recognition techniques to scan the memory space of 'securityd' - the process that handles keychain operations in Mac OS X - and locate the keychain master key. Open Keychain Access from Finder Applications Utilities, and choose Keychain Access. Doing this, probably took me no more than 10 minutes and I got access so everything on the Mac. I would then also be able to reset the user’s password to log into there account, in which I could access Google Chrome’s password manager, and even the Keychain to access other passwords for emails and Facebook etc. Generally speaking, they would need to know your login password to make any changes or see your passwords in Keychain. But giving someone access to your Mac would allow them to install software that may compromise your system. So again, you must trust them to allow them control of your Mac.
For anyone who knows me, I hate Mac’s, and anything made by Apple. In fact, I’ve never purchased any product from Apple, ever! I also hate using them, but sometimes you are forced to.
Today, I was given an iMac where the Administrator account was somehow deleted. Therefore, without the Administrator account, you can’t install applications for users and do a whole bunch of other things.
I was tasked two perform a factory reset and get the iMac working again. However, in the process, I learnt how easy it is to access files on the computer without having access to any passwords – even if the computer is password protected. This is also a great tutorial if you need to reset your Mac’s password.
Hacking an iMac – Creating an Administrator Account
Step one in the process is to create a new Administrator account. This is fairly easy to do. Just shutdown the computer, and when turning it on, hold the command key and hold “s”.
This opens your iMac in an environment called “Single User Mode”. Once you have booted into it, type: /sbin/mount -uw /
This will mount your startup drive, so you can access system files and folders.
Now type: rm /var/db/.AppleSetupDone
Then type the following to restart your computer: reboot
This command removes a file which tells the Mac on startup that it needs to run the “First Setup”. Once your Mac has booted, you will be promoted to create the new Administrator account – just as your Mac’s brand new!
Hacking an iMac – Accessing Files
Now, you can log into your iMac newly created Administrator account. However, if you browse to the “User’s” folder, you may notice you can’t access any files.
Another simple fix…
- Right Click on the User’s folder, and select “Get Info”
- Expand Sharing & Permissions
- Add your user account and give it the permission of “Read / Write”
- Click on the settings cog dropdown and click “Apply to enclosed items…”
This will give you Read / Write permission to all files in the user’s directory.
Doing this, probably took me no more than 10 minutes and I got access so everything on the Mac. I would then also be able to reset the user’s password to log into there account, in which I could access Google Chrome’s password manager, and even the Keychain to access other passwords for emails and Facebook etc.
I have a huge list of the reasons why I don’t like Mac’s, and this is just one of the two reasons I added to my list today. The second one was how you charge a Mac’s mice – You can’t use it while you charge it… WTF? And here I thought Apple focuses on usability…
Sorry boss, I can’t do any work as my mouse is flat and I can’t charge it and use it at the same time, nor replace the batteries…
Performing the factory reset
For those also wanting to know how to factory reset your Mac, it’s as simple as holding the Command and “R” key this time during startup. You can then enter the Disk Utility in which you can “Erase” your hard drive, and then click the “Reinstall macOS”.
More information can be found here: https://support.apple.com/en-au/HT201314
Topics Map > OS and Desktop Applications > Operating Systems > Mac OS X
This document provides instructions on where to find the system keychain and outlines procedures for deleting or adding a keychain and changing the keychain password. The System Keychain is a utility which securely stores all passwords and user IDs for a user and lets that user unlock them all with a single master password.
Sections
System Keychain location
- Click on the magnifying glass in the upper right hand corner to open up Spotlight search
- In the search field type: keychain access
- Click on Keychain Access
Note: From the Keychain access panel you can create a new keychain, delete an existing keychain or change the password on a keychain.
Creating a new Keychain
If the old system keychain needs to be deleted or if a user wants to create an additional keychain for personal use, a new keychain will need to be created. - From the file menu select File.
- Select New Keychain.
- Enter a unique name for the new keychain and select the keychain location
- Enter a password for the keychain
- Select Create and then input a password and click OK
The new keychain will now be available.
Changing keychain password
- Right click on the desired keychain and select: Change Password for Keychain...
- Create a new password for the keychain and click OK
Note: If your Mac OS X login password is not the same as your account keychain password, you will be asked for the password whenever an application needs access to your keychain and your keychain is locked.
Deleting the System Keychain:
The system keychain will need to be deleted if the user forgets the master password or the keychain file becomes corrupt.Hack Mac Keychain Download
- Right click on the desired keychain and select: Delete Keychain
- Next click on Delete References
Hack Mac Keychain Password
The keychain will be deleted.*If you selected the wrong keychain to delete, press the cancel key and go back to the keychain panel.
Hack Mac Keychain Free
| Keywords: | OS X keychain macintosh system delete reset password creating creating resetting deleting infoSuggest keywords | Doc ID: | 2197 |
|---|---|---|---|
| Owner: | Help Desk KB Team . | Group: | DoIT Help Desk |
| Created: | 2003-08-28 19:00 CDT | Updated: | 2020-08-13 18:21 CDT |
| Sites: | DoIT Help Desk, DoIT Tech Store | ||
| Feedback: | 12070CommentSuggest a new document | ||