hook securityd to fix "keychain-access-groups *" problem

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "securitydhook"]
+	path = securitydhook
+	url = https://github.com/fly8888/securitydhook.git

Makefile

@@ -1,33 +1,16 @@
-GCC_BIN="`xcrun --sdk iphoneos --find gcc`"
-SDK="`xcrun --sdk iphoneos --show-sdk-path`"
-#support iPhone 3GS and above, delete armv6 to avoid SDK error
-ARCH_FLAGS=-arch armv7 -arch armv7s -arch arm64
+TARGET := iphone:clang:latest:10.0
+export THEOS_DEVICE_IP = 192.168.31.89
+export THEOS_DEVICE_PORT = 22
+include $(THEOS)/makefiles/common.mk
 
-LDFLAGS	=\
-	-F$(SDK)/System/Library/Frameworks/\
-	-framework UIKit\
-	-framework CoreFoundation\
-	-framework Foundation\
-	-framework CoreGraphics\
-	-framework Security\
-	-lobjc\
-	-lsqlite3\
-	-bind_at_load
+TOOL_NAME = keychain_dumper
 
-GCC_ARM = $(GCC_BIN) -Os -Wimplicit -isysroot $(SDK) $(ARCH_FLAGS)
+keychain_dumper_FILES = main.m
+keychain_dumper_CFLAGS = -fno-objc-arc
+keychain_dumper_CODESIGN_FLAGS = -Sentitlements.xml
+keychain_dumper_INSTALL_PATH = /usr/bin
 
-default: main.o list
-	@$(GCC_ARM) $(LDFLAGS) main.o -o keychain_dumper
-
-main.o: main.m
-	$(GCC_ARM) -c main.m
-
-clean:
-	rm -f keychain_dumper *.o
-
-list:
-	security find-identity -pcodesigning
-	@printf '\nTo codesign, please run: \n\tCER="<40 character hex string for certificate>" make codesign\n'
-
-codesign:
-	codesign -fs "$(CER)" --entitlements entitlements.xml keychain_dumper
+include $(THEOS_MAKE_PATH)/tool.mk
+SUBPROJECTS += securitydhook
+include $(THEOS_MAKE_PATH)/aggregate.mk
+

README.md

@@ -2,22 +2,6 @@
 
 ## Usage
 
-All that should be needed to use keychain_dumper is the binary that is checked in to the Keychain-Dumper Git repository.  This binary has been signed with a self-signed certificate with a "wildcard" entitlement. The entitlement allowed keychain_dumperaccess to all Keychain items in older iOS released. That support seems to have been removed in more recent releases of iOS. Instead, you must now add explicit entitlements that exist on a given device (entitlements can be app-specific). To help with that, this repository includes a `updateEntitlements.sh` shell script that can be run on-device to grant `keychain_dumper` all of the entitlements available on the device. Finally, if you either don't trust this binary or are having trouble dumping Keychain items using the below steps, you may can build the tool from source and manually sign the appropriate entitlments into your build of the keychain_dumper binary.
-
-As an aside, the following directions assume the target device has already been jailbroken.
-
-Upload keychain_dumper to a directory of your choice on the target device (I have used /tmp during testing).  Also, once uploaded, be sure to validate that keychain_dumper is executable (chmod +x ./keychain_dumper if it isn't) and validate that /private/var/Keychains/keychain-2.db is world readable (chmod +r /private/var/Keychains/keychain-2.db if it isn't).
-
-Note: iOS 11 devices using Electra (or other jailbreaks) may still require a trick to bypass the native sandbox. Compile the binary with the included _entitlements.xml_, sign it with the developer account certificate/priv_key and copy the binary to _/bin_ or _/sbin_ (which already allows execution).
-
-If you are using the binary from Git you can attempt to dump all of the accessible password Keychain entries by simply running the tool with now flags
-
-    ./keychain_dumper
-
-Some keychain entries are available regardless of whether the iOS is locked or not, while other entries will only be accessible if the iOS device is unlocked (i.e. a user has entered their pin).  If no Keychain entries are displayed, or if you don't want to trust the provided binary, you may need to rerun the tool after building the application from source.  Please see the Build section below for details on how to build and sign the application.
-
-By default keychain_dumper only dumps "Generic" and "Internet" passwords.  This is generally what you are interested in, as most application passwords are stored as "Generic" or "Internet" passwords.  However, you can also pass optional flags to dump additional information from the Keychain.  If you run keychain_dumper with the `-h` option you will get the following usage string:
-
     Usage: keychain_dumper [-e]|[-h]|[-agnick]
     <no flags>: Dump Password Keychain Items (Generic Password, Internet Passwords)
     -s: Dump All Keychain Items of a selected entitlement group
@@ -29,64 +13,4 @@ By default keychain_dumper only dumps "Generic" and "Internet" passwords.  This
     -c: Dump Certificates
     -k: Dump Keys
 
-By default passing no option flags is equivalent to running keychain_dumper with the `-gn` flags set.  The other flags largely allow you to dump additional information related to certificates that are installed on the device.
-
-## Building
-
-### Create a Self-Signed Certificate
-
-Open up the Keychain Access app located in /Applications/Utilties/Keychain Access
-
-From the application menu open Keychain Access -> Certificate Assistant -> Create a Certificate
-
-Enter a name for the certificate, and make note of it, as you will need it later when you sign `keychain_dumper`.  Make sure the Identity Type is “Self Signed Root” and the Certificate Type is “Code Signing”.  You don’t need to check the “Let me override defaults” unless you want to change other properties on the certificate (name, email, etc).
-
-### Build It
-
-You should be able to compile the project using the included makefile.
-
-    make
-
-If all goes well you should have a binary `keychain_dumper` placed in the same directory as all of the other project files.
-
-If you are not able to compile with default Apple SDK, try to replace SDK path in Makefile with Theos SDK:
-
-    SDK="/path/to/theos/sdks/iPhoneOS14.5.sdk"
-
-
-### Sign It
-
-First we need to find the certificate to use for signing.
-
-    make list
-
-Find the 40 character hex string corresponding to the certificate you generated above. You can then sign `keychain_dumper`.
-
-    CER=<40 character hex string for certificate> make codesign
-
-You should now be able to follow the directions specified in the Usage section above.  If you don't want to use the wildcard entitlment file that is provided (or you are runnig more modern versions of iOS that don't support a wildcafrd entitlement), you can also sign specific entitlements into the binary.  Using the unsigned Keychain Dumper you can get a list of entitelments that exist on your specific iOS device by using the `-e` flag.  For example, you can run Keychain Dumper as follows:
-
-    ./keychain_dumper -e > /var/tmp/entitlements.xml
-
-The resulting file can be used in place of the included entitlements.xml file.
-
-Large amount of access groups in entitlements.xml may result in tool not dumping any keys. Include only access groups that you want to dump keys from. Example of correct entitlements.xml file:
-
-```xml
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-  <dict>
-    <key>keychain-access-groups</key>
-    <array>
-      <string>groupName</string>
-    </array>
-    <key>platform-application</key> <true/>
-    <key>com.apple.private.security.no-container</key>  <true/>
-  </dict>
-</plist>
-```
-
-## Contact & Help
-
-If you find a bug you can [open an issue](http://github.com/ptoomey3/Keychain-Dumper/issues).
+## securitydhook fix “keychain-access-groups *” problem

control

@@ -0,0 +1,10 @@
+Package: com.yourcompany.keychain-dumper
+Name: keychain_dumper
+Depends: 
+Version: 0.0.1
+Architecture: iphoneos-arm
+Description: An awesome tool of some sort!!
+Maintainer: _
+Author: _
+Section: System
+Tag: role::hacker

main.m

@@ -522,7 +522,7 @@ int main(int argc, char **argv) {
 	id pool=[NSAutoreleasePool new];
 	NSArray* arguments;
 	arguments = getCommandLineOptions(argc, argv);
-	NSArray *passwordItems;
+	// NSArray *passwordItems;
 	if ([arguments indexOfObject:@"dumpEntitlements"] != NSNotFound) {
     dumpKeychainEntitlements();
     exit(EXIT_SUCCESS);