iOSKeychain Analyzer

Foundstone's iOSKeychain Analyzer is intended for mobile application security penetration testers to evaluate the security of an iOS application within the iOS simulator. It allows for viewing the contents of the iOS "keychain" to identify the secrets being stored as well as analyzes these secrets from a security standpoint.

To use the iOSKeychain binary follow the steps below:

  1. If iOS Keychain Analyzer is not installed within the simulator then install it by copying the "01EFB1DB-4A47-45A1-B692-F88996FAC4F8" directory to "/Users/[User_Name]/Library/Application Support/iPhone Simulator/5.1/Applications"
  2. Install and run the target application within the iOS simulator.
  3. Launch the iOS Keychain Analyzer (within the simulator) and export/analyze the keychain data.
  4. The following directory should be created in the application folder: /[iOS_Keychain_Analyzer_Installation_Folder]/Library/Caches/DataAndAnalysisReports E.g. /Users/someuser /Library/Application Support/iPhone Simulator/5.1/Applications/01EFB1DB-4A47-45A1-B692-F88996FAC4F8/Library/Caches/DataAndAnalysisReports/
  5. Within the DataAndAnaylsis Reports directory, iOSKeychain Analyzer will create the following reports:
    1. iOSKeychainDataViewer.htm - Displays the entire contents of the keychain in a readable format. The raw keychain contents are stored in JSONP format in the "KeychainDataExport.jsonp" file
    2. OSKeychainAnalysisReportViewer.htm - Displays the keychain data analysis report in a readable format. The raw analysis report can be found in the "KeychainAnalysisReport.jsonp"

Mac OS X 10.7.4+ and iOS Simulator 5.0+