tinyapps.org / blog

Cracking OS X keychain files #

KeychainRecovery is a free tool to recover OS X keychain file passwords. (via What's My Pass?)

Especially useful after having reset a user's password via installer DVD or single user mode. The default keychain file (login.keychain) is normally located in ~/Library/Keychains.

It is not necessary to run the installer; simply extract KeychainRecovery.app from Archive.pax.gz found inside KeychainRecovery.pkg.

If the OS X dictionary (/usr/share/dict/words) does not meet your needs, you might want to generate a custom wordlist with crunch, try a wordlist containing the 500 most common passwords, or purchase Openwall's wordlist collection.

UPDATE: Forgot about crowbarKC, which has been around longer and was slightly faster than KeychainRecovery in my informal testing. John the Ripper is much faster than both, but it requires a bit more effort to install (paid binaries also available) and extract hashes. See Cracking Mac OS X Passwords and Installing John the Ripper version on Mac OSX Snow Leopard for details.

/mac | Nov 25, 2010

Subscribe or visit the archives