New: Keychain Editor

For a while now, idb had the ability to dump the keychain of a jailbroken iDevice. So far, idb has been using the keychain_dump utility which is part of the iphone-dataprotection forensics tools to accomplish this. However, this tool has some major limitations in that it does not support the new data protection classes introduced in recent iOS versions, lacks support for Keychain ACLs, and is a pure ‘dump’ utility without editing capabilities.

To address these shortcomings, Nitin Jami, a coworker of mine at Intrepidus Group (part of the NCC Group along with Matasano and iSEC Partners), implemented a full-featured keychain editor. To our knowledge, this is the first public tool which provides a convenient way for modifying the iOS keychain. The keychain editor provides a simple command line interface to interact with the iOS keychain and is ideal for scripting or when using automated tools. For more manual interaction and exploration, the tool has been integrated into the most recent version of idb for convenient access. Read on for all of the new features and screenshots.

To update to the newest version 1.8, simply run

gem update idb
Read on →

Updated Talk at SOURCE Boston 2014

Last weekend I also spoke at SOURCE Boston about idb and some of the new features. SOURCE is a great conference with excellent talks and an audience size that makes it personal enough to connect and engage with many of the attendees.

Read more about the new idb features and see my updated slide deck after the jump.

Read on →

New: Classdump, Certificate Installer, Hosts File Editor, Screenshot Utility

During the last weeks I released a few new features as well as stability and usability improvements for idb. The more notable ones are:

  • Integration of weak_classdump by Elias Limneos to dump class and method information in the form of header files.
  • Addition of a new /etc/hosts file editor.
  • Fixing of the CA certificate installer / manager.
  • Adding documentation and increasing visibility for the screenshot utility.

All of the features are now documented in the new Documentation.