joe codes

x-cart guru & custom programmer

  • About
  • Archives
  • Contact

Powered by Genesis

Keychain Password Search

October 29, 2018 by joecodes Leave a Comment

Recent security breaches at online companies large and small has been making the news and becoming disturbingly routine. Now we’re starting to get spam that shows a real password from these old security breaches. It would be handy to know all of the places where I’ve used this old password so I can update it. Since I use the macOS and iOS keychain to store these passwords across all of my devices I wanted to search all of my saved logins but Keychain Access doesn’t let us do that.

The simplest way to check your web-based passwords in your keychain is to use Safari:

  1. Safari > Preferences > Passwords
  2. Select All (now all passwords are visible)
  3. Use the Search field to search for the password.

Done!

This seems to cover most of the passwords you would have saved to your keychain (web form and internet passwords). You’re probably all set at this point but if you want to do a more thorough search of your keychain, read on.

Someone already wrote a tool for searching the keychain for a password, but it’s really old and didn’t work for me on High Sierra without some changes: https://red-sweater.com/blog/2545/keychain-password-search

Before we continue, please read that page and heed their warnings like these:

Obviously, this is very dangerous! I’m going to run this script only during a precise window of time where I know that the only security dialogs coming up should be ones that are provoked by my Usable Keychain Scripting script.
…

You can use this trick, too. Just be careful. As I said above, the idea of an automated script that blindly approves security warnings is not for the faint of heart. It should go without saying that if you screw anything up in your keychain, it is unequivocally not my fault. Do not use these tools if you don’t understand how they work.
…

this technique is only suitable for the very technically adept
…

I can’t stress enough how void of a warranty, guarantee, support, or any liability these tools are. You shouldn’t use them

Yes, please don’t do this. Consider this merely a proof-of-concept for the technically adept. Still interested? I’m not posting the full solution so read on for my adjustments to the old information linked above.

Usable Keychain Scripting

I didn’t make changes to this file. Since Keychain Scripting was removed from macOS with Lion (10.7) this file becomes a requirement. You could launch it but an easier method is to copy it to Applications then add it to Script Editor’s Library.

If you have trouble stopping the search script, you’ll want to quit this library (Activity Monitor or killall). If it’s in your Script Editor Library, Keychain Scripting will restart automatically as it’s needed.

PasswordSearcher

The main adjustment was to the loop of keychain entries. It didn’t seem to want to loop and test for the password at the same time so I broke this into two steps:

		repeat with thisAccount in (internet passwords of the current keychain)
			if password of thisAccount is thePassword then

Also, instead of collecting a list and trying to display it at the end, I decided to log as it finds them:

				set foundAccount to {name:name of thisAccount, account:account of thisAccount}
				log foundAccount

Then check the Messages tab in the Log pane. Uncheck Preferences > History > Log only when visible.

DangerousAllowClicker

Warning: do not use this file. It is dangerous, just like its title declares. Proceed at your own risk.

The first adjustment was to comment out the top portion which tries to grant access which did not work for me. You’ll probably be prompted on the first run to add Script Editor to System Preferences > Security & Privacy > Accessibility > Privacy.

Next, no matter what I tried I could not get it to find “window 1,” and it prompts me to enter my admin password, so I reduced all of that window and button code to this very simple bit of code:

	set appPass to "<myAdminPass>"
	...
			tell process "SecurityAgent" to set frontmost to true
			keystroke appPass
			keystroke return

It would be nice if we could get the button instead of just using “return” which is not the greatest solution, but it was the only one that worked.

I also switched out to their linked 1Password script loop which is simpler:

tell application "System Events"
	repeat while exists (processes where name is "SecurityAgent")

Again, please don’t do any of this unless you feel very comfortable, understand what is being described, and understand the risks. If anyone more adept at AppleScript wants to improve on this please let me know.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to email a link to a friend (Opens in new window)

Related

Filed Under: Programming Tagged With: Apple, security

Leave a Reply Cancel reply

You must be logged in to post a comment.

Quick Thoughts

  • I was surprised to learn that foreach in JavaScript does not have a traditional break. The loop will run to completion.

  • Who knew that combination sums across all permutation lengths of an array would be so difficult? It was a challenge but the final product looks good and takes a lot of resources. Limiting the max length for basic memory limits. Would only do something like this for occasional reporting.

  • Working on a new project that can have hundreds of forms on a page. The browser was spending way too much time in Parse HTML. Wasted a bunch of time before learning this is a long-standing bug in Chrome when there are many forms or inputs. Other browsers are fine.

Recent Posts

  • MacBook External DVD Player
  • Progressive Enhancement
  • Keychain Password Search
  • Smarty preg_match
  • iPhone Plus Experiment

Tag Cloud

Apple JavaScript Mason Perl PHP security simple Smarty speed stability Tax WWDC X-Cart

Search

Subscribe

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Recent Comments

  • Bad App Alert on Startup Item Help
  • iPhone Pre-Order Needs to Change on iPhone Pre-Order Warning
  • Apple vs Pro on My Personal Three S’s of Development