joe codes

x-cart guru & custom programmer

Keychain Password Search

by Leave a Comment

Recent security breaches at online companies large and small has been making the news and becoming disturbingly routine. Now we’re starting to get spam that shows a real password from these old security breaches. It would be handy to know all of the places where I’ve used this old password so I can update it. Since I use the macOS and iOS keychain to store these passwords across all of my devices I wanted to search all of my saved logins but Keychain Access doesn’t let us do that.

The simplest way to check your web-based passwords in your keychain is to use Safari:

  1. Safari > Preferences > Passwords
  2. Select All (now all passwords are visible)
  3. Use the Search field to search for the password.

Done!

This seems to cover most of the passwords you would have saved to your keychain (web form and internet passwords). You’re probably all set at this point but if you want to do a more thorough search of your keychain, read on.

Someone already wrote a tool for searching the keychain for a password, but it’s really old and didn’t work for me on High Sierra without some changes: https://red-sweater.com/blog/2545/keychain-password-search

Before we continue, please read that page and heed their warnings like these:

Obviously, this is very dangerous! I’m going to run this script only during a precise window of time where I know that the only security dialogs coming up should be ones that are provoked by my Usable Keychain Scripting script.

You can use this trick, too. Just be careful. As I said above, the idea of an automated script that blindly approves security warnings is not for the faint of heart. It should go without saying that if you screw anything up in your keychain, it is unequivocally not my fault. Do not use these tools if you don’t understand how they work.

this technique is only suitable for the very technically adept

I can’t stress enough how void of a warranty, guarantee, support, or any liability these tools are. You shouldn’t use them

Yes, please don’t do this. Consider this merely a proof-of-concept for the technically adept. Still interested? I’m not posting the full solution so read on for my adjustments to the old information linked above.

Usable Keychain Scripting

I didn’t make changes to this file. Since Keychain Scripting was removed from macOS with Lion (10.7) this file becomes a requirement. You could launch it but an easier method is to copy it to Applications then add it to Script Editor’s Library.

If you have trouble stopping the search script, you’ll want to quit this library (Activity Monitor or killall). If it’s in your Script Editor Library, Keychain Scripting will restart automatically as it’s needed.

PasswordSearcher

The main adjustment was to the loop of keychain entries. It didn’t seem to want to loop and test for the password at the same time so I broke this into two steps:

		repeat with thisAccount in (internet passwords of the current keychain)
			if password of thisAccount is thePassword then

Also, instead of collecting a list and trying to display it at the end, I decided to log as it finds them:

				set foundAccount to {name:name of thisAccount, account:account of thisAccount}
				log foundAccount

Then check the Messages tab in the Log pane. Uncheck Preferences > History > Log only when visible.

DangerousAllowClicker

Warning: do not use this file. It is dangerous, just like its title declares. Proceed at your own risk.

The first adjustment was to comment out the top portion which tries to grant access which did not work for me. You’ll probably be prompted on the first run to add Script Editor to System Preferences > Security & Privacy > Accessibility > Privacy.

Next, no matter what I tried I could not get it to find “window 1,” and it prompts me to enter my admin password, so I reduced all of that window and button code to this very simple bit of code:

	set appPass to "<myAdminPass>"
	...
			tell process "SecurityAgent" to set frontmost to true
			keystroke appPass
			keystroke return

It would be nice if we could get the button instead of just using “return” which is not the greatest solution, but it was the only one that worked.

I also switched out to their linked 1Password script loop which is simpler:

tell application "System Events"
	repeat while exists (processes where name is "SecurityAgent")

Again, please don’t do any of this unless you feel very comfortable, understand what is being described, and understand the risks. If anyone more adept at AppleScript wants to improve on this please let me know.

Leave a Reply