This plugin allows you to explore the Keychain data such as Apple ID passwords, Wi-Fi passwords, mail account passwords, credit card information, etc.
NOTE: This plugin is only available for iCloud synced data downloaded by EPB.
NOTE: To unmask passwords, card numbers, tokens and hash values, clear the Mask Passwords in Keychain option in the Settings.
The data in the Keychain plugin is divided into the following categories:
•Apple Id: information about Apple Ids
•Wi-Fi accounts: information about Wi-Fi accounts
•Mail accounts: information about the mail accounts
•Browser passwords: information about the web forms passwords
•Credit cards: information about the credit cards
•DSIDs & Tokens: information about destination signaling identifiers and tokens
•All: detailed information about all keychain data
For Apple Id, the following is displayed:
•Name
•Creation date (UTC): date and time
•Modification date (UTC): date and time
•Apple ID
•Password
For Wi-Fi accounts, the following is displayed:
•Creation date (UTC): date and time
•Modification date (UTC): date and time
•SSID
•Password
•PTK-Hash: hash values
For Mail accounts, the following is displayed:
•Name
•Creation date (UTC): date and time
•Modification date (UTC): date and time
•Protocol
•Account: mail account name
•Password
For Browser passwords, the following is displayed:
•Name
•Creation date (UTC): date and time
•Modification date (UTC): date and time
•Address: web address
•Account
•Password
For Credit cards, the following is displayed:
•Card name
•Cardholder name
•Card number
•Expiration date (UTC): date
•Creation date (UTC): date and time
•Modification date (UTC): date and time
For DSIDs & Tokens, the following is displayed:
•Name
•Creation date (UTC): date and time
•Modification date (UTC): date and time
•Token
•DSID
The All category contains a list of all keychain data. For every list item (depending on its type), you can find the following information including, but not limited to:
•Account
•Address
•Access Group
•Authentication Type
•Key Size in Bits
•Decryption
•Derivation
•Encryption
•Application label
•Label
•Permanence
•Digital Sign
•Unwrapping
•Wrapping
•Creation Date (UTC)
•Description
•Invisible
•Protection Class
•Modification Date (UTC)
•Path
•Port
•Protocol
•Server
•Data: password
The following options are available in the All category:
•Collapse all allows collapsing the detailed information about all items in the list
•Expand all allows expanding the detailed information about all items in the list
•Click
to expand or collapse the detailed information about the certain item in the list
•Show only decrypted data option allows viewing the decrypted data only
•Show checkboxes to select data for export allows selecting the data for export.
Creating Dictionary
EPV allows you to create a dictionary of the passwords found in the keychain.
To create a dictionary, do the following:
1. Click Create Dictionary.
2. The Select destination file window opens.
3. In the opened window, select the location to which the file with the passwords will be saved and enter the file name.
4. Click Save.
5. The <file name>.txt file is saved to the selected location.
Exporting Keychain Data
To export data, do the following:
1.Click Export.
2.Select one of the following values from the drop-down list: Selected or All.
3.The Select destination file window opens.
4.In the opened window, select the location to which the file with exported data will be saved and enter the file name.
5.Click Save.
6.The <file name>.xml file is saved to the selected location.
Searching
To perform searches in Keychain, enter the search request in the search field and press Enter. The search results will be highlighted in yellow. The number of search results will be displayed in the search field. Use the navigation arrows to navigate between the search results.