Recovering or cracking a password in Keychain on macOS

A question was asked about how to recover a forgotten complex password in macOS’s Keychain. Having written Keysafe, this was something I could help with.

Does macOS store remnants or clear version of password in any locations?

No, there are no plain text copies or remnants of your passwords deliberately stored by macOS.

If this user account was previously able to unlock your external drive, then your drive credentials are probably still available via Apple’s Keychain Access application. Since macOS 15, Keychain Access is found in /System/Library/CoreServices/Applications/Keychain Access.app.

Look for entries of kind: encrypted volume password

Older Keychain Login Files

If you are unable to unlock the older .keychain file, then you will need to recover the password.

Keychain Password Recovery

It is possible to recover a Keychain password, particularly if you have an idea of the likely password’s format.

See Recovering Lost and Forgotten Keychain Passwords for a practical example that uses my Keysafe tool and hashcat to perform a brute force search.

Below are the main steps, assuming homebrew and a word list are already available:

brew tap miln-eu/miln-eu
brew install miln-keysafe hashcat

keysafe -recover -path sample.keychain > keychain-hash.txt
sed 's/^[^:]*://' keychain-hash.txt > for-hashcat.txt

hashcat -m 23100 --keep-guessing for-hashcat.txt ~/Downloads/clem9669_wordlist_small

Keychain Format and Encryption

The file format for Keychain is public but not documented. This is how I was able to write Keysafe without building on any Apple frameworks or libraries.

I am not aware of any exploits. The choices Apple’s engineers made have withstood over a decade of scrutiny. There are some odd aspects which complicate the code but nothing consequential.

Keychain encryption is two step:

1. Decrypt a per-file primary key;
2. Decrypt the per-item symmetric keys using the primary key.

The recovery hash contains the data, salt, and IV for the primary key. hashcat understands the recovery hash format and can aid with finding passwords that appear to work. For help with decrypting, the Information Security Stack Exchange may be helpful.

I am not aware of any implementation that directly attempts to decode the per-item symmetric keys. These keys are encrypted using the primary key.

Keysafe v1.9’s export includes the symmetric key table and meta data for licensed users. This extra information may be technically interesting but is unlikely to ease decryption. The export also includes the primary key recovery hash.

I originally published this answer on Ask Different.