{"id":13464229,"url":"https://github.com/seemoo-lab/airdrop-keychain-extractor","last_synced_at":"2026-01-27T14:32:16.913Z","repository":{"id":48134705,"uuid":"317806184","full_name":"seemoo-lab/airdrop-keychain-extractor","owner":"seemoo-lab","description":"Extracting Apple ID Validation Record, Certificate, and Key for AirDrop","archived":false,"fork":false,"pushed_at":"2023-05-07T09:49:16.000Z","size":6,"stargazers_count":107,"open_issues_count":3,"forks_count":8,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-05T10:33:37.624Z","etag":null,"topics":["airdrop","entitlements","keychain","macos","opendrop","sip"],"latest_commit_sha":null,"homepage":"","language":"Objective-C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/seemoo-lab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-02T09:06:06.000Z","updated_at":"2025-03-09T17:13:15.000Z","dependencies_parsed_at":"2024-07-31T14:03:47.410Z","dependency_job_id":null,"html_url":"https://github.com/seemoo-lab/airdrop-keychain-extractor","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/seemoo-lab/airdrop-keychain-extractor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seemoo-lab%2Fairdrop-keychain-extractor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seemoo-lab%2Fairdrop-keychain-extractor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seemoo-lab%2Fairdrop-keychain-extractor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seemoo-lab%2Fairdrop-keychain-extractor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/seemoo-lab","download_url":"https://codeload.github.com/seemoo-lab/airdrop-keychain-extractor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seemoo-lab%2Fairdrop-keychain-extractor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28815067,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T12:25:15.069Z","status":"ssl_error","status_checked_at":"2026-01-27T12:25:05.297Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["airdrop","entitlements","keychain","macos","opendrop","sip"],"created_at":"2024-07-31T14:00:37.418Z","updated_at":"2026-01-27T14:32:16.896Z","avatar_url":"https://github.com/seemoo-lab.png","language":"Objective-C","funding_links":[],"categories":["Objective-C"],"sub_categories":[],"readme":"# Extracting Apple ID Validation Record, Certificate, and Key for AirDrop\n\nThis repository describes the process and provides the tools that allows extracting the cryptographic secrets used for Apple AirDrop's authentication protocol. The extracted secrets can be used in an open AirDrop implementation such as [OpenDrop](https://github.com/seemoo-lab/opendrop.git).\n*This procedure should work at least for macOS 10.14, 10.15, and 11.0.*\n\n**Warning:** This procedure requires to temporarily disable some of macOS' security features! Use at your own risk.\n\n## Background\n\nTo understand the purpose of the Apple ID validation record, the certificate, and key, read our paper:\n\n* Milan Stute, Sashank Narain, Alex Mariotto, Alexander Heinrich, David Kreitschmann, Guevara Noubir, and Matthias Hollick. **A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link.** *28th USENIX Security Symposium (USENIX Security ’19)*, August 14–16, 2019, Santa Clara, CA, USA. [Link](https://www.usenix.org/conference/usenixsecurity19/presentation/stute)\n\n\n## 1. Disable System Integrity Protection\n\nWe are using the Security framework to retrieve items from the system's keychain. To be successful, the querying binary needs to have the correct `keychain-access-group` in its entitlements, i.e., `com.apple.sharing.appleidauthentication`. Since this is an Apple-internal entitlement, we have to disable `amfid` that checks binary signatures and enforces the system's policies.\n\nTo do this, we first need to disable SIP via macOS' recovery mode. Restart your Mac and hold ⌘+R. In recovery mode, open the terminal and enter\n```\ncsrutil enable --without nvram\n```\nand reboot the Mac. Then, add the following boot parameter via the Terminal\n```\nsudo nvram boot-args=\"amfi_get_out_of_my_way=1\"\n```\nand reboot again.\n\nTo restore full SIP later, reboot in macOS' recovery mode (⌘+R) and run\n```\nnvram -d boot-args\ncsrutil enable\n```\n\n## 2. Build and run the extractor\n\nWe build and run the extraction utility (note that you need a developer certificate for this):\n```\ngit clone https://github.com/seemoo-lab/airdrop-secret-extractor.git\ncd airdrop-secret-extractor\nmake\n./airdrop-secret-extractor\n```\nThe program will ask you for a passphrase to store the key component on disk. You should now have three items in the current directory:\n\n* `validation_record.cms`\n* `certificate.pem`\n* `key.pem`\n\n\n## 3. Use with OpenDrop\n\nCopy the three files into `~/.opendrop/keys`. When starting OpenDrop the next time, you will be asked to enter the passphrase for the key.\n\nYour OpenDrop instance should now be discoverable as one of your devices (`receive`) and should be able to discover your devices that are in contacts-only mode (`find` and `send`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseemoo-lab%2Fairdrop-keychain-extractor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fseemoo-lab%2Fairdrop-keychain-extractor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseemoo-lab%2Fairdrop-keychain-extractor/lists"}