Home 零对冲(ZeroHedge)每日HackerNews

恢复 Apple 钥匙串
Recover Apple Keychain

原始链接: https://arkoinad.com/posts/apple_keychain_recovery.html

用户因多次输入Active Directory密码而非Mac密码,过度依赖Touch ID,导致MacBook工作账户被锁定。通过macOS恢复模式重置密码解决了锁定问题,但不幸的是,清除了钥匙串数据并停止了同步,因为重置未能解密用旧密码加密的数据。 尽管丢失了数据,这位用户——一位Linux爱好者——发现了一个解决方案。macOS将钥匙串数据存储在`~/Library/Keychains`中,重置时会将旧钥匙串(`login.keychain-db`)重命名为`login_renamed_1.keychain-db`,并创建一个新的空钥匙串。通过删除新的钥匙串并将旧钥匙串重命名回默认名称,用户成功恢复了数据。钥匙串访问随后最后一次提示输入*旧*密码,之后一切便能使用新密码同步。这凸显了macOS密码重置可能导致的数据丢失风险,以及一种恢复方法。

对不起。
相关文章
原文

I had the misfortune of locking myself out of my work MacBook.

You’d be justified in asking: Don’t you use it every day?

Yes, I do—and probably more than I should admit. But a few things led to this situation. For one, I’d gotten too used to relying on Touch ID. As a result, if my muscle memory failed me, I was stuck. On top of that, I kept entering my office Active Directory (AD) password instead of my Mac password—again, muscle memory at work. By the time I realized what I was doing wrong, I was locked out.

So, like every corporate employee, I reached out to IT. I’ll spare you the rant about how useful—or not—that decision was.

Using macOS recovery options, I managed to reset my laptop’s password—without fully understanding the ramifications. When I logged back in with the new password, boom: all my keychain data and some local user data were gone, and syncing had stopped.

It turns out that this data was encrypted using my old password, and the reset utility doesn’t decrypt and re-encrypt it with the new one. In hindsight, that makes sense from a security standpoint. Still, I had assumed there might be some kind of master key that would handle this automatically during a password reset.

After the reset, macOS gave me the option to resync with my old data. Unfortunately, I had already exhausted the allowed attempts to enter my old password. Every time I tried to resync, I was met with the dreaded “delete iCloud data” prompt.

delete_data

As a long-time Linux (Arch Linux) tinkerer, I figured there had to be a way to either:

  1. Reset the failed login attempt counter, or
  2. Recover the data directly

But since this was Apple, I knew it wouldn’t be straightforward.

After some digging, I found that keychain data is stored at:

~/Library/Keychains

The main file is:

login.keychain-db

During the password reset, macOS had moved the original keychain to:

login_renamed_1.keychain-db

and created a fresh login.keychain-db.

Restoring my old data turned out to be surprisingly simple: replace the new keychain file with the old one.

  1. Navigate to:

    ~/Library/Keychains

  2. Remove the newly created keychain (make sure it doesn’t contain anything important):

    rm login.keychain-db

  3. Rename the old keychain back to the default:

    mv login_renamed_1.keychain-db login.keychain-db

Voilà—data restored.

When I opened Keychain Access, it prompted me for my old password. After entering it, everything synced correctly and updated to use the new password going forward.

联系我们 contact @ memedata.com