Extracting token on non-live macOS

<< Click to Display Table of Contents >>

Navigation:  Elcomsoft Phone Breaker > Working with Apple devices > Extracting authentication token for iCloud > Extracting token on macOS >

Extracting token on non-live macOS

EPB allows you to extract an authentication token to iCloud from a non-live macOS, e.g., by mounting the disk image of the operating system in which the token is stored.

 

To extract the authentication token to iCloud, do the following:

1.Mount the image of the disk containing the authentication token.

2.Run Elcomsoft Phone Breaker.

3.In the Tools menu, select the Apple tab.

4.Click Extract authentication token.

5.Define the path and password to the file containing the authentication token:

Login keychain file: Enter the path to the login.keychain file that belongs to the user whose token you are decrypting. It is stored in /Users/<user name>/Library/Keychains/login.keychain by default.

Keychain password: The password to a selected login.keychain.

AuthTok_MAC

6. Click Next.

7. On the following page, define the path to the file containing the authentication token. By default this file is stored on macOS at: /Users/<user name>/Library/Application Support/iCloud/Accounts/. This file's name is a numerical representation of user's Apple ID in the form of 6-10 digits.

The user's Apple ID is displayed on top.

AuthTok_MAC_2

8. Click Extract.

9. The authentication token is extracted.

Click Save token to save the extracted string to a *.plist file.

You can now use this token to log into iCloud and download backup from iCloud or download files from iCloud.