Extracting token on live OS X

Top  Previous  Next

You can sign in to iCloud account to download data stored there using the iCloud Authentication token.

To get an Authentication token to iCloud, you will need an Elcomsoft Apple Token Extractor for OS X. This tool is shipped together with EPB (atex.dmg file). You can find in in EPB installation folder.

Elcomsoft Apple Token Extractor supports OS X versions up to 10.10.

EPB allows you to extract authentication tokens for:

Current iCloud user
Other iCloud user
User of a non-live operating system (e.g., by using disk image mounted to the current computer)

 

User permissions required for getting authentication token:

Authentication Token For

Permissions Required

iCloud account of the currently logged OS X user

User's permissions are enough

iCloud account of a different OS X user

root permissions are required

 

To extract the Authentication token for the current iCloud user, do the following:

 

1.Before running atex, save atex.dmg file to a removable drive or to a folder where you want the file with authentication token to be saved.
2.Mount atex by double-clicking the atex.dmg file or by selecting the corresponding option in the right-click menu.
3.Go to the directory where the atex file is stored.
4.Launch the atex file. The file "icloud_token_<timestamp>.plist" will be created in the Users/<current user name> directory.

   You will see the full path to the created file in the opened Terminal window.

5.The created "icloud_token_<timestamp>.plist" file contains the Authentication token of the current iCloud user.

 

To extract the Authentication token for a different iCloud user, do the following:

1.Before running atex, save the atex.dmg file to a removable drive or to a folder where you want the file with authentication token to be saved.
2.Mount atex by double-clicking the atex.dmg file or by selecting the corresponding option in the right-click menu.
3.Open the command-line Terminal.
4.Go to the directory where the atex file is stored.
5.To list all iCloud users, use the command sudo atex -l or sudo atex --iCloudUserList

sudo command is used to get root privileges for running the program.

6.Enter the password of the root user when prompted.
7.The list of all iCloud users will be displayed.
8.To get authentication token, run the command sudo atex --getTokenOnline -u <username>

   For example: sudo atex --getTokenOnline -u mary

9.Enter the password for the selected user when prompted.

Screen Shot 2014-06-13 at 12.19.08 AM

10.Click Allow when asked to provide access to the confidential information in keychain.

Screen Shot 2014-06-13 at 12.20.03 AM

11. The file "icloud_token_<timestamp>.plist" will be created in the directory from which atex was launched.

   You will see the full path to the created file in the opened Terminal window.

12. The created "icloud_token_<timestamp>.plist" file contains the Authentication token of the selected iCloud user.

auth_mac

 

 

Parameters for running atex in the Terminal:

Parameter

Meaning

-h or [--help]

Displays help message

-l or [--iCloudUserList]

Displays usernames of iCloud users

--getTokenOnline

Gets authentication token for the user specified in -u parameter.

-u [username]

Indicates a specified user. Username should be entered without brackets.