So how does a programmer like myself approach a problem like this? In recent years, Apple’s Instruments application has become an incredible asset for tracking down weird behavior not only in my own apps, but in other apps and in the system itself. I opened it up and started a new “Time Profiler” instrumentation session, targeting Safari. I know that Safari used to<\/em> autofill my password whenever I typed in an account name that it recognized, so I start Instruments “sampling” Safari while I type my PayPal account name into the PayPal login page, and stop it after I’m done.<\/p>\n I want to figure out where Safari is failing to get my password, so I take a wild leap and assume the corresponding function call in Safari contains the word “password.” Typing this into the Instruments search box yields promising results:<\/p>\n Now I know that Safari is at least\u00a0making an effort<\/em> to fetch the corresponding password for me. I see that it’s calling -[NSURLCredential password], which in turn calls a lower-level Keychain Services function, SecItemCopyMatching(). But why isn’t it filling in my password?<\/p>\n At this point I switch to gdb, where i can attach to the running instance of Safari and dig a little deeper into the issue.<\/p>\n I know from Instruments that Safari will call this method when it tries to autofill my password, so I go back to Safari and enter my PayPal ID again. Sure enough, Safari “freezes” indicating that gdb has interrupted it where my breakpoint was set. Now, I realize this isn’t for the faint of heart, but you can use gdb to effectively debug an application, even if you don’t have the source code. You just have to know a bit about how Apple’s compiler translates source code into corresponding assembly language instructions, and where the arguments are placed<\/a> when calling methods.<\/p>\n What I’ve done here is first delete the breakpoint, so I don’t get interrupted while poking around from gdb itself. Then, I display the NSURLCredential object’s description, confirming it corresponds to the account I’m trying to log into. Finally, I call the password method on this NSURLCredential object myself, so I can see quickly and easily what the response will be. Gdb’s objection to trying to print a NIL object confirms that the password is not being returned.<\/em> I am further able to confirm with NSURLCredential’s “hasPassword” method that the keychain does have a password for this account<\/em>, but it isn’t being returned.<\/p>\n Here we have a situation where apparently Safari is trying to get my password, but the system is vexing it. Let’s confirm by setting a breakpoint a little deeper, at the Keychain Services level that we also noticed in Instruments.<\/p>\n So far, so good. It looks like NSURLCredential is properly passing a set of criteria to the keychain, describing the kind of password item it’s looking for. I take a peek at the second argument to SecItemCopyMatching, which is a pointer to where the result will be stored, and then I ask gdb to continue executing until the function is complete.<\/p>\n When gdb returns control to me, I know the function has finished calling, so I examine the result area in memory.<\/p>\n![\"Instruments\"](\"http:\/\/www.red-sweater.com\/blog\/wp-content\/downloads\/2011\/07\/Instruments.png\" "\\"Instruments.png\\"")
<\/p>\n% gdb\n(gdb) attach Safari\n(gdb) b -[NSURLCredential password]\nBreakpoint 1 at 0x7fff8ddff4af\n(gdb) c\nContinuing.\n<\/pre>\n
Breakpoint 1, 0x00007fff8ddff4af in\n-[NSURLCredential password] ()\n(gdb) d\nDelete all breakpoints? (y or n) y\n(gdb) po $rdi\n<NSURLCredential: 0x7ffd34d62920>: paypal@jalkut.com\n(gdb) po [$rdi password]\n2: x\/i $pc 0x7fff9192760e <gdb_class_getClass+4>:\n\tmov 0x20(%rdi),%rax\nCan't print the description of a NIL object.\n(gdb)\n(gdb) p (int) [$rdi hasPassword]\n$11 = 1\n<\/pre>\n
(gdb) b SecItemCopyMatching\nBreakpoint 3 at 0x7fff85919582\n(gdb) c\nContinuing.\n\nBreakpoint 3, 0x00007fff85919582 in SecItemCopyMatching ()\n(gdb) po $rdi\n{\n acct = \"paypal@jalkut.com\";\n atyp = form;\n cdat = \"2007-06-02 16:17:01 +0000\";\n class = inet;\n desc = \"Web form password\";\n icmt = default;\n labl = \"www.paypal.com (paypal@jalkut.com)\";\n \"m_Limit\" = \"m_LimitOne\";\n mdat = \"2011-07-29 15:30:15 +0000\";\n port = 0;\n ptcl = htps;\n \"r_Data\" = 1;\n srvr = \"www.paypal.com\";\n}\n<\/pre>\n(gdb) x\/x $rsi\n0x7fff62eb3590:\t0x0000000000000000\n(gdb) fin\nRun till exit from #0 0x00007fff85919582 in SecItemCopyMatching ()\n0x00007fff86417c29 in URLCredentialInternetPassword::copyPassword ()\n<\/pre>\n
(gdb) x\/x 0x7fff62eb3590\n0x7fff62eb3590:\t0x0000000000000000\n<\/pre>\n
![\"AuthorizedApps\"](\"http:\/\/www.red-sweater.com\/blog\/wp-content\/downloads\/2011\/07\/AuthorizedApps.png\" "\\"AuthorizedApps.png\\"")
<\/p>\n