Jump to content
Fi8sVrs

iOSRestrictionBruteForce - Crack iOS Restriction Passcodes with Python

By Fi8sVrs, in Mobile security

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

iOS Restriction Passcode Brute Force

Overview

This version of the application is written in Python, which is used to crack the restriction passcode of an iPhone/iPad takes advantage of a flaw in unencrypted backups allowing the hash and salt to be discovered.

68747470733a2f2f63646e2e696765656b73626c

Bruteforce

  1. Get the Base64 key and salt from the backup file in Computer.

  2. Decode the Base64 key and salt.

  3. Try from 1 to 9999 to with the pbkdf2-hmac-sha1 hash with Passlib

 

How to Use

  1. Make sure to use iTunes to backup the iOS device to computer

  2. Run ioscrack.py 

python ioscrack.py

Dependencies

This has been tested with Python 2.6 and 2.7.

Requires Passlib 1.7 Install with: 

pip install passlib

License

MIT License

 

Download: iOSRestrictionBruteForce-master.zip 

git clone https://github.com/thehappydinoa/iOSRestrictionBruteForce.git

Mirror:

ioscrack.py 

#!/usr/bin/python
# Filename: ioscrack.py

from passlib.utils.pbkdf2 import pbkdf2
from time import time
import os
import sys
import base64

HOMEDIR = '~/Library/Application Support/MobileSync/Backup/'


def crack(secret64, salt64):
    print "secret: ", secret64
    print "salt: ", salt64
    secret = base64.b64decode(secret64)
    salt = base64.b64decode(salt64)
    start_t = time()
    for i in range(10000):
        key = "%04d" % (i)
        out = pbkdf2(key, salt, 1000)
        if out == secret:
            print "key: ", key
            duration = time() - start_t
            print "%f seconds" % (duration)
            sys.exit(0)
    print "no exact key"


try:
    backup_dir = os.listdir(HOMEDIR)
    for bkup_dir in backup_dir:
        passfile = open(HOMEDIR + bkup_dir +
                        "/398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b", "r")
        line_list = passfile.readlines()
        secret64 = line_list[6][1:29]
        salt64 = line_list[10][1:9]
        crack(secret64, salt64)
except Exception as e:
    while not secret64:
        secret64 = raw_input("Enter Secret Key: ")
        if secret64 < 3:
            secret64 = NONE
    while not salt64:
        salt64 = raw_input("Enter Salt: ")
        if salt64 < 10:
            salt64 = NONE
crack(secret64, salt64)

.travis.yml 

language: python
python:
  - "2.6"
  - "2.7"
install:
  - pip install pbkdf2
script:
- py.test

Source: https://github.com/thehappydinoa/iOSRestrictionBruteForce

  • Upvote 2

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...