iOS restriction password recoverer
Step 1: Create a backup
Make sure you have an unencrypted backup of you device.
Step 2: Find restriction
salt on the created backup
You'll be able to find the values for
salt on the file below
It will look something like:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>RestrictionsPasswordKey</key> <data> aI9gkP3NEG+LLL8UPyAT1ehRd7g= </data> <key>RestrictionsPasswordSalt</key> <data> hpOLll== </data> </dict> </plist>
Step 3: Execute the password cracker
# example for the example file below would be ./cli -key aI9gkP3NEG+LLL8UPyAT1ehRd7g= -salt hpOLll==
This repo is 100% inspired on http://ios7hash.derson.us. It was created because I needed to recover an iPad restriction password and the implementation of the original author wasn't fast enough (even for this small key space) due to running on browsers.
Package iosrc implements a brute force cracker for iOS restriction passwords