README

iOS restriction password recoverer

Pipeline status Pipeline status Coverage Status Go Report Card GoDoc Reference

Step 1: Create a backup

Make sure you have an unencrypted backup of you device.

Step 2: Find restriction key and salt on the created backup

You'll be able to find the values for key and salt on the file below

~/Library/Application\ Support/MobileSync/Backup/<BACKUP_HASH>/398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b

It will look something like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>RestrictionsPasswordKey</key>
	<data>
	aI9gkP3NEG+LLL8UPyAT1ehRd7g=
	</data>
	<key>RestrictionsPasswordSalt</key>
	<data>
	hpOLll==
	</data>
</dict>
</plist>

Step 3: Execute the password cracker

# example for the example file below would be
./cli -key aI9gkP3NEG+LLL8UPyAT1ehRd7g= -salt hpOLll==

Disclaimer

This repo is 100% inspired on http://ios7hash.derson.us. It was created because I needed to recover an iPad restriction password and the implementation of the original author wasn't fast enough (even for this small key space) due to running on browsers.

Expand ▾ Collapse ▴

Documentation

Overview

    Package iosrc implements a brute force cracker for iOS restriction passwords

    Index

    Examples

    Constants

    This section is empty.

    Variables

    View Source
    var (
    	// ErrInvalidSalt couldn't parse salt
    	ErrInvalidSalt = errors.New("iosrc: couldn't parse salt")
    	// ErrSorryDidntWork couldn't crack password
    	ErrSorryDidntWork = errors.New("iosrc: couldn't crack password")
    )

    Functions

    func Crack

    func Crack(key, salt string) (string, error)

      Crack brute forces iOS restriction password

      Example
      Output:
      
      4212
      

      Types

      This section is empty.

      Directories

      Path Synopsis
      cmd
      cli