encrypted itunes backup help
#1
Hi all, i really need a bit of advice from someone with experience. I'm brand new to the forum and new to Hashcat, i'm only here because i've ended up with a crisis on my hands. My backup of my iphone has somehow ended up encrypted and i have no idea what the password might be, all my photos of my kids growing up, holidays etc are all on that backup so i'm desperate to retrieve it.
The password might be a mix of upper and lower case letters, numbers, misspelt words and of any length and i really would appreciate advice on the best way to crack it.
I've already created the .txt file to crack from the manifest.plist and hashcat is up and running, its just knowing how to attack it.
All advice would be very much appreciated. Lee
Reply
#2
Is cracking the pw even possible?
Reply
#3
Possible ? yes. Probable ? that's the whole fun with hashcracking, it depends.

Some of the things that make it more probable would be:
- the algo used being fast (ntlm is usually easier than bcrypt because of the big speed difference)
- knowledge about the actual password (charsets, positions, words...)

In your case the hash algorithm isn't the slowest, but we can't really say it's fast, so that doesn't help, then you say that you basically have very little knowledge of what the password actually is, again, doesn't help.

If there are actual words in it, a wordlist based attack with some (custom) rules might find it.
If it's just random, and not too long, a mask attack with the known charsets/positions could find it.

Also: don't create a new thread with the exact same message
Reply
#4
Is it possible to find out anything at all about the password by examining the hash? To at least give me an idea of a viable attack.
Reply
#5
No, if done well a hash algo is a one way function, and you can't tell anything about the input by looking at the output.
Reply
#6
(11-27-2021, 07:26 PM)Xanadrel Wrote: No, if done well a hash algo is a one way function, and you can't tell anything about the input by looking at the output.
Thanks, althought thats quite discouraging. I attempted a sample itunes backup with a known password of seven lower case letters long, the password is in fact "hashcat". I suspect a dictionary attack would be useless since "hashcat" isn't actually a word, so i went for a brute force attack: ?l?l?l?l?l?l?l, according to hashcat i'm looking at over 4 years to run that attack. I wondered if i could reduce the time by perhaps strategically using vowels and consonants or some other trick, do you have any pointers?
Reply
#7
(11-28-2021, 11:08 PM)Lee1978 Wrote:
(11-27-2021, 07:26 PM)Xanadrel Wrote: No, if done well a hash algo is a one way function, and you can't tell anything about the input by looking at the output.
Thanks, althought thats quite discouraging. I attempted a sample itunes backup with a known password of seven lower case letters long, the password is in fact "hashcat". I suspect a dictionary attack would be useless since "hashcat" isn't actually a word, so i went for a brute force attack: ?l?l?l?l?l?l?l, according to hashcat i'm looking at over 4 years to run that attack. I wondered if i could reduce the time by perhaps strategically using vowels and consonants or some other trick, do you have any pointers?

I'm also new here.
Your post has me wondering what my chances are...
I'm surprised "hashcat" would take 4 years.
What kind of system are you using?
How much faster would this go if you had a few video cards to help you along?
Reply
#8
I'm also new here.
Your post has me wondering what my chances are...
I'm surprised "hashcat" would take 4 years.
What kind of system are you using?
How much faster would this go if you had a few video cards to help you along?
[/quote]

Are you trying to retrieve your iphone backup too? I've more or less given up all hope, this forum doesnt seem all that helpful and im well out of my depth.
Im running a Lenovo L340, it's got a halfway decent graphics card but it seems like hashcat doesnt like it, it apears it will only run with the onboard high definintion gpu rather than the better geforce gtx i'd like to use.
Reply
#9
What have you tried?

The biggest problem with what you're attempting is that an iPhone backup uses an extremely expensive hash to protect the password, so much so that even with huge amounts of hashing power you'd still need to be very lucky (or know most of the password you used) to break it.
Reply
#10
(12-08-2021, 04:23 PM)Lee1978 Wrote: I'm also new here.
Your post has me wondering what my chances are...
I'm surprised "hashcat" would take 4 years.
What kind of system are you using?
How much faster would this go if you had a few video cards to help you along?

Are you trying to retrieve your iphone backup too? I've more or less given up all hope, this forum doesnt seem all that helpful and im well out of my depth.
Im running a Lenovo L340, it's got a halfway decent graphics card but it seems like hashcat doesnt like it, it apears it will only run with the onboard high definintion gpu rather than the better geforce gtx i'd like to use.
[/quote]

No, I'm trying a wallet file but similar to your hash issue, mine uses scrypt so it is a very slow process.
Although I have some good ideas about the password, I just keep scouring the forums looking for people going through similar things but it seems a lot of people who might have solved their problem don't come back to report on their success with the final steps they use so we miss a crucial step that might help.
Still going to keep trying though for now.
Reply