hashcat Forum
iTunes backup - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: iTunes backup (/thread-8939.html)



iTunes backup - hashnooby - 02-04-2020

Hello,

I’m new to this forum and hashcat in general and i would apreciate some help. I lost my phone data, but I have a iTunes backup on which I can’t remember the password. I experimented a little bit with hashcat, but i don’t know how to put together the command.

The password may have the first letter in big, and some numbers too maybe, i don,t know how to get this info in a command.

Thank you upfront and sorry for any spelling mistakes, English is not my first language.


RE: iTunes backup - philsmd - 02-05-2020

Did you use the perl script itunes_backup2hashcat.pl to convert the plist/backup to a "hash" ?
see https://raw.githubusercontent.com/philsmd/itunes_backup2hashcat/master/itunes_backup2hashcat.pl

It's in general not a good idea to "brute-force" slow hash types like itunes.
How long is the password ?
Is the password really random or based on a (set of) words that can be found in a dictionary etc ? Maybe a rule based attack (see https://hashcat.net/wiki/?id=rule_based_attack) is much more clever and a better strategy (but of course it depends on the randomness and length etc etc).


RE: iTunes backup - hashnooby - 02-05-2020

Yes I used this. The password is max 9 characters for sure but i can’t remember the exact lenght. Its possible that I put just numbers in or a word with some numbers maybe. I don’t think it’s really random letters. Maybe the password starts with “Ajfon”. The problem is that I don’t know how to start te process with this criterion.



(02-05-2020, 11:44 AM)philsmd Wrote: Did you use the perl script itunes_backup2hashcat.pl to convert the plist/backup to a "hash" ?
see https://raw.githubusercontent.com/philsmd/itunes_backup2hashcat/master/itunes_backup2hashcat.pl

It's in general not a good idea to "brute-force" slow hash types like itunes.
How long is the password ?
Is the password really random or based on a (set of) words that can be found in a dictionary etc ? Maybe a rule based attack (see https://hashcat.net/wiki/?id=rule_based_attack) is much more clever and a better strategy (but of course it depends on the randomness and length etc etc).



RE: iTunes backup - philsmd - 02-05-2020

Code:
hashcat -m 14800 -w 3 -a 0 -r rules/best64.rule hash.txt rockyou.txt

instead of the best64.rule, you could/should use your own "rules".
instead of rockyou.txt, you could/should use your own (medium to large size) list of words.