hashcat Forum
Hash Format for IOS 12.x and 13.x - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hash Format for IOS 12.x and 13.x (/thread-8977.html)



Hash Format for IOS 12.x and 13.x - mikered1 - 02-17-2020

I am trying to recover the password for an encrypted Iphone Xs backup.
I ran backup2hashcat.pl on a backup made with IOS 12.x installed on the phone and got the following hash.

$itunes_backup$*10*90683dfb6......


Recently, I made another backup of the same phone on the same computer, but with IOS 13.x installed on the phone and got the following hash after running backup2hashcat.pl

$itunes_backup$*10*f3511bf3b009......

The encrypted password was never changed on the phone.
I want to run Hashcat on a wordlist I created with Mentalist  (I remember certain parts of the password).

What hash do I use?
Why are the hashes different?
Does backup2hashcat.pl even work on IOS 12.x or 13.x?
Does IOS 12.x or 13.x use a different hash format that needs other modifications in hashcat before I run through my wordlist?

Thanks


RE: Hash Format for IOS 12.x and 13.x - mikered1 - 02-19-2020

(02-17-2020, 07:59 PM)mikered1 Wrote: I am trying to recover the password for an encrypted Iphone Xs backup.
I ran backup2hashcat.pl on a backup made with IOS 12.x installed on the phone and got the following hash.

$itunes_backup$*10*90683dfb6.....

Recently, I made another backup of the same phone on the same computer, but with IOS 13.x installed on the phone and got the following hash after running backup2hashcat.pl

$itunes_backup$*10*f3511bf3b009.....

The encrypted password was never changed on the phone.
I want to run Hashcat on a wordlist I created with Mentalist  (I remember certain parts of the password).

What hash do I use?
Why are the hashes different?
Does backup2hashcat.pl even work on IOS 12.x or 13.x?
Does IOS 12.x or 13.x use a different hash format that needs other modifications in hashcat before I run through my wordlist?

Thanks

As a followup to my question above, I did an encrypted backup of another Iphone X running version 13.x  (where I made sure to remember the password Smile).
backup2hashcat.pl works fine on 13.x.
Hashcat works on 13.x
Still not sure why I get different hashes for different backups


RE: Hash Format for IOS 12.x and 13.x - philsmd - 02-19-2020

it's most probably just the "salt"/key. every time you make a backup a different encryption key and salt is used.

BTW: you are not allowed to post hashes in this forum (see https://hashcat.net/forum/announcement-2.html), it doesn't matter if it's "just your own" hash or if it is a fabricated/generated hash.