+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hash Format for IOS 12.x and 13.x (/thread-8977.html)
Hash Format for IOS 12.x and 13.x - mikered1 - 02-17-2020
I am trying to recover the password for an encrypted Iphone Xs backup.
I ran backup2hashcat.pl on a backup made with IOS 12.x installed on the phone and got the following hash.
$itunes_backup$*10*90683dfb6......
Recently, I made another backup of the same phone on the same computer, but with IOS 13.x installed on the phone and got the following hash after running backup2hashcat.pl
$itunes_backup$*10*f3511bf3b009......
The encrypted password was never changed on the phone.
I want to run Hashcat on a wordlist I created with Mentalist (I remember certain parts of the password).
What hash do I use?
Why are the hashes different?
Does backup2hashcat.pl even work on IOS 12.x or 13.x?
Does IOS 12.x or 13.x use a different hash format that needs other modifications in hashcat before I run through my wordlist?
Thanks
RE: Hash Format for IOS 12.x and 13.x - mikered1 - 02-19-2020
(02-17-2020, 07:59 PM)mikered1 Wrote: I am trying to recover the password for an encrypted Iphone Xs backup.
I ran backup2hashcat.pl on a backup made with IOS 12.x installed on the phone and got the following hash.
$itunes_backup$*10*90683dfb6.....
Recently, I made another backup of the same phone on the same computer, but with IOS 13.x installed on the phone and got the following hash after running backup2hashcat.pl
$itunes_backup$*10*f3511bf3b009.....
The encrypted password was never changed on the phone.
I want to run Hashcat on a wordlist I created with Mentalist (I remember certain parts of the password).
What hash do I use?
Why are the hashes different?
Does backup2hashcat.pl even work on IOS 12.x or 13.x?
Does IOS 12.x or 13.x use a different hash format that needs other modifications in hashcat before I run through my wordlist?
Thanks
As a followup to my question above, I did an encrypted backup of another Iphone X running version 13.x (where I made sure to remember the password
).backup2hashcat.pl works fine on 13.x.
Hashcat works on 13.x
Still not sure why I get different hashes for different backups
RE: Hash Format for IOS 12.x and 13.x - philsmd - 02-19-2020
it's most probably just the "salt"/key. every time you make a backup a different encryption key and salt is used.
BTW: you are not allowed to post hashes in this forum (see https://hashcat.net/forum/announcement-2.html), it doesn't matter if it's "just your own" hash or if it is a fabricated/generated hash.