What kind of hash is this?
#1
Hello guys. I've been looking all day to figure this out, but no luck yet. I've run it through identifiers and such.

This key is from IOS 7, off of an iPhone 5s. I use the restrictions to remove unwanted apps, prevent me from accidentally buying in-app purchases, etc. Somehow I have forgotten the pin at this point and can't get back in. From what I gather, I could reset my phone, but I would have to set it up as a new phone (pain in the butt), and I would rather avoid that if all possible.

This is pulled from the com.apple.restrictionspassword.plist file

Code:
    <key>RestrictionsPasswordKey</key>
    <data>
    J94ZcXHm1J/F9Vye8GwNh1HNclA=
    </data>
    <key>RestrictionsPasswordSalt</key>
    <data>
    /RHN4A==
    </data>

The code is numerical pin with 4 figures XXXX

Any ideas? If so, how would I go about decrypting it (if its even possible)?

Thanks in advance.
#2
The key has the size of a SHA1 hash. Of course it's possible, you just need to figure out if it's just sha1(p.s) or sha1(s.p) or something else (like iterated, or sha1(sha1(s).sha1(p)) for example).
#3
Thank you, that's helpful. One thing I've been confused about is when running a p.s or s.p am I supposed to append the salt to the password? If so, what conjunction do I use?

Thanks again.
#4
you'll append the salt to the hash, and usually separate them with a colon, your hash in hex is 27de197171e6d49fc5f55c9ef06c0d8751cd7250:fd11cde0
#5
Hello, did you ever figure out how to decrypt this hash? I have the same problem with my iOS 7 device.
Thanks
#6
(01-03-2014, 02:39 AM)phantom23 Wrote: Hello, did you ever figure out how to decrypt this hash? I have the same problem with my iOS 7 device.
Thanks

If the posted hash above was real, it's not plain sha1 nor HMAC. If someone posts a hash for a *known* key we might be able to figure it out. The keyspace is miniscule. Maybe it's pbkdf2-hmac-sha1 but we don't know how many iterations.
#7
Here it seems to be very easy to find the algorithm... you just need to look for (or have) some known hashConfusedalt:plain tuples.

E.g. this list (hashConfusedalt masked):
1. hashConfusedalt above (231cXXXX18a4cee66XXX7cd4XXXX670XXX80XXf9:XXX6XX5e)
2. for instance this one: http://forum.insidepro.com/viewtopic.php?t=24434 (3XXX2711XXXXXc2d2deaXXXX785343XXXX4dXXX:9XXcbXdX)
3. the most important: at least one w/ known plain, e.g. https://discussions.apple.com/message/23872506 (27XXX97171eXXX9fc5fXXX9ef06cXXXX51XX7XXX:fdXXcXeX)

Since we have a known hashConfusedalt:plain (number 3) and we know:
1. "length" of hash seems to be the same as SHA1
2. apple recently tend to use PBKDF (7100 = OS X v10.8 , http://hashcat.net/wiki/doku.php?id=example_hashes )

We just need to (automatically) try to crack it w/ some different iterations, either:
1. some known one first
2. all from e.g. 1 - 10000 (well, some of those seem to be very unlikely, but still)

The result, we get:
231cXXXX18a4cee66XXX7cd4XXXX670XXX80XXf9:XXX6XX5e:1000:1234
3XXX2711XXXXXc2d2deaXXXX785343XXXX4dXXX:9XXcbXdX:1000:5490
27XXX97171eXXX9fc5fXXX9ef06cXXXX51XX7XXX:fdXXcXeX:1000:3956

Well, since we got those 3 output lines, it is very likely Wink that 1000 (only!!!) is the number of iterations

Ps. this format is not yet supported by *hashcat (PBKDF2-HMAC-SHA1).
PPS. good hints, magnum
#8
(01-03-2014, 02:02 PM)philsmd Wrote: Here it seems to be very easy to find the algorithm... you just need to look for (or have) some known hashConfusedalt:plain tuples.

E.g. this list (hashConfusedalt masked):
1. hashConfusedalt above (231cXXXX18a4cee66XXX7cd4XXXX670XXX80XXf9:XXX6XX5e)
2. for instance this one: http://forum.insidepro.com/viewtopic.php?t=24434 (3XXX2711XXXXXc2d2deaXXXX785343XXXX4dXXX:9XXcbXdX)
3. the most important: at least one w/ known plain, e.g. https://discussions.apple.com/message/23872506 (27XXX97171eXXX9fc5fXXX9ef06cXXXX51XX7XXX:fdXXcXeX)

Since we have a known hashConfusedalt:plain (number 3) and we know:
1. "length" of hash seems to be the same as SHA1
2. apple recently tend to use PBKDF (7100 = OS X v10.8 , http://hashcat.net/wiki/doku.php?id=example_hashes )

We just need to (automatically) try to crack it w/ some different iterations, either:
1. some known one first
2. all from e.g. 1 - 10000 (well, some of those seem to be very unlikely, but still)

The result, we get:
231cXXXX18a4cee66XXX7cd4XXXX670XXX80XXf9:XXX6XX5e:1000:1234
3XXX2711XXXXXc2d2deaXXXX785343XXXX4dXXX:9XXcbXdX:1000:5490
27XXX97171eXXX9fc5fXXX9ef06cXXXX51XX7XXX:fdXXcXeX:1000:3956

Well, since we got those 3 output lines, it is very likely Wink that 1000 (only!!!) is the number of iterations

Ps. this format is not yet supported by *hashcat (PBKDF2-HMAC-SHA1).
PPS. good hints, magnum

Thanks so much for the tips...this definitely points me in the right direction. However, if PBKDF2-HMAC-SHA1 is not yet supported by hashcat, how does one go about decrypting these hashes?
#9
Do it like I did:
since there are only pins of length 4 and the range is 0000 - 9999, you can just quickly iterate through this list w/ a few lines of code...
Below are some lines of perl... run it as ./ios7.pl hash salt
for instance (masked): ./ios7.pl 27XXX97171eXXX9fc5fXXX9ef06cXXXX51XX7XXX fdXXcXeX

ios7.pl
Code:
#!/usr/bin/env perl

use Crypt::PBKDF2;

if (@ARGV < 2)
{
  print "[!] Error: please specify hash (first argument) and salt (second argument)\n";
  exit (1);
}

my $match = pack ("H*", $ARGV[0]); # TODO: check if it is of lenght 40
my $salt  = pack ("H*", $ARGV[1]); # of length 8?
my $iter  = 1000;

my $pbkdf2 = Crypt::PBKDF2->new (hash_class => 'HMACSHA1', iterations => $iter);

my $num;

for ($num = 0; $num < 10000; $num++)
{
  my $pass = sprintf ("%04d", $num);

  my $hash = $pbkdf2->PBKDF2 ($salt, $pass);

  if ($match eq $hash)
  {
    printf ("%s:%s:%s:%s\n", unpack ("H*", $hash), unpack ("H*", $salt), $iter, $pass);
    exit (0);
  }
}
exit (1);

This should be fast enought for the ios7 bruteforcing, it takes just some seconds on my system for a full bruteforce 0000 - 9999...
But ofc... we could think of adding a pbkdf2-hmac-sha1 w/ variable iterations to *hashcat (if you insist in this feature, you could request it on trac... but for sure not needed for this kind of bruteforce - 4 digits only).

PS. we do not "decrypt" hashes (because they are not encrypted) - we crack them
PPS. you need to know how to run perl script otherwise it won't help
#10
Thank you so much, philsmd! The script worked perfectly, and I was able to crack the passcode - you rock!