What kind of hash is this?

[philsmd]

Do it like I did:
since there are only pins of length 4 and the range is 0000 - 9999, you can just quickly iterate through this list w/ a few lines of code...
Below are some lines of perl... run it as ./ios7.pl hash salt
for instance (masked): ./ios7.pl 27XXX97171eXXX9fc5fXXX9ef06cXXXX51XX7XXX fdXXcXeX

ios7.pl

Code:

#!/usr/bin/env perl

use Crypt::PBKDF2;

if (@ARGV < 2)
{
  print "[!] Error: please specify hash (first argument) and salt (second argument)\n";
  exit (1);
}

my $match = pack ("H*", $ARGV[0]); # TODO: check if it is of lenght 40
my $salt  = pack ("H*", $ARGV[1]); # of length 8?
my $iter  = 1000;

my $pbkdf2 = Crypt::PBKDF2->new (hash_class => 'HMACSHA1', iterations => $iter);

my $num;

for ($num = 0; $num < 10000; $num++)
{
  my $pass = sprintf ("%04d", $num);

  my $hash = $pbkdf2->PBKDF2 ($salt, $pass);

  if ($match eq $hash)
  {
    printf ("%s:%s:%s:%s\n", unpack ("H*", $hash), unpack ("H*", $salt), $iter, $pass);
    exit (0);
  }
}
exit (1);

This should be fast enought for the ios7 bruteforcing, it takes just some seconds on my system for a full bruteforce 0000 - 9999...
But ofc... we could think of adding a pbkdf2-hmac-sha1 w/ variable iterations to *hashcat (if you insist in this feature, you could request it on trac... but for sure not needed for this kind of bruteforce - 4 digits only).

PS. we do not "decrypt" hashes (because they are not encrypted) - we crack them
PPS. you need to know how to run perl script otherwise it won't help