encrypted itunes backup help
Hi all, i really need a bit of advice from someone with experience. I'm brand new to the forum and new to Hashcat, i'm only here because i've ended up with a crisis on my hands. My backup of my iphone has somehow ended up encrypted and i have no idea what the password might be, all my photos of my kids growing up, holidays etc are all on that backup so i'm desperate to retrieve it.
The password might be a mix of upper and lower case letters, numbers, misspelt words and of any length and i really would appreciate advice on the best way to crack it.
I've already created the .txt file to crack from the manifest.plist and hashcat is up and running, its just knowing how to attack it.
All advice would be very much appreciated. Lee
Is cracking the pw even possible?
Possible ? yes. Probable ? that's the whole fun with hashcracking, it depends.

Some of the things that make it more probable would be:
- the algo used being fast (ntlm is usually easier than bcrypt because of the big speed difference)
- knowledge about the actual password (charsets, positions, words...)

In your case the hash algorithm isn't the slowest, but we can't really say it's fast, so that doesn't help, then you say that you basically have very little knowledge of what the password actually is, again, doesn't help.

If there are actual words in it, a wordlist based attack with some (custom) rules might find it.
If it's just random, and not too long, a mask attack with the known charsets/positions could find it.

Also: don't create a new thread with the exact same message
Is it possible to find out anything at all about the password by examining the hash? To at least give me an idea of a viable attack.
No, if done well a hash algo is a one way function, and you can't tell anything about the input by looking at the output.
(11-27-2021, 07:26 PM)Xanadrel Wrote: No, if done well a hash algo is a one way function, and you can't tell anything about the input by looking at the output.
Thanks, althought thats quite discouraging. I attempted a sample itunes backup with a known password of seven lower case letters long, the password is in fact "hashcat". I suspect a dictionary attack would be useless since "hashcat" isn't actually a word, so i went for a brute force attack: ?l?l?l?l?l?l?l, according to hashcat i'm looking at over 4 years to run that attack. I wondered if i could reduce the time by perhaps strategically using vowels and consonants or some other trick, do you have any pointers?