iTunes / Hashcat help

[xunune]

Hi everybody,

I am an IT noob and have never done any of this stuff. Unfortunately my iPhone 13 decided to reset itself after a failed update, and the only available backup I have is encrypted. 

I've read the forum rules and I am aware of not posting any actual stuff on here, so please advise/forgive me if I do.
I have followed the guide to extract an iTunes hash, and compiled the manifest.txt file. Also using rockyou.txt and an additional Wordlist.txt which contains around all the passwords I can think of.

I'm on Windows 10, and using K@li in VBM. When I run:
hashcat -m 14800 -a 3 '/home/k***/Desktop/Manifest123.txt' '/home/k***/Desktop/rockyou.txt' '/home/k***/Desktop/Wordlist.txt'
hashcat -m 14800 -a 0 '/home/k***/Desktop/Manifest123.txt' '/home/k***/Desktop/rockyou.txt' '/home/k***/Desktop/Wordlist.txt'

I get no recovered options.

I've read in another post about "using your own list of passwords and use the following command on it: hashcat --force --stdout your_pass_list.txt -r rules/dive.rule > output_pass_list.txt. Then you run the generated list on your hash", but I cannot figure out how to amend the syntax to include this.

Please let me know if I have posted correctly and apologies in advance if I haven't.

Any help is greatly appreciated. Thank you so much

[Snoopy]

this is a perfect example for a situation where you should first start with trying to crack a known password

so start making a backup of your "empty" phone with a known pass and extract your hash, im not sure wheter iPhone uses your appleID password or your phone pin or if you have to provide a password when making a backup, so this is the first point, use a simple pass like 1234test or similar

never the less, extract this hash and try to crack it, if this cracking is sucessful, you know, that your workflow is correct

second
using wordlists found on the internet to crack a personal password is waste of time (except for one circumstance, that your pass is really really simple and common

it is better to generate a wordlist providing your passwordstyle or known passes, pins you use and combin them with rules

-a3 is bruteforce, mixing this with wordlist wont work
-a0 is wordlsit, you can provide rules with option -r

hashcat -a0 -m 14800 -r rulesfile hashfile dictionary

[xunune]

Thank you for the feedback, will try with rules

[xunune]

Hi Snoopy, backed up my new/empty phone with a simple encrypted pw, then used the same method (hash, known pw list) and it cracked it within 2 min. So hopefully the workflow is right

My current method is using hash, known pw list, and rules but still getting no recovery options. Do you think my only option is brute force (am aware it will potentially take forever) or can I somehow combine a known pw list with another function?