What kind of hash is this?
#11
Just a quick question on the script. I have been using my iPad Mini iOS 7.0.4 activated restrictions and selcted 1999 as my passphrase. Got hash and salt from the plist file of my backup.

Tried then philsmd's perl script (Crypt:TongueBKDF2 is installed). Script runs for about 20 seconds on my Linux box, takes me back to the prompt without showing the passphrase. Is there anything I am missing, any other Perl modules I need to install?

Any hint would help, I'd like to get this running for educational purpose
#12
There are several things you need to check...

1. is the input correct, the plist has the fields (salt and hash) base64 encoded, please decode them w/
echo "[saltORhash]" | base64 -d | xxd -p
-> hex encoded strings (repeat this for both hash AND salt)
2. that you have the arguments in the correct order (hash first, then salt)
3. perl works (maybe you can try w/ perl ios7.pl [hash] [salt] # replace hash and salt w/ your inputs
4. debug it by adding some print statements to see what the immediate values are etc

Probably you only miss step 1, I guess

BTW: the script could also accept base64 encoded hash/salt (but it does not do it AS-IS), the hex encoding wasn't stricly necessary, I only did it because I wanted to see if it matches in length w/ sha1 etc... so feel free to adjust the script to accept base64 (too) , this is not possible w/ the script I posted, you need to add probably 1-2 lines to it
#13
Agrrr, I am an idiot, sorry. Step 1 was my mistake, I did not decode salt and hash first.

Works perfect now, my passphrase 1999 shows up within a couple seconds.

Thx a bunch, philsmd!
#14
Just a short note for those few user here running OS X 10.9.

While decoding hash and salt on my Linux box with
echo "[saltORhash]" | base64 -d | xxd -p
worked fine, I got funny results when running it on OS X. Checking the man pages helped - as usual. Using base64 (Linux) -d is equal to --decode - the one you want.
Running OS X base64 -d is verbose (--debug) (https://developer.apple.com/library/mac/...e64.1.html). You want to use -D (--decode) so it reads:
echo "[saltORhash]" | base64 -D | xxd -p
#15
Trying to run the script. Crypt:TongueBKDF2 is installed. I have decoded the hex from my plist file but I still do not get a returned password in th terminal.

I am running the following "root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Desktop# perl ./ios7.pl 03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1 138d7df03df5"

used

echo "A5E7970CC74C5AB05AE1CF05A07CE32C8469773B" | base64 -d | xxd -p

03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1

and

echo "E4198D31" | base64 -d | xxd -p

138d7df03df5
#16
(02-21-2014, 05:34 PM)ammonsphoto Wrote: Trying to run the script. Crypt:TongueBKDF2 is installed. I have decoded the hex from my plist file but I still do not get a returned password in th terminal.

I am running the following "root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Desktop# perl ./ios7.pl 03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1 138d7df03df5"

used

echo "A5E7970CC74C5AB05AE1CF05A07CE32C8469773B" | base64 -d | xxd -p

03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1

and

echo "E4198D31" | base64 -d | xxd -p

Total idiot move. I decoded the already decoded hash. All is well in the world now.

138d7df03df5
#17
Thanks to the details here, I created a web page to make brute forcing this a little easier... Just a bit slower!

ios7hash.derson.us

It even works from the ipad itself!