Posts: 48
Threads: 7
Joined: Jun 2013
Just a quick question on the script. I have been using my iPad Mini iOS 7.0.4 activated restrictions and selcted 1999 as my passphrase. Got hash and salt from the plist file of my backup.
Tried then philsmd's perl script (Crypt:
BKDF2 is installed). Script runs for about 20 seconds on my Linux box, takes me back to the prompt without showing the passphrase. Is there anything I am missing, any other Perl modules I need to install?
Any hint would help, I'd like to get this running for educational purpose
Posts: 2,267
Threads: 16
Joined: Feb 2013
01-15-2014, 02:57 PM
(This post was last modified: 01-15-2014, 02:58 PM by philsmd.)
There are several things you need to check...
1. is the input correct, the plist has the fields (salt and hash) base64 encoded, please decode them w/
echo "[saltORhash]" | base64 -d | xxd -p
-> hex encoded strings (repeat this for both hash AND salt)
2. that you have the arguments in the correct order (hash first, then salt)
3. perl works (maybe you can try w/ perl ios7.pl [hash] [salt] # replace hash and salt w/ your inputs
4. debug it by adding some print statements to see what the immediate values are etc
Probably you only miss step 1, I guess
BTW: the script could also accept base64 encoded hash/salt (but it does not do it AS-IS), the hex encoding wasn't stricly necessary, I only did it because I wanted to see if it matches in length w/ sha1 etc... so feel free to adjust the script to accept base64 (too) , this is not possible w/ the script I posted, you need to add probably 1-2 lines to it
Posts: 48
Threads: 7
Joined: Jun 2013
Agrrr, I am an idiot, sorry. Step 1 was my mistake, I did not decode salt and hash first.
Works perfect now, my passphrase 1999 shows up within a couple seconds.
Thx a bunch, philsmd!
Posts: 48
Threads: 7
Joined: Jun 2013
Just a short note for those few user here running OS X 10.9.
While decoding hash and salt on my Linux box with
echo "[saltORhash]" | base64 -d | xxd -p
worked fine, I got funny results when running it on OS X. Checking the man pages helped - as usual. Using base64 (Linux) -d is equal to --decode - the one you want.
Running OS X base64 -d is verbose (--debug) (
https://developer.apple.com/library/mac/...e64.1.html). You want to use -D (--decode) so it reads:
echo "[saltORhash]" | base64 -D | xxd -p
Posts: 2
Threads: 0
Joined: Feb 2014
Trying to run the script. Crypt:
BKDF2 is installed. I have decoded the hex from my plist file but I still do not get a returned password in th terminal.
I am running the following "root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Desktop# perl ./ios7.pl 03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1 138d7df03df5"
used
echo "A5E7970CC74C5AB05AE1CF05A07CE32C8469773B" | base64 -d | xxd -p
03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1
and
echo "E4198D31" | base64 -d | xxd -p
138d7df03df5
Posts: 2
Threads: 0
Joined: Feb 2014
(02-21-2014, 05:34 PM)ammonsphoto Wrote: Trying to run the script. Crypt:BKDF2 is installed. I have decoded the hex from my plist file but I still do not get a returned password in th terminal.
I am running the following "root@The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali):~/Desktop# perl ./ios7.pl 03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1 138d7df03df5"
used
echo "A5E7970CC74C5AB05AE1CF05A07CE32C8469773B" | base64 -d | xxd -p
03913bf7bd020bbe02e40074e40135085d39034ec2137d82f38ebdefbdc1
and
echo "E4198D31" | base64 -d | xxd -p
Total idiot move. I decoded the already decoded hash. All is well in the world now.
138d7df03df5
Posts: 1
Threads: 0
Joined: Apr 2014
Thanks to the details here, I created a web page to make brute forcing this a little easier... Just a bit slower!
ios7hash.derson.us
It even works from the ipad itself!