iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker works on all iDevices running iOS 7 – 11.

NB: With iOS 12, Apple moved the Restrictions Passcode into the Keychain, meaning this service is no longer effective against iDevices on iOS 12 and higher. I know, sad isn’t it?
 
Nothing for you to worry about, your new solution is Pinfinder, a small, downloadable freeware cross-platform utility that will recover your Restrictions Passcode from an iOS 12+ backup. Easy & effective.
 
Forgotten your iOS Restrictions Passcode? Yeah, so had I, on my 32GB iPod Touch A1421. What a PIA, there’s no remote recovery option for that one. Stink. What I needed was an iOS Restrictions Passcode Cracker to remove the Restrictions Passcode.
 
Without an iOS Restrictions Passcode Cracker, I was looking at a full iOS update/restore to rid the pesky forgotten code. The official word from Apple was not good –
 
If you forget your Restrictions passcode, you need to erase your device, then set it up as a new device to remove the Restrictions passcode. Restoring your device using a backup won’t remove the Restrictions passcode.(source: Apple.com)
 
I’d lose my jailbreak & be forever pissed that a simple 4-digit code beat me. shakes fist at sky You could train a monkey to find the passcode – eventually. End up with monkey spit all over your iDevice too, but that’s another story.
 
Look, recently Apple has shown that they can apply excellent security to protect their products (iCloud from iOS 7.1.2 on for example). Often though, they leave a hole so wide you can drive a truck through it. (rm /var/db/.applesetupdone anyone? Or resetpassword even?)
 
One of the repeated shortcomings of technology in general is to limit PIN passcodes to 4 digits – thereby reducing the possible target range to a maximum of 10,000 (0000 – 9999, your answer is somewhere in here.) This shortcoming affects your bank PIN, Android device, TV lock code, and Apple too. By itself, this is not secure protection.
 
Apple have no record of Restrictions Passcodes via the Apple ID mechanism, therefore the passcode data is on your device, right? Well obviously it is. Let’s find it. Where should you look? In an unencrypted iTunes backup, that’s what backups are for – storing data from a device.
 
It’s public knowledge that Apple obfuscate data  with the pbkdf2-hmac-sha1 encryption, leaving a string of garbled text that requires decryption to be of any use. So, the process is – find the string, copy it, crack the encryption, pr0fit!!
 
Let’s Get Cracking!
 
If you have a Jailbreaked device, and thus root-level access to the file system, search for com.apple.restrictionspassword.plist, using either iFile from the device or a PC tool like iTools or iFunbox. Open the .plist, copy the RestrictionsPasswordKey data and RestrictionsPasswordSalt data then paste it into the relevant form boxes of the iOS Restrictions Passcode Cracker below.
 
If your iDevice is not JB’d, then you need to extract the string from an unencrypted iTunes backup. Windows users can find your backup folders here: – %SYSTEMDRIVE%/Users/*Your Username*/Appdata/Roaming/Apple Computer/MobileSync/Backup/Long Random Number/ and on Mac ~/Library/Application Support/MobileSync/Backup/
 
Inside the folders there’s a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b – this contains the encrypted data string that we need. Copy that file name & use your OS Search function.
 
Found it? Good. Now open the file with a simple text editor (ie Notepad) to expose data that reads like this:

RestrictionsPasswordKey      M/p4734c8/SOXZnGgZot+BciAW0=
RestrictionsPasswordSalt     aSbUXg==

So the required data is:

Key: M/p4734c8/SOXZnGgZot+BciAW0=
Salt: aSbUXg==

The Magic:

Simply copy/paste the two strings into the relevant iOS Restrictions Passcode Cracker form boxes below. (Really, copy/paste – it’s too easy to make a mistake transcribing manually) Next, hit the blue Crack It button & wait til it iterates through the possibilities.

You can select your preferred range – if you know for sure that your lost passcode didn’t start with 00, for example, then enter 1000 in the Starting box.

NB: This is a private transaction. No data is transmitted from this page. All the work is done in your browser by Crypto.js

iOS Passcode Cracker

Pro Tip:

Use a very analog version of distributed computing to decimate the time required to crack your iOS Restrictions Passcode. Open 5 browser tabs with the iOS Restrictions Passcode Cracker loaded in each.  Set the Starting Passcodes at 0000 (default), 2000, 4000, 6000, 8000, then hit the blue button in each tab.

Your time saved is dependent on which tab finds the answer. If it’s the first tab, no time saved, sorry ’bout it. But if it’s the last tab & the answer is 9000, then you’ve only calculated 1000 passcodes to get to an answer that’s revealed after 9000 guesses in a single-iteration system. Quantified, at 4 attempts/sec, your answer is revealed in just over 4 minutes, whereas the single tab approach wont reveal the solution for well over half an hour yet.

Either way, soon enough, your iOS Restrictions Passcode will be revealed.  This is not a maybe solution, if you’ve entered the Key & Salt data correctly then this app will find the answer.

This page would not exist without the work of Hashcat and John The Ripper.  You want cracking skills? Go visit them.

Did you like that? It worked for you? Please leave a comment, tell me about it.

246 thoughts on “iOS Restrictions Passcode Cracker

  1. Hi all, many thanks to Megabyte 1024kb, this iOS cracker is a cracker, cracked my iPhone in under 4 mins, spent 4 days looking at Itunes, YouTube, relentless web know it all’s, resets, re-resets master resets, OMFG total waste of time, HERE is where you need to be, that is all..:)

  2. My mom put restrictions on my phone and now i dont have the app store or anything. I need to reset the password because she forgot it. What is one that will work on an iphone 6s?

    1. It’s not the hardware that’s relevant, it’s the firmware that your i6S is running.
      To find out, go Preferences / General / About then look in the list there for Version. If the version is 11 or under, then follow the instructions on this page. If you’re running 12, then grab the download from Pinfinder. Either way, you do need to use iTunes to do a full, unencrypted local backup.

  3. hi, I got the file from my IOS 11.3, but I can’t open it from the notepad, do we have another software to open the 398bc file??? I’m using win 10.

  4. Hi,
    I have the same issue, there is not a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b.
    The iOS version of my iPhone6 is 10.3.3. iTune version is 12.9.1.4.

  5. FYI this technique will no longer work for iOS 12 – Apple migrated the passcode (now called a “screen time” code) into the keychain – This is only stored in an encrypted backup, and needs a bit more effort to decrypt that keychain and then extract.

    I’ve update my free (and open source) program pinfinder to extract it for iOS 12; hopefully it helps some people: https://pinfinder.net/

    1. I suggest you try copy & paste the required data, the algorithm is correct, it does work. The only error possible is incorrect input.

      Failing that, you can copy paste the demo key & salt on this page to your iTunes backup then restore. Now your passcode is 0001

  6. hey! just wanted to thank you! worked on my old iPhone 5s! you my friend are a genius! much appreciated!

    Now … please tell me you have something like this for the lock screen passcode?
    I forgot my unlock code on my iPhone 6splus!

    I’ve held onto my old phones all these years just so I can get all the photos off the devices but have only just seen this and got into my 5s now I need to get into my 6splus

    it has a whole year of photos of my son when he was born up until he turned 1 and I don’t want to lose all those gorgeous photos and I have been looking for a year now on how to crack the passcode but have been unsuccessful with my hunt

    thank you again

    1. Were you using iCloud to backup Sarah? If so, you pix are available @ iCloud.com.

      If you weren’t using iCloud then I hope you backed up locally through iTunes on your computer, because there is no publically-accessible way through an iDevice screen lock code.

      You’re not going to save the actual photos on the phone. If you’ve backed up through either iCloud or iTunes, you can DFU wipe the phone then restore it from backup – which will return copies of all your baby snaps & everything else.

      If you didn’t backup your data at all, then this is your expensive lesson that many of us learn, hopefully just once.

      Backup all your data all the time. Storage is cheap, data loss is expensive. Backup, backup, backup.

  7. legend! it worked on my old 5s! you are a genius!
    now … got something like this that will work to crack my unlock passcode on my 6sPlus? I forgot my passcode to get into the phone 🙁 not happy jan! please help meeeee

    1. You’ve forgotten the screen lock code on your 6S Plus? There’s no published method for cracking that, & the existing commercial applications (GrayKey) are expensive ($US15k) & limited to law enforcement purchasers. All of which is no help to you.

      Do you have an existing back up for that phone? Like, did you connect it to iTunes & tell it to backup locally?

    1. Thats because you’ve already created an encrypted backup on that computer. Apple assume that you’re only going to want to continue with encrypted backups so they lock the option.

      I’m not certain of the way to change this in iTunes. It could be as simple as moving your encrypted backup folder out of the iTunes storage folder. Another workaround is to download my favourite iTunes substitute, iTools, & backup with that. 3uTools or iMazing are two other apparently capable iTunes replacements although I haven’t tried them personally.

      Let me know how you get on!

  8. Amazing, works well, thanks go out to you and the people who helped you, you really saved me from formatting and manually putting 120gig worth of data back manually, pheeeewwww.

  9. Hey, will it’s still work with others devises such as ipads or iPods? My brother somehow locked himself out of many things with restrictions so I wasn’t hoping to see if it could crack the code for his iPod.

    1. I miss just wondering because I felt bad when he told me and I feel bad now for searching online and getting nothing 😓

  10. I have Iphone 6 plus with iOS 11.4, not JB’d. In the folder you mentioned above I can not find the file named “398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b”
    Any help please?
    Thank you in advance!

    1. Have you actually backed the iPhone up locally? Is there a MobileSync\Backup folder full of other stuff? I suspect that’s the reason for no 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40 file.

      1. Of course i backed up the iPhone using iTunes and i have locally MobileSync\Backup folder full of other stuff, but I do not have file 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40 ?

        1. Hmm, ok, I’d like to have a look at this. A basic way would be for you to screenshot that folder & email me the image.

          The more effective way would be through an AnyDesk remote desktop connection – AnyDesk is free, secure & real easy to use.

          You’re about 10 hours behind my clock here, so your 8pm is 10am for me. I’m good for connecting around then.

  11. Hi,
    I lost my access people of my spare 4S (iOS9.3.5) for two years already, reached to your page is such a encouragement and hope to me,

    However, when I finally put in the correct commands,
    It showed as 0001 was my access pw n which is not…another 5mins lock…

    I tested with my 5S (11.4), the password cracker just skipped my correct access pw…

    Is there anyway to solve this out?

    1. If you copy/paste the Key & Salt data correctly, then this utility will give you the correct answer. Apple use 1 algorithm to encrypt the Restrictions Passcode on all iDevices, every single one. Yours is no different.

      If this cracker works on one iDevice (it obviously does) then it works on all of them.

  12. It got the wrong passcode for me. However it seems reliable. It said my restrictions passcode was 4921, but when I put it in it doesn’t work 🙁

    1. There’s an error in your input then Adam, check your data & try again. You see, the thing is that it can’t work for some & not for others. It’ll work.

  13. Awesome! Worked great for my wife’s iPhone running 10.3.3 when she somehow enabled restrictions but didn’t remember the restrictions pin. Thanks a ton!!!

    1. I’ve got an iPhone SE here, I’ll update the iOS & check the passcode recovery today.
      (edit)
      OK Don, I’ve just run a Restrictions Passcode recovery on 10.3.2 – data recovered from backup was:
      Key – lyRr+z1GX1SlnLFrkSQHwHBL2HU=
      Salt – x2TdPg==
      For which the Passcode Cracker returned the correct response – 1024

      I suggest that you might want to read the instructions again, or try copy/paste the Key/Salt data instead of typing it in.

      1. it not working,my iphone is ios 10.3.2
        key:fFbM5Es6tdxoploS4hnjdPZErAs=
        salt:HQhVKg==
        can you check for me please?

        1. Is the data you’ve entered copy/paste Joni? I’m running a check myself now, but by far the most recurrent cause of failure is that the Key or Salt has been transcribed incorrectly. Lower L for upper i, zero for upper o, that type of thing. If the input isn’t true, no calculation will reveal the correct answer.

          You can however cheat. Take the example Key / Salt data I provide in the instructions, paste that over your existing Key / Salt pair in your backup, then save that file. Now wipe & restore your I device. Unlock your Restrictions Passcode with 0001.

  14. Hi, I’m having trouble cracking the password of my Ipod Touch A1367 with iOS 6.1.6. I can’t find any file named 398bc9c… I placed the restriction on my iPhone 6 and made the back up, then tried again and I did find the file, so I guess the obstacle is iOS 6.1.6. Can you help me retrieve my restriction password or do you know of anyone who can?

  15. It worked for me! Iphone 4 ios 7–I had 10 failed attempts, one more and the phone would have been wiped clean! Thank you!!!

    1. Hi James – I’ve just successfully completed a passcode recovery on an iPhone 6S running 10.2.1. Maybe try it again & if you still can’t make it work then post another comment detailing the steps & we’ll see what can be done to help.
      (PS: You can always replace your existing key with M/p4734c8/SOXZnGgZot+BciAW0= & salt with aSbUXg== and then restore to your iDevice. Use 0001 to unlock)

  16. How can it be possible that I have a password protected backup to which I remember the password. But when I connect my 5 and try to turn off the password protection it says wrong password, BUT when I backup from this copy using another phone – it takes the password no problem and starts the process! How do I turn off the password protection for my connected 5?

    1. Probably the simplest way Bill is to do a full wipe/restore process. You could try it first by just doing a standard wipe – Preferences / General / Reset / Erase All Content & Settings then restoring from your local backup. If it chokes on that, put your iPhone into DFU mode first then connect to iTunes which will install a fresh OS & then do your restore from backup.

      PS: What is it with you & iPhone passwords?

  17. Excuse me . I find encrypt iphone backup and its selected so i try to unselect and it ask me passcode of backup which passcode I’ve to write iCloud, iPhone unlocking passcode. Idk I try both of them but passcode is wrong can you help me

    1. So you don’t know your Restrictions passcode or your Encrypted Backup passcode? You need to use a computer that has already had iTunes contact with your iPhone, a computer that “knows” your iDevice. I’m pretty sure you’ll be able to switch the Encryption option off without passcode then. If you haven’t got that, then I’d say you’re staring down the barrel of a full wipe & reset. If you’ve been using iCloud to backup, most of your data will return.

  18. Hello i want to hack restriction passcode and followed your instructions and I’m opening the file with notepad and I can’t understand what is written in there I can’t find any word smth like RestrictionsPasswordKey M/p4734c8/SOXZnGgZot+BciAW0=
    RestrictionsPasswordSalt aSbUXg== please help me asap. Btw I don’t understand what is encrypted and unencrypted explain me that also please

    1. If your file is written in plain English, it’s not encrypted. If, however, it’s garbled – full of odd characters & utterly unreadable then it’s encrypted. The easy way to tell is the window pane in iTunes where you define Local or iCloud backup. There’s an Encrypt Backup option there. If it’s selected, then you need to unselect it and re-run your backup.

  19. It worked!
    I’m pretty excited. My dad forgot the restrictions passcode, and now that I’m 17 I convinced him to take it off my iPod. He had forgotten it, and I thought I would be stuck with a restricted device, or have to completely reset it. The passcode ended up being something so random that I’m not surprised he couldn’t remember it.

    1. Try connecting your iDevice to your computer, fire up iTunes & back your device up locally, not to iCloud. (Make sure the Encrypt Backup option is NOT checked.)

      That’ll create the MobileSync folder & all it’s contents.

    1. Yes, read this page & follow the instructions. That’ll have you sorted in no time. (It doesn’t matter who set the password, the iDevice has no knowledge of that. The important thing is that the password is lost & needs to be recovered.)

  20. no, not that time. But I have the computer that was synced with the phone. So I need the way to get my screen passcode using my restrictions code which I remember.

            1. There’s a way through this, somehow. I haven’t had an iDevice for over a year now so I need to find some time to think it through. I’ll get back to you. The old iOS helps though.

                1. Yeah Bill, because you’ve got your original computer that the iPhone synced with, it should do a local backup without needing the screen to be unlocked.

                  Because it’s not an encrypted backup you’ll be taking, it won’t bring your security options with the backup – no passwords, no keychain etc.

                  Then, after it’s backed up to your computer (check the backup folder for size to be sure), you can go through the process of saving your shsh blobs & re-installing your existing iOS (I think that’s available to you) – if you want to be bothered with such an effort to get a well-outdated OS back on board.

                  Look at ih8sn0w’s excellent tools iReb, iFaith & Sn0wbreeze to achieve that work, on ih8sn0w.com. You can trust his products too, the man is an iOS guru.

  21. I remember my restrictions code but I can’t remember my screen lock passcode. Can I use it somehow to remind me a screen lock one?

    1. Sorry Bill, that’s a whole other implementation. The screen code isn’t, as far as I’m aware, available in such a manner.

      You’ve got me thinking though…

        1. Well Bill, you can just put your iPhone into Recovery or DFU mode & reinstall iOS through iTunes. Choose a new screen security code & try your hardest not to forget it.

  22. Hi, great tool but it didn’t work for me. My key is ruIBezCrx1PA11Su0rtccFPX2RU= and the salt is1yFP/w==

    1. Did you copy/paste the Key & Salt? Or type it in? Because there’s not room for failed results, input correct Key & Salt, iterate through the possibilities, ka-ching.

      Anyway, see my reply to msoulz above for the alternative solution.

      1. Hello again, I originally typed it in but made a mistake. After I copied and pasted the info, it worked perfectly. THANK YOU very much for your help!

  23. Sorry, I forgot to say thanks!! Didn’t work for me but I appreciate that you put this out there.

    1. I emailed msoulz with the alternative workaround for this issue – replacing his Key & Salt data in his backup with the demo data in this post, saving the file then restoring the iPhone from backup & using 0001 as the passcode. It works.

  24. Interesting – it gave me the passcode that I thought it was, and have been entering all along, and it still didn’t work. Must be a phone issue.

  25. I look after a bunch of iPads and the restrictions code on a number was unknown (lost in history and staff change). Took a while to locate the right file but when i did the cracker sorted the problem. Saved me a heap of rebuilds…. big thanks!

    1. No, I leave performance enhancement in users hands. If you want the answer 5x faster, open 5 tabs & set the start correspondingly.

      Not the worst idea I’ve ever heard though, maybe I might find time for this

talk to us... tell it your way

This site uses Akismet to reduce spam. Learn how your comment data is processed.