iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker works on all iDevices running iOS 7 – 11.

NB: With iOS 12, Apple moved the Restrictions Passcode into the Keychain, meaning this service is no longer effective against iDevices on iOS 12 and higher. I know, sad isn’t it?
 
Nothing for you to worry about, your new solution is Pinfinder, a small, downloadable freeware cross-platform utility that will recover your Restrictions Passcode from an iOS 12+ backup. Easy & effective.
 
Forgotten your iOS Restrictions Passcode? Yeah, so had I, on my 32GB iPod Touch A1421. What a PIA, there’s no remote recovery option for that one. Stink. What I needed was an iOS Restrictions Passcode Cracker to remove the Restrictions Passcode.
 
Without an iOS Restrictions Passcode Cracker, I was looking at a full iOS update/restore to rid the pesky forgotten code. The official word from Apple was not good –
 
If you forget your Restrictions passcode, you need to erase your device, then set it up as a new device to remove the Restrictions passcode. Restoring your device using a backup won’t remove the Restrictions passcode.(source: Apple.com)
 
I’d lose my jailbreak & be forever pissed that a simple 4-digit code beat me. shakes fist at sky You could train a monkey to find the passcode – eventually. End up with monkey spit all over your iDevice too, but that’s another story.
 
Look, recently Apple has shown that they can apply excellent security to protect their products (iCloud from iOS 7.1.2 on for example). Often though, they leave a hole so wide you can drive a truck through it. (rm /var/db/.applesetupdone anyone? Or resetpassword even?)
 
One of the repeated shortcomings of technology in general is to limit PIN passcodes to 4 digits – thereby reducing the possible target range to a maximum of 10,000 (0000 – 9999, your answer is somewhere in here.) This shortcoming affects your bank PIN, Android device, TV lock code, and Apple too. By itself, this is not secure protection.
 
Apple have no record of Restrictions Passcodes via the Apple ID mechanism, therefore the passcode data is on your device, right? Well obviously it is. Let’s find it. Where should you look? In an unencrypted iTunes backup, that’s what backups are for – storing data from a device.
 
It’s public knowledge that Apple obfuscate data  with the pbkdf2-hmac-sha1 encryption, leaving a string of garbled text that requires decryption to be of any use. So, the process is – find the string, copy it, crack the encryption, pr0fit!!
 
Let’s Get Cracking!
 
If you have a Jailbreaked device, and thus root-level access to the file system, search for com.apple.restrictionspassword.plist, using either iFile from the device or a PC tool like iTools or iFunbox. Open the .plist, copy the RestrictionsPasswordKey data and RestrictionsPasswordSalt data then paste it into the relevant form boxes of the iOS Restrictions Passcode Cracker below.
 
If your iDevice is not JB’d, then you need to extract the string from an unencrypted iTunes backup. Windows users can find your backup folders here: – %SYSTEMDRIVE%/Users/*Your Username*/Appdata/Roaming/Apple Computer/MobileSync/Backup/Long Random Number/ and on Mac ~/Library/Application Support/MobileSync/Backup/
 
Inside the folders there’s a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b – this contains the encrypted data string that we need. Copy that file name & use your OS Search function.
 
Found it? Good. Now open the file with a simple text editor (ie Notepad) to expose data that reads like this:

RestrictionsPasswordKey      M/p4734c8/SOXZnGgZot+BciAW0=
RestrictionsPasswordSalt     aSbUXg==

So the required data is:

Key: M/p4734c8/SOXZnGgZot+BciAW0=
Salt: aSbUXg==

The Magic:

Simply copy/paste the two strings into the relevant iOS Restrictions Passcode Cracker form boxes below. (Really, copy/paste – it’s too easy to make a mistake transcribing manually) Next, hit the blue Crack It button & wait til it iterates through the possibilities.

You can select your preferred range – if you know for sure that your lost passcode didn’t start with 00, for example, then enter 1000 in the Starting box.

NB: This is a private transaction. No data is transmitted from this page. All the work is done in your browser by Crypto.js

iOS Passcode Cracker

Pro Tip:

Use a very analog version of distributed computing to decimate the time required to crack your iOS Restrictions Passcode. Open 5 browser tabs with the iOS Restrictions Passcode Cracker loaded in each.  Set the Starting Passcodes at 0000 (default), 2000, 4000, 6000, 8000, then hit the blue button in each tab.

Your time saved is dependent on which tab finds the answer. If it’s the first tab, no time saved, sorry ’bout it. But if it’s the last tab & the answer is 9000, then you’ve only calculated 1000 passcodes to get to an answer that’s revealed after 9000 guesses in a single-iteration system. Quantified, at 4 attempts/sec, your answer is revealed in just over 4 minutes, whereas the single tab approach wont reveal the solution for well over half an hour yet.

Either way, soon enough, your iOS Restrictions Passcode will be revealed.  This is not a maybe solution, if you’ve entered the Key & Salt data correctly then this app will find the answer.

This page would not exist without the work of Hashcat and John The Ripper.  You want cracking skills? Go visit them.

Did you like that? It worked for you? Please leave a comment, tell me about it.

249 thoughts on “iOS Restrictions Passcode Cracker

  1. Uhmmm…can you please help me where do i start with this i mean i cant understand much but where can i get the key and salt?

  2. OMG!!! I have the same exact phone and problem!!!! I need HELP. I also don’t have the app store or anything 🙁

  3. Hi all, many thanks to Megabyte 1024kb, this iOS cracker is a cracker, cracked my iPhone in under 4 mins, spent 4 days looking at Itunes, YouTube, relentless web know it all’s, resets, re-resets master resets, OMFG total waste of time, HERE is where you need to be, that is all..:)

  4. My mom put restrictions on my phone and now i dont have the app store or anything. I need to reset the password because she forgot it. What is one that will work on an iphone 6s?

    1. It’s not the hardware that’s relevant, it’s the firmware that your i6S is running.
      To find out, go Preferences / General / About then look in the list there for Version. If the version is 11 or under, then follow the instructions on this page. If you’re running 12, then grab the download from Pinfinder. Either way, you do need to use iTunes to do a full, unencrypted local backup.

  5. hi, I got the file from my IOS 11.3, but I can’t open it from the notepad, do we have another software to open the 398bc file??? I’m using win 10.

make a comment...

This site uses Akismet to reduce spam. Learn how your comment data is processed.