iOS Restrictions Passcode Cracker
iOS Restrictions Passcode Cracker works on all iDevices running iOS 7 – 11.
NB: With iOS 12, Apple moved the Restrictions Passcode into the Keychain, meaning this service is no longer effective against iDevices on iOS 12 and higher. I know, sad isn’t it?
Nothing for you to worry about, your new solution is Pinfinder, a small, downloadable freeware cross-platform utility that will recover your Restrictions Passcode from an iOS 12+ backup. Easy & effective. Forgotten your iOS Restrictions Passcode? Yeah, so had I, on my 32GB iPod Touch A1421. What a PIA, there’s no remote recovery option for that one. Stink. What I needed was an iOS Restrictions Passcode Cracker to remove the Restrictions Passcode.
Without an iOS Restrictions Passcode Cracker, I was looking at a full iOS update/restore to rid the pesky forgotten code. The official word from Apple was not good – I’d lose my jailbreak & be forever pissed that a simple 4-digit code beat me. shakes fist at sky You could train a monkey to find the passcode – eventually. End up with monkey spit all over your iDevice too, but that’s another story.
Look, recently Apple has shown that they can apply excellent security to protect their products (iCloud from iOS 7.1.2 on for example). Often though, they leave a hole so wide you can drive a truck through it. (rm /var/db/.applesetupdone anyone? Or resetpassword even?)
One of the repeated shortcomings of technology in general is to limit PIN passcodes to 4 digits – thereby reducing the possible target range to a maximum of 10,000 (0000 – 9999, your answer is somewhere in here.) This shortcoming affects your bank PIN, Android device, TV lock code, and Apple too. By itself, this is not secure protection.
Apple have no record of Restrictions Passcodes via the Apple ID mechanism, therefore the passcode data is on your device, right? Well obviously it is. Let’s find it. Where should you look? In an unencrypted iTunes backup, that’s what backups are for – storing data from a device.
It’s public knowledge that Apple obfuscate data with the pbkdf2-hmac-sha1 encryption, leaving a string of garbled text that requires decryption to be of any use. So, the process is – find the string, copy it, crack the encryption, pr0fit!!
Let’s Get Cracking!
If you have a Jailbreaked device, and thus root-level access to the file system, search for com.apple.restrictionspassword.plist, using either iFile from the device or a PC tool like iTools or iFunbox. Open the .plist, copy the RestrictionsPasswordKey data and RestrictionsPasswordSalt data then paste it into the relevant form boxes of the iOS Restrictions Passcode Cracker below.
If your iDevice is not JB’d, then you need to extract the string from an unencrypted iTunes backup. Windows users can find your backup folders here: – %SYSTEMDRIVE%/Users/*Your Username*/Appdata/Roaming/Apple Computer/MobileSync/Backup/Long Random Number/ and on Mac ~/Library/Application Support/MobileSync/Backup/
Inside the folders there’s a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b – this contains the encrypted data string that we need. Copy that file name & use your OS Search function.
Found it? Good. Now open the file with a simple text editor (ie Notepad) to expose data that reads like this:
RestrictionsPasswordKey M/p4734c8/SOXZnGgZot+BciAW0=
RestrictionsPasswordSalt aSbUXg==
So the required data is:
Key: M/p4734c8/SOXZnGgZot+BciAW0=
Salt: aSbUXg==
The Magic:
Simply copy/paste the two strings into the relevant iOS Restrictions Passcode Cracker form boxes below. (Really, copy/paste – it’s too easy to make a mistake transcribing manually) Next, hit the blue Crack It button & wait til it iterates through the possibilities.
You can select your preferred range – if you know for sure that your lost passcode didn’t start with 00, for example, then enter 1000 in the Starting box.
NB: This is a private transaction. No data is transmitted from this page. All the work is done in your browser by Crypto.js
iOS Passcode Cracker
Pro Tip:
Use a very analog version of distributed computing to decimate the time required to crack your iOS Restrictions Passcode. Open 5 browser tabs with the iOS Restrictions Passcode Cracker loaded in each. Set the Starting Passcodes at 0000 (default), 2000, 4000, 6000, 8000, then hit the blue button in each tab.
Your time saved is dependent on which tab finds the answer. If it’s the first tab, no time saved, sorry ’bout it. But if it’s the last tab & the answer is 9000, then you’ve only calculated 1000 passcodes to get to an answer that’s revealed after 9000 guesses in a single-iteration system. Quantified, at 4 attempts/sec, your answer is revealed in just over 4 minutes, whereas the single tab approach wont reveal the solution for well over half an hour yet.
Either way, soon enough, your iOS Restrictions Passcode will be revealed. This is not a maybe solution, if you’ve entered the Key & Salt data correctly then this app will find the answer.
This page would not exist without the work of Hashcat and John The Ripper. You want cracking skills? Go visit them.
Did you like that? It worked for you? Please leave a comment, tell me about it.
Lifesaver. Thank you. I’ve been working on this for what seems like forever. I could not find the 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b file and have no idea why. I double checked the file location, backup dates, etc. What I ended up doing was using the iPhone Backup Extractor to generate all of the plist files from my backup. Then I found the com.apple.restrictionspassword.plist file and used Xcode (Mac property list editor) to read it. I entered the salt and key into your program and it did not find the key. Then I realized the key and salt were not in the right format, so I used text editor to open the plist file instead. This finally produced the proper key and salt, I put it into your form, and viola, I finally have my long lost password. You also helped me realize that my initial backup was not working because I had it encrypted. Thanks again for the help.
It was found but when i typed it on my ipod it was wrong.
Really? There’s only one possibility causing the error then. You see, if the algorithm employed here works with any iDevice Restrictions Passcode, it’ll work with them all. There’s nothing so special about your iPod Touch that will cause this solution to fail. There must be an input error somewhere.
Do you have backups for more than 1 iDevice stored on your computer? That may be the cause right there, decrypting the wrong hash.
It is not working i tried copying it down and conecting it to my ipod(ios 9.2.1) but it did not work
Certainly worked for my iPhone 6 running i0S 9.2.1 – many thanks!
awsum great.
it really works
thank you!!!! its been 2 years and never knew who to fix this!!!!!!!!!!
I meant HOW to fix this…. 🙂
OMG thank you thank you thank you so much i love this website it found my passcode!!
I am sorry
i read it
but i am chinese my english is poor
i don’t know how to crack the encryption so sad T-T
See the image above – taken from iTunes. Make sure your backup settings match the settings you see there – backup to your PC, encryption NOT selected.
After backup has run, track down your key & salt, come back here, pr0fit!
I really appreciate your
The original question here
I find my password
Thank you again
THANK YOU A LOT
can I ask one question
I open the file it also garbled
I don’t know how to open it in english?
DO you have article to teach how to open it ?
thank you very much
Yes, there’s an article on this page. I’m picking your iTunes backup was done with the encryption option selected. Redo the backup, this time with encryption turned off. Grab your key & salt, come back here, pr0fit.
I also followed all the steps you provided and the file stated to contain the restriction pass code salt and key was missing
You found the backup itself alright, just missing the key & salt file? Are you sure you looked in the correct device backup folder? Have a look in any other folders in the backup folder, see what you can find.
‘Cos if there’s no key & salt reference, then there’s no Restrictions Passcode been set. Digital data is like that, just is.
sorry for the miscommunication. I recently backed up my ipad mini 2 on itunes on a windows computer.
Everything was running smoothly until i couldn’t find the 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b file. :O please help i’m really frustrated about this >:C
What do you mean you couldn’t find the file? Did you backup your iDevice on a Windows or Mac computer?
Many thanks, this solved my problem!
my key is 251CD2BDE1A882E4023652B08DB9F21B3AEE823B
and salt is 2F43DA50
And i am unable to find password.
Please help
There’s something wrong with your input data. That Salt derives a key with the last character being =
It’s also very strange to see a Key consisting of numbers & upper case letters only, with no lower case & no special characters. How did you extract the data? From a jailbroken iDevice, PC iTunes backup or Mac iTunes backup?
If you add an = to your given key, the response is 9999
The actually backup with pc do not work and there is only one in iCloud. Can I find the code in iCloud too???
Doreen, your local PC backup has the Encrypt option selected. The advantage of this is that it retains your passwords in the protected backup & restores them along with the rest of your data.
Of course the encryption obfuscates the two vital data chunks that you need to crack your Restrictions passcode. So your workaround is to do a fresh backup through iTunes (or, my preference, iTools) but this time, ensure that the Encrypt option is deselected. Run your backup, find your hash & salt, come back here, pr0fit!
Nor iTools neither iTunes wants to back up???? Telling me that IPad is locked and I should put in code first. Have an idea what I could do???
Doreen, do you have a 4-digit screen lock on your iPad? You can’t access any actual iPad functions?
This is not a lock screen bypass. It’s a solution for a forgotten Restrictions code, set from further inside the iPad. You need access past the lock screen to make use of this solution.
Yes, a Four digit lock screen. And this one I forgot. Do you have any idea what I could do??? Thank you!
Yes, I do. You can do a DFU reinstall which will wipe all your existing data from the iPad & upgrade it to the latest iOS – 9.2.1 I think.
On completion of the reinstall, you will need to activate the device by providing the Apple ID username & password that the device is currently associated with. In rare cases this is not necessary, confirm it by going to http://www.icloud.com/activationlock & entering the serial number from the back of your iPad.
DFU is best achieved while connected to your PC. Turn the iPad off, then back on. Keep holding the power button. When you see the Apple logo, press & hold the Home button also. The logo will disappear, leaving a blank screen. Release the power button. Count 3 seconds. Release Home button.
Now start iTunes, which will identify the device attached & download the correct .ipsw file before doing the full, fresh reinstall.
I can not find my backup on my Windows 10 pc at all ???? And an old one gave me just weird letters in Word. Can you help me please?
Heaven sent. Thanks soo much
This worked perfectly!
Thank you!
Great app! I went to the Apple store and they couldn’t help me. This process found it within minutes. Extremely grateful!
confused, does this work for windows also?
If your iDevice is running Windows, then I guess it might. Or not.
I don’t have a computer so I can’t do any if this can u tell a way I can get into whatever u r talking about without a computer or iCloud
Oh boy, there’s just so much wrong with this comment.
Uhmm, you do have access to a computer, right? (Because you likely used one to post here)
If you don’t, it’s highly likely that a friend or family member has a computer & would be willing to assist you during this fairly quick process – 15 minutes should get your iDevice backed up so you can find the 2 codes necessary for this hack.
Other than that, I’m sorry, we’re talking electronic files here, you do need a computer to read them. Having found this method and knowing it works, I haven’t actually bothered to create an alternative solution.
Super works IOS 9.2 Thank you
太謝謝了 Thanks a lot.
Works brilliantly on 9.1 thank you so much!!!!!!!!!!!!!!
Thanks a million! I had lost my passcode for about 18-24months. Just decided to push through looking for solution and your site was the final key! I was foxed initially as missed out a character at the beginning so it was useful to know that the key is 28 characters and salt 8 characters also I used the free edition of the iPhone back up extractor to get the file before I found your site – could only extract the .plist file but no further. Now I have the code. Thank you.
I’ve spent 2 days on this and finally found your site. Thanks a lot buddy; worked like a dream…
Thanks a lot. Still works with IOS 9.0.2
Thanks for that info, I’ve updated the page title now.
I love you! Marry me.
Uhmm, yeah, OK.
This is even quicker than Tinder!
My Goodness i had to wait till 9129 but thank you so much for this!!!!!!! Have been locked out for almost a year now 🙁
Forgot my father’s restriction code, managed to find it back via this hack. Thank you very much for saving me quite some hassle!
This is all that pops up using wordpad:
)™{YŠ•÷‘`õ; ”رk¡«B} %…ðó.n}Nä!òð{ƒRÃô9×5.”ÛÍÁŽ-oçÖÙ%j_^-/Èõ `¤m 6^QãLäÅ2 3MYÔ¯ý/Ââ¥MT’« ŸÊ…Œ%¯UÏ{®‘½YÄy*
6ãçáGè¤ØÀßKw¼¶
,ý ªet¦Å½o?b°Eá>KTâösÇ¿»6Èç¨É(Ç·‹êð¬x~ýú×ñÆl=þ!¹£t¡oÓ0WvÁfïQÐ_ÛU㯎øh¬üùSÖRboÀH7+GK¹ÇxËT©É)^N„Q|çü·²4^Žš
or this in note pad:
ጃ⤛箙鵙閊釷ꀻ⊏뇘ꅫ䊫ꁽ̥渮乽⇤荻썒㧴㗗鐮췛軁漭훧◙彪帒ᠭ⼗젃৵ꑠꁭᰶ兞䳣엤′䴳푙ﶯ숯ꗢ呍ꮒᴟ龠藊谕ḥ喯篏鄛봕쑙⩹̍辤샘䯟뱷ƶⰍʭ৽斪ꙴ뷅㽯戄뀔輏䬾珶鷇뮿젶꣧⣉럇ᛰ碬ﵾퟺ웱㵬⇾ꎹꅴ퍯地轶섙큑�躯걨識홓扒쁯㝈ʏ䜫ᕋ잹쭸⧉乞冄轼ﳧ뜜㒲蹞䡹勸䨇櫍ꨊ⮜�輨䑎쿯襀쀜ℬ磅➢噛臓쳬践䖻벷饎⻏龎补㙡ﻑ
Plz backup with no encryption, dat might work
No wonder you’re not getting the right response. That’s nothing like a correctly-formatted key or salt. You’re opening from an iTunes backup, yeah? Try backing up again, this time don’t password-protect the backup. Now hunt the Key & Salt, you’ll find them a lot less complicated this time.
Once you have Key & Salt in the same format as indicated in my post above, paste them into my decoder. This time you should be successful.
HOW DO YOU BACK UP W/OUT PASSWORD PROTECTION? I GET THE BELLOW FORMAT
KEY:Àõ.ÞèÉÀ…´hl)R..µ.B
SALT:É[øú
Scroll down through these comments my friend, I posted a pictorial reply to this issue a few months back.
didn’t work at all just went from 0000-9999 and didn’t find it
Are you sure? I ask because it’s not a matter of if, it’s when – math is like that. So long as you’ve entered the key & the salt correctly, this page WILL return the correct answer, see Jack’s post
belowabove.im still trying it 🙂
Keep going, eventually you’ll get there.
YES! Awesome! Worked perfectly!
Cool, glad it helped, & thanks for commenting too.
Wow, thanks. I didn’t actually think this would work. You saved my further frustration. Looking back, I don’t even know why I chose that passcode.
LMFAOOOO!!! I am such an idiot. It was an O not a 0 in the “5105” in the key. It totally still works. I was sitting here thinking that Apple wised up and changed the hash algorithm.
I tried this method with my phone. I put in the key and salt properly. I double and triple checked. It just wont work. It keeps going all the way through the 9999. The key is MVLpDTuaZB8AusJhiy5105fTozw= and the salt is KYNKRA==
OMFG… thank you so much!
Hey thanks for the comment. I’m glad I could help.
How can you tell the code is right?
Really worked. Godsend. THANKS.
THANK YOU VERY MUCH!!!
ITS GREAT UTILITY AND HELPED ME OUT
Thanks a lot for this great little tool! I was at first skeptical, having run through 9000+ numbers, but it pulled through with the correct code. So now I’ve fixed my phone.
Sincerest thanks to the creator
Fantastic, it worked! You can also find the key and salt in an iTunes backup, which are saved in ~/Library/Application Support/MobileSync/Backup. If you change to this directory in terminal, you can find what you need with this command:
grep -r -i -C5 -H “restrictionsPassword” *
Unbelievable how you can’t reset this password…
Thank you sooooooooooooooooooooooooo much!
THANK U!
Stupid iOS should have an alternate way to recover the passcode!
Thanks a lot for this. It worked great.
Hi
This site worked great for me as well. Thanks a lot!
Spent a lot of time searching for a solution and trying different codes on the phone until I eventually found your site. Cracking took a while because my code was 8xxx. However, compared to the time spent before, this was negligible.
thanks again,
Lorenz
Wow, amazing work guys. Thanks so much!
Thanks for this tool
its very important and powerful thing to do
but there is solution easier with this tool to know passcode .
its you change manually the line of restrictionpasswordkey in the source file to
o6wIHm+ZwwsLaSXy02Up8m4mWec=
and salt to
7SLeBQ==
and result of this is the passcode changed to 0000
tested with ios 8.1 and edited with ifile
Thanks a lot bro, worked great.
Hello
Just to say thanks – and a very big thanks – I recovered a forgotten Restrictions password via this site.
Keep up the good work.
Appreciated.
R