iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker works on all iDevices running iOS 7 – 11.

NB: With iOS 12, Apple moved the Restrictions Passcode into the Keychain, meaning this service is no longer effective against iDevices on iOS 12 and higher. I know, sad isn’t it?
 
Nothing for you to worry about, your new solution is Pinfinder, a small, downloadable freeware cross-platform utility that will recover your Restrictions Passcode from an iOS 12+ backup. Easy & effective.
 
Forgotten your iOS Restrictions Passcode? Yeah, so had I, on my 32GB iPod Touch A1421. What a PIA, there’s no remote recovery option for that one. Stink. What I needed was an iOS Restrictions Passcode Cracker to remove the Restrictions Passcode.
 
Without an iOS Restrictions Passcode Cracker, I was looking at a full iOS update/restore to rid the pesky forgotten code. The official word from Apple was not good –
 
If you forget your Restrictions passcode, you need to erase your device, then set it up as a new device to remove the Restrictions passcode. Restoring your device using a backup won’t remove the Restrictions passcode.(source: Apple.com)
 
I’d lose my jailbreak & be forever pissed that a simple 4-digit code beat me. shakes fist at sky You could train a monkey to find the passcode – eventually. End up with monkey spit all over your iDevice too, but that’s another story.
 
Look, recently Apple has shown that they can apply excellent security to protect their products (iCloud from iOS 7.1.2 on for example). Often though, they leave a hole so wide you can drive a truck through it. (rm /var/db/.applesetupdone anyone? Or resetpassword even?)
 
One of the repeated shortcomings of technology in general is to limit PIN passcodes to 4 digits – thereby reducing the possible target range to a maximum of 10,000 (0000 – 9999, your answer is somewhere in here.) This shortcoming affects your bank PIN, Android device, TV lock code, and Apple too. By itself, this is not secure protection.
 
Apple have no record of Restrictions Passcodes via the Apple ID mechanism, therefore the passcode data is on your device, right? Well obviously it is. Let’s find it. Where should you look? In an unencrypted iTunes backup, that’s what backups are for – storing data from a device.
 
It’s public knowledge that Apple obfuscate data  with the pbkdf2-hmac-sha1 encryption, leaving a string of garbled text that requires decryption to be of any use. So, the process is – find the string, copy it, crack the encryption, pr0fit!!
 
Let’s Get Cracking!
 
If you have a Jailbreaked device, and thus root-level access to the file system, search for com.apple.restrictionspassword.plist, using either iFile from the device or a PC tool like iTools or iFunbox. Open the .plist, copy the RestrictionsPasswordKey data and RestrictionsPasswordSalt data then paste it into the relevant form boxes of the iOS Restrictions Passcode Cracker below.
 
If your iDevice is not JB’d, then you need to extract the string from an unencrypted iTunes backup. Windows users can find your backup folders here: – %SYSTEMDRIVE%/Users/*Your Username*/Appdata/Roaming/Apple Computer/MobileSync/Backup/Long Random Number/ and on Mac ~/Library/Application Support/MobileSync/Backup/
 
Inside the folders there’s a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b – this contains the encrypted data string that we need. Copy that file name & use your OS Search function.
 
Found it? Good. Now open the file with a simple text editor (ie Notepad) to expose data that reads like this:

RestrictionsPasswordKey      M/p4734c8/SOXZnGgZot+BciAW0=
RestrictionsPasswordSalt     aSbUXg==

So the required data is:

Key: M/p4734c8/SOXZnGgZot+BciAW0=
Salt: aSbUXg==

The Magic:

Simply copy/paste the two strings into the relevant iOS Restrictions Passcode Cracker form boxes below. (Really, copy/paste – it’s too easy to make a mistake transcribing manually) Next, hit the blue Crack It button & wait til it iterates through the possibilities.

You can select your preferred range – if you know for sure that your lost passcode didn’t start with 00, for example, then enter 1000 in the Starting box.

NB: This is a private transaction. No data is transmitted from this page. All the work is done in your browser by Crypto.js

iOS Passcode Cracker

Pro Tip:

Use a very analog version of distributed computing to decimate the time required to crack your iOS Restrictions Passcode. Open 5 browser tabs with the iOS Restrictions Passcode Cracker loaded in each.  Set the Starting Passcodes at 0000 (default), 2000, 4000, 6000, 8000, then hit the blue button in each tab.

Your time saved is dependent on which tab finds the answer. If it’s the first tab, no time saved, sorry ’bout it. But if it’s the last tab & the answer is 9000, then you’ve only calculated 1000 passcodes to get to an answer that’s revealed after 9000 guesses in a single-iteration system. Quantified, at 4 attempts/sec, your answer is revealed in just over 4 minutes, whereas the single tab approach wont reveal the solution for well over half an hour yet.

Either way, soon enough, your iOS Restrictions Passcode will be revealed.  This is not a maybe solution, if you’ve entered the Key & Salt data correctly then this app will find the answer.

This page would not exist without the work of Hashcat and John The Ripper.  You want cracking skills? Go visit them.

Did you like that? It worked for you? Please leave a comment, tell me about it.

252 thoughts on “iOS Restrictions Passcode Cracker

  1. Thanks for this I spent hours trying to figure out how to find this site. It is currently running but I know it will work. Gets my stepson out of trouble with his mom for setting the code.

  2. This is hilarious, i’ve been searching for a way to crack this for hours, wasted almost a whole day.
    Many thanks my friend.
    I can’t stop laughing.

  3. You are the bomb!!!! with your page and iphone backup extractor We fixed my husbands phone!!! Thank you so so so very much!!!!!!!

  4. Fantastic. Took about 3 minutes – though it took me 4 hours to work through the garbage and find this site!

    1. Where are you looking, Dimo? Mac or PC? I take it you can’t find the iTunes backup folder that contains the file holding the key/salt data?

        1. Then my best guess is that you’ve got backups for several iDevices there & you’re looking in the wrong folder. If the iDevice has a Restrictions Passcode lock, the corresponding 398bc9c… file will be created during backup.

          If looking in the other folders proves fruitless, maybe try clearing the main Backup location by moving all the existing individual backup folders to a temporary location, then run your iTunes backup procedure again. I think you’ll find it then.

    1. You are a cracker, not hacker. Either way, be proud – you took on a crippling digital problem & won. That’s cool.

  5. Hi i keep on getting no result
    Password Key: 1q3IL+48mFXZtbeBOZA4gdq1Ips=
    Password Salt: xwg7MQ==
    Thanks.

    1. Hi Grace, how did you obtain the key & salt? Did you copy straight from an iTunes backup & paste directly into this page?

      1. I have the iPhone 6s running the newest software.
        I typed the key and salts in and the mistake was a zero instead of an O in the key.
        After fixing this it worked perfectly! Thank you!

  6. Tanks i mistyped the passcode while setting it (i’m not used to the ipad’s touch screens).
    you saved me. Thank you a lot

  7. This website is awesome, but I recommend to add the full path on windows itunes backup for the restrictionspasscode.plist

    1. Yeah, that did cross my mind a while ago. Thanks for the reminder, I’ll get it done right now. Cheers.

  8. Lifesaver. Thank you. I’ve been working on this for what seems like forever. I could not find the 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b file and have no idea why. I double checked the file location, backup dates, etc. What I ended up doing was using the iPhone Backup Extractor to generate all of the plist files from my backup. Then I found the com.apple.restrictionspassword.plist file and used Xcode (Mac property list editor) to read it. I entered the salt and key into your program and it did not find the key. Then I realized the key and salt were not in the right format, so I used text editor to open the plist file instead. This finally produced the proper key and salt, I put it into your form, and viola, I finally have my long lost password. You also helped me realize that my initial backup was not working because I had it encrypted. Thanks again for the help.

    1. Really? There’s only one possibility causing the error then. You see, if the algorithm employed here works with any iDevice Restrictions Passcode, it’ll work with them all. There’s nothing so special about your iPod Touch that will cause this solution to fail. There must be an input error somewhere.

      Do you have backups for more than 1 iDevice stored on your computer? That may be the cause right there, decrypting the wrong hash.

  9. It is not working i tried copying it down and conecting it to my ipod(ios 9.2.1) but it did not work

  10. I am sorry
    i read it
    but i am chinese my english is poor
    i don’t know how to crack the encryption so sad T-T

    1. iTunes
      See the image above – taken from iTunes. Make sure your backup settings match the settings you see there – backup to your PC, encryption NOT selected.
      After backup has run, track down your key & salt, come back here, pr0fit!

      1. I really appreciate your
        The original question here

        I find my password

        Thank you again
        THANK YOU A LOT

  11. can I ask one question
    I open the file it also garbled
    I don’t know how to open it in english?
    DO you have article to teach how to open it ?
    thank you very much

    1. Yes, there’s an article on this page. I’m picking your iTunes backup was done with the encryption option selected. Redo the backup, this time with encryption turned off. Grab your key & salt, come back here, pr0fit.

  12. I also followed all the steps you provided and the file stated to contain the restriction pass code salt and key was missing

    1. You found the backup itself alright, just missing the key & salt file? Are you sure you looked in the correct device backup folder? Have a look in any other folders in the backup folder, see what you can find.

      ‘Cos if there’s no key & salt reference, then there’s no Restrictions Passcode been set. Digital data is like that, just is.

  13. sorry for the miscommunication. I recently backed up my ipad mini 2 on itunes on a windows computer.

  14. Everything was running smoothly until i couldn’t find the 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b file. :O please help i’m really frustrated about this >:C

    1. What do you mean you couldn’t find the file? Did you backup your iDevice on a Windows or Mac computer?

  15. my key is 251CD2BDE1A882E4023652B08DB9F21B3AEE823B
    and salt is 2F43DA50

    And i am unable to find password.

    Please help

    1. There’s something wrong with your input data. That Salt derives a key with the last character being =

      It’s also very strange to see a Key consisting of numbers & upper case letters only, with no lower case & no special characters. How did you extract the data? From a jailbroken iDevice, PC iTunes backup or Mac iTunes backup?

  16. The actually backup with pc do not work and there is only one in iCloud. Can I find the code in iCloud too???

    1. Doreen, your local PC backup has the Encrypt option selected. The advantage of this is that it retains your passwords in the protected backup & restores them along with the rest of your data.

      Of course the encryption obfuscates the two vital data chunks that you need to crack your Restrictions passcode. So your workaround is to do a fresh backup through iTunes (or, my preference, iTools) but this time, ensure that the Encrypt option is deselected. Run your backup, find your hash & salt, come back here, pr0fit!

      1. Nor iTools neither iTunes wants to back up???? Telling me that IPad is locked and I should put in code first. Have an idea what I could do???

        1. Doreen, do you have a 4-digit screen lock on your iPad? You can’t access any actual iPad functions?

          This is not a lock screen bypass. It’s a solution for a forgotten Restrictions code, set from further inside the iPad. You need access past the lock screen to make use of this solution.

        2. Yes, a Four digit lock screen. And this one I forgot. Do you have any idea what I could do??? Thank you!

        3. Yes, I do. You can do a DFU reinstall which will wipe all your existing data from the iPad & upgrade it to the latest iOS – 9.2.1 I think.

          On completion of the reinstall, you will need to activate the device by providing the Apple ID username & password that the device is currently associated with. In rare cases this is not necessary, confirm it by going to http://www.icloud.com/activationlock & entering the serial number from the back of your iPad.

          DFU is best achieved while connected to your PC. Turn the iPad off, then back on. Keep holding the power button. When you see the Apple logo, press & hold the Home button also. The logo will disappear, leaving a blank screen. Release the power button. Count 3 seconds. Release Home button.

          Now start iTunes, which will identify the device attached & download the correct .ipsw file before doing the full, fresh reinstall.

  17. I can not find my backup on my Windows 10 pc at all ???? And an old one gave me just weird letters in Word. Can you help me please?

  18. Great app! I went to the Apple store and they couldn’t help me. This process found it within minutes. Extremely grateful!

  19. I don’t have a computer so I can’t do any if this can u tell a way I can get into whatever u r talking about without a computer or iCloud

    1. Oh boy, there’s just so much wrong with this comment.
      Uhmm, you do have access to a computer, right? (Because you likely used one to post here)
      If you don’t, it’s highly likely that a friend or family member has a computer & would be willing to assist you during this fairly quick process – 15 minutes should get your iDevice backed up so you can find the 2 codes necessary for this hack.
      Other than that, I’m sorry, we’re talking electronic files here, you do need a computer to read them. Having found this method and knowing it works, I haven’t actually bothered to create an alternative solution.

  20. Thanks a million! I had lost my passcode for about 18-24months. Just decided to push through looking for solution and your site was the final key! I was foxed initially as missed out a character at the beginning so it was useful to know that the key is 28 characters and salt 8 characters also I used the free edition of the iPhone back up extractor to get the file before I found your site – could only extract the .plist file but no further. Now I have the code. Thank you.

  21. I’ve spent 2 days on this and finally found your site. Thanks a lot buddy; worked like a dream…

  22. My Goodness i had to wait till 9129 but thank you so much for this!!!!!!! Have been locked out for almost a year now 🙁

  23. Forgot my father’s restriction code, managed to find it back via this hack. Thank you very much for saving me quite some hassle!

  24. This is all that pops up using wordpad:

    )™{YŠ•÷‘`õ; ”رk¡«B} %…ðó.n}Nä!òð{ƒRÃô9×5.”ÛÍÁŽ-oçÖÙ%j_^-/Èõ `¤m 6^QãLäÅ2 3MYÔ¯ý/Ââ¥MT’« ŸÊ…Œ%¯UÏ{®‘½YÄy*
    6ãçáG褏ØÀßKw¼¶
    ,­ý ªet¦Å½o?b°Eá>KTâösǝ¿»6Èç¨É(Ç·‹êð¬x~ýú×ñÆl=þ!¹£t¡oÓ0WvÁfïQÐ_ÛU㯎øh¬üùSÖRboÀH7+GK¹ÇxËT©É)^N„Q|çü·²4^Žš

    1. or this in note pad:

      ጃ⤛箙鵙閊釷ꀻ⊏뇘ꅫ䊫ꁽ̥渮乽⇤荻썒㧴㗗鐮췛軁漭훧◙彪帒ᠭ⼗젃৵ꑠꁭᰶ兞䳣엤′䴳푙ﶯ숯ꗢ呍ꮒᴟ龠藊谕ḥ喯篏᪮鄛봕쑙⩹̍辤샘䯟뱷ƶⰍʭ৽斪ꙴ뷅㽯戄뀔輏䬾珶鷇뮿젶꣧⣉럇ᛰ碬ﵾퟺ웱㵬⇾ꎹꅴ퍯地轶섙큑�躯걨識홓扒쁯㝈ʏ䜫ᕋ잹쭸꥔⧉乞冄轼ﳧ뜜㒲蹞š䡹勸䨇櫍ꨊ᢬⮜�輨䑎쿯襀쀜ℬ磅➢噛臓쳬践䖻벷饎⻏龎补㙡ﻑ

    2. No wonder you’re not getting the right response. That’s nothing like a correctly-formatted key or salt. You’re opening from an iTunes backup, yeah? Try backing up again, this time don’t password-protect the backup. Now hunt the Key & Salt, you’ll find them a lot less complicated this time.

      Once you have Key & Salt in the same format as indicated in my post above, paste them into my decoder. This time you should be successful.

      1. HOW DO YOU BACK UP W/OUT PASSWORD PROTECTION? I GET THE BELLOW FORMAT

        KEY:Àõ.ÞèÉÀ…´hl)R..µ.B
        SALT:É[øú

        1. Scroll down through these comments my friend, I posted a pictorial reply to this issue a few months back.

    1. Are you sure? I ask because it’s not a matter of if, it’s when – math is like that. So long as you’ve entered the key & the salt correctly, this page WILL return the correct answer, see Jack’s post below above.

  25. Wow, thanks. I didn’t actually think this would work. You saved my further frustration. Looking back, I don’t even know why I chose that passcode.

  26. LMFAOOOO!!! I am such an idiot. It was an O not a 0 in the “5105” in the key. It totally still works. I was sitting here thinking that Apple wised up and changed the hash algorithm.

  27. I tried this method with my phone. I put in the key and salt properly. I double and triple checked. It just wont work. It keeps going all the way through the 9999. The key is MVLpDTuaZB8AusJhiy5105fTozw= and the salt is KYNKRA==

  28. Thanks a lot for this great little tool! I was at first skeptical, having run through 9000+ numbers, but it pulled through with the correct code. So now I’ve fixed my phone.

    Sincerest thanks to the creator

  29. Fantastic, it worked! You can also find the key and salt in an iTunes backup, which are saved in ~/Library/Application Support/MobileSync/Backup. If you change to this directory in terminal, you can find what you need with this command:

    grep -r -i -C5 -H “restrictionsPassword” *

    Unbelievable how you can’t reset this password…

  30. Hi

    This site worked great for me as well. Thanks a lot!
    Spent a lot of time searching for a solution and trying different codes on the phone until I eventually found your site. Cracking took a while because my code was 8xxx. However, compared to the time spent before, this was negligible.

    thanks again,
    Lorenz

  31. Thanks for this tool
    its very important and powerful thing to do
    but there is solution easier with this tool to know passcode .
    its you change manually the line of restrictionpasswordkey in the source file to
    o6wIHm+ZwwsLaSXy02Up8m4mWec=
    and salt to
    7SLeBQ==
    and result of this is the passcode changed to 0000
    tested with ios 8.1 and edited with ifile

  32. Hello

    Just to say thanks – and a very big thanks – I recovered a forgotten Restrictions password via this site.

    Keep up the good work.

    Appreciated.

    R

Requesting an unlock code? Have you donated?

This site uses Akismet to reduce spam. Learn how your comment data is processed.