iOS passcode hack / passcode cracker

Lost/forgotten your iOS7/8/9/10 iDevice Restrictions Code? Yeah, so had I, on my 32GB iPod Touch A1421. What a PIA, there’s no remote recovery option for that one. Stink. What I needed was an iOS Restrictions Passcode Cracker.

Without an iOS Restrictions Passcode Cracker, I was looking at a full iOS update/restore to rid the pesky forgotten code. The official word from the manufacturer was not good –

If you forget your Restrictions passcode, you need to erase your device, then set it up as a new device to remove the Restrictions passcode. Restoring your device using a backup won’t remove the Restrictions passcode.( source: Apple.com)

I’d lose my jailbreak & be forever pissed that a simple 4-digit code beat me. *shakes fist at sky* You could train a monkey to find the passcode – eventually. Probably end up with monkey spit all over your iDevice too, but that’s another story.

Look, recently Apple has shown that they can apply excellent security to protect their products (iCloud from iOS 7.1.2 on for example). Often though, they leave a hole so wide you can drive a truck through it. (rm /var/db/.applesetupdone anyone?)  One of their repeated shortcomings is to limit passcodes to a maximum of 4 digits – thereby reducing the possible target range to a maximum of 10,000 (0000 – 9999, your answer is somewhere in here.) By itself, this is not secure protection.

Apple obfuscate the Restrictions Passcode with pbkdf2-hmac-sha1 encryption, leaving a string of garbled text that requires decryption to be of any use. So, the process is – find the string, copy it, crack the encryption, pr0fit!!

Let’s Get Cracking!

If you have a Jailbreaked device, and therefore root-level access to the file system, search for com.apple.restrictionspassword.plist, using either iFile from the device or a PC tool like iTools or iFunbox. Open the .plist, copy the RestrictionsPasswordKey data and RestrictionsPasswordSalt data then paste it into the relevant form boxes below.

If your iDevice is not JB’d, then you need to extract the string from an unencrypted iTunes backup. Windows users can find your backup folders here: – %SYSTEMDRIVE%\Users\*Your Username*\Appdata\Roaming\Apple Computer\MobileSync\Backup\Long Random Number\ and on Mac – ~/Library/Application Support/MobileSync/Backup/

Inside the folders there’s a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b – this contains the encrypted data string that we need. Open the file with a simple text editor like Notepad to expose data that reads like this:

RestrictionsPasswordKey M/p4734c8/SOXZnGgZot+BciAW0=
RestrictionsPasswordSalt aSbUXg==

So the required data is:

Key: M/p4734c8/SOXZnGgZot+BciAW0=
Salt: aSbUXg==

The Magic:

Simply copy/paste the two strings into the relevant form boxes below. (Really, copy/paste – it’s too easy to make a mistake transcribing manually) Next, hit the blue Crack It button & wait til it iterates through the possibilities. You can select your preferred range – if you know for sure that your lost passcode didn’t start with 00, for example, then enter 1000 in the Starting box.

Pro Tip:

Use a very analog version of distributed computing to decimate the time required to crack your iOS Restrictions Passcode. Open a bunch of browser tabs with this page loaded in each. Divide 10,000 (total passcode range) by the number of tabs you have open – say 5 tabs – that’s 2000 attempts/window. (I know, math was obviously my strong subject at school)
Set the Starting Passcodes at 0000, 2000, 4000, 6000, 8000, then hit the blue button in each tab. Your time saved is dependent on which tab finds the answer. If it’s the first tab, no time saved, sorry ’bout it. But if it’s the last tab – say 9000, then you’ve only calculated 1000 passcodes to get to an answer that’s revealed after 8999 guesses in a single-iteration system. Quantified, at 4 attempts/sec, your answer is revealed in just over 4 minutes, whereas the single tab approach wont reveal the solution for over half an hour yet.

Either way, soon enough, your Restrictions Passcode will be revealed.  This is not a maybe solution, if you’ve entered the Key & Salt data correctly then this app will find the answer. \0/

NB: This is a private transaction. No data is transmitted from this page. All the work is done in your browser by Crypto.js

iOS Passcode Cracker


This page would not exist without the work of Hashcat and John The Ripper.  You want cracking skills? Go visit them.

Do you like that? Did it work for you? Please leave a comment, tell me about it.

210 thoughts on “iOS passcode hack / passcode cracker

  1. No, I leave performance enhancement in users hands. If you want the answer 5x faster, open 5 tabs & set the start correspondingly.

    Not the worst idea I’ve ever heard though, maybe I might find time for this

    View Comment
  2. Thank you so much, you were very helpful and aft several attempts I could finally solve the problem!!!

    Congratulations also for being so good.

    Maurizio

    View Comment
  3. This was my bad, I didn’t check everything everywhere on the site after a WordPress update a few days before. User comments like this one alerted me to the problem – which is now solved.

    View Comment
  4. hello 1024kb,
    i just left the message to you that i’ve tried long time but it just didn’t work on my iphone.But now it worked!!! i used chrome before but it didn’t show anything. i change to ie and it starts running and i finally found my code! Really really really thank you so much to create this magical cracker!!!!!!

    View Comment
  5. Dear 1024kb
    i’ve read the article and comments that this magical code worked on their iphone, but i’ve tried and waited, it doesn’t show any pins… don’t know which part is wrong:(
    RetrictionPasswordKey is: 5g3MCwnUAIjaV4M65n0sS7hM+KE=
    RestrictionPasswordSalt is: e+ZLGw==
    I will be glad hearing back from you.

    View Comment
  6. Thanks, worked like a charm! I was contemplating erasing my content and starting from scratch until, it asked me for the restrictions password and i found your page!

    View Comment
  7. I LOVE YOU GUYS TOO. THANKS A LOT!!!

    Was unable to download the starboy (explicit) song due to restrictions. You guys helped a lot!!! and loved the message that went ‘ahem! your passcode is xxxx”

    God bless you!

    View Comment
  8. Hi Ive tried 2 different site this is my third attempt. Its not working….
    My
    RetrictionPasswordKey is: 5072F8NSDONbOQ9+sxudb5Q6K4Y=
    RestrictionPasswordSalt is: AeDJlw==

    Please help when you can.
    Thanks

    View Comment
  9. Awesome. Took a few hours, but finally got there. It was my daughter’s iPhone and we have no idea who entered the passcode. First we needed to de-encrypt a backup. The password ended up being the icloud password with a lowercase first letter. We never entered that. After getting to the com.apple.restrictionspassword.plist using iPhone Backup Extractor, you managed to crack the passcode in a few minutes. No one recognized the passcode, so it was probably entered accidentally.

    View Comment
  10. This is amazing. To speed things up I opened multiple tabs and ran them simultaneously. First tab was 0000 through 0999. Second was 1000 through 1999 and so on. Thought that might help save time

    View Comment
  11. Wow! This is great! Apple advised me to reinstall the iPhone as a new one…….with losing of all the data. You are my heroes with this solution.
    The code was very strange. I never entered that code in my iPhone.

    View Comment
  12. You don’t need to figure it out Mandy. The automated process here will do that for you.

    You tried 100 times? Wow. There’s 10,000 possible combinations between 0000 & 9999. Enter the required information then leave the cracker to work it out for you. It might take a wee while but it will get the answer.

    View Comment
  13. THANK YOU!!!!! I wish I would have found this site a LONG time ago…..I’ve spent hours trying to find a way to recover my restrictions passcode! Your instructions were right on and I have no IT experience. I’m not even sure why I picked that password either?!

    View Comment
  14. Thanks so much! I don’t know why Apple doesn’t have a password reset, but this was a lifesaver. One of my kids must have changed the password, because after seeing it I have no idea where it came from. Thank you, thank you, thank you!

    View Comment
  15. Oh man, I was so frustrated that I have been backing up and restoring my iPhone for three devices now and then suddenly noticed this restrictions password that I had forgotten from 2012. I tried to guess, but to no avail. I figured Apple would help. I talked to a Apple agent who said that he could not help. That is a seriously stupid legacy thing. If you can unlock your phone and prove you are over 18 why the heck could they not help you recover the password? I expressed my frustration and was so frustrated that I would have to do a factory restore and then add back all my apps from a stupid list and then memorize and reset every setting to they way I had it. Stubbornly I did a search for “iOS restrictions password crack and this was the 2nd item on the list. THANK YOU SOOO MUCH for building this. You are saving huge amounts of people’s time so they could be just enjoying life:-)

    View Comment
  16. Oh hey, I’ve had this problem for bloody ages! My friend told me about your site and boom! my iPhone is de-restricted!

    Thanks man!

    View Comment
  17. Someone help me…. please. Didn’t anyone teach you manners?

    You didn’t hit the PayPal button – there isn’t one. So you’re asking for a favour, not purchasing anyone’s time.

    I’m running your Key/Salt now, have been for 12 hours or so.

    View Comment

talk to us... tell it your way