iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker

iOS Restrictions Passcode Cracker works on all iDevices running iOS 7 – 11.

NB: With iOS 12, Apple moved the Restrictions Passcode into the Keychain, meaning this service is no longer effective against iDevices on iOS 12 and higher. I know, sad isn’t it?
 
Nothing for you to worry about, your new solution is Pinfinder, a small, downloadable freeware cross-platform utility that will recover your Restrictions Passcode from an iOS 12+ backup. Easy & effective.
 
Forgotten your iOS Restrictions Passcode? Yeah, so had I, on my 32GB iPod Touch A1421. What a PIA, there’s no remote recovery option for that one. Stink. What I needed was an iOS Restrictions Passcode Cracker to remove the Restrictions Passcode.
 
Without an iOS Restrictions Passcode Cracker, I was looking at a full iOS update/restore to rid the pesky forgotten code. The official word from Apple was not good –
 
If you forget your Restrictions passcode, you need to erase your device, then set it up as a new device to remove the Restrictions passcode. Restoring your device using a backup won’t remove the Restrictions passcode.(source: Apple.com)
 
I’d lose my jailbreak & be forever pissed that a simple 4-digit code beat me. shakes fist at sky You could train a monkey to find the passcode – eventually. End up with monkey spit all over your iDevice too, but that’s another story.
 
Look, recently Apple has shown that they can apply excellent security to protect their products (iCloud from iOS 7.1.2 on for example). Often though, they leave a hole so wide you can drive a truck through it. (rm /var/db/.applesetupdone anyone? Or resetpassword even?)
 
One of the repeated shortcomings of technology in general is to limit PIN passcodes to 4 digits – thereby reducing the possible target range to a maximum of 10,000 (0000 – 9999, your answer is somewhere in here.) This shortcoming affects your bank PIN, Android device, TV lock code, and Apple too. By itself, this is not secure protection.
 
Apple have no record of Restrictions Passcodes via the Apple ID mechanism, therefore the passcode data is on your device, right? Well obviously it is. Let’s find it. Where should you look? In an unencrypted iTunes backup, that’s what backups are for – storing data from a device.
 
It’s public knowledge that Apple obfuscate data  with the pbkdf2-hmac-sha1 encryption, leaving a string of garbled text that requires decryption to be of any use. So, the process is – find the string, copy it, crack the encryption, pr0fit!!
 
Let’s Get Cracking!
 
If you have a Jailbreaked device, and thus root-level access to the file system, search for com.apple.restrictionspassword.plist, using either iFile from the device or a PC tool like iTools or iFunbox. Open the .plist, copy the RestrictionsPasswordKey data and RestrictionsPasswordSalt data then paste it into the relevant form boxes of the iOS Restrictions Passcode Cracker below.
 
If your iDevice is not JB’d, then you need to extract the string from an unencrypted iTunes backup. Windows users can find your backup folders here: – %SYSTEMDRIVE%/Users/*Your Username*/Appdata/Roaming/Apple Computer/MobileSync/Backup/Long Random Number/ and on Mac ~/Library/Application Support/MobileSync/Backup/
 
Inside the folders there’s a file named 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b – this contains the encrypted data string that we need. Copy that file name & use your OS Search function.
 
Found it? Good. Now open the file with a simple text editor (ie Notepad) to expose data that reads like this:

RestrictionsPasswordKey      M/p4734c8/SOXZnGgZot+BciAW0=
RestrictionsPasswordSalt     aSbUXg==

So the required data is:

Key: M/p4734c8/SOXZnGgZot+BciAW0=
Salt: aSbUXg==

The Magic:

Simply copy/paste the two strings into the relevant iOS Restrictions Passcode Cracker form boxes below. (Really, copy/paste – it’s too easy to make a mistake transcribing manually) Next, hit the blue Crack It button & wait til it iterates through the possibilities.

You can select your preferred range – if you know for sure that your lost passcode didn’t start with 00, for example, then enter 1000 in the Starting box.

NB: This is a private transaction. No data is transmitted from this page. All the work is done in your browser by Crypto.js

iOS Passcode Cracker

Pro Tip:

Use a very analog version of distributed computing to decimate the time required to crack your iOS Restrictions Passcode. Open 5 browser tabs with the iOS Restrictions Passcode Cracker loaded in each.  Set the Starting Passcodes at 0000 (default), 2000, 4000, 6000, 8000, then hit the blue button in each tab.

Your time saved is dependent on which tab finds the answer. If it’s the first tab, no time saved, sorry ’bout it. But if it’s the last tab & the answer is 9000, then you’ve only calculated 1000 passcodes to get to an answer that’s revealed after 9000 guesses in a single-iteration system. Quantified, at 4 attempts/sec, your answer is revealed in just over 4 minutes, whereas the single tab approach wont reveal the solution for well over half an hour yet.

Either way, soon enough, your iOS Restrictions Passcode will be revealed.  This is not a maybe solution, if you’ve entered the Key & Salt data correctly then this app will find the answer.

This page would not exist without the work of Hashcat and John The Ripper.  You want cracking skills? Go visit them.

Did you like that? It worked for you? Please leave a comment, tell me about it.

266 thoughts on “iOS Restrictions Passcode Cracker

  1. It worked!
    I’m pretty excited. My dad forgot the restrictions passcode, and now that I’m 17 I convinced him to take it off my iPod. He had forgotten it, and I thought I would be stuck with a restricted device, or have to completely reset it. The passcode ended up being something so random that I’m not surprised he couldn’t remember it.

    1. Try connecting your iDevice to your computer, fire up iTunes & back your device up locally, not to iCloud. (Make sure the Encrypt Backup option is NOT checked.)

      That’ll create the MobileSync folder & all it’s contents.

    1. Restrictions lockout Dave? Or screen lock? If it’s anything other than a forgotten restrictions passcode, I can’t help you.

    1. Yes, read this page & follow the instructions. That’ll have you sorted in no time. (It doesn’t matter who set the password, the iDevice has no knowledge of that. The important thing is that the password is lost & needs to be recovered.)

  2. no, not that time. But I have the computer that was synced with the phone. So I need the way to get my screen passcode using my restrictions code which I remember.

        1. Wow, 5.0.1, really? from back in the golden days of jailbreaking. Ok, what’s your iDevice again Bill? iPhone 4?

        2. There’s a way through this, somehow. I haven’t had an iDevice for over a year now so I need to find some time to think it through. I’ll get back to you. The old iOS helps though.

        3. Yeah Bill, because you’ve got your original computer that the iPhone synced with, it should do a local backup without needing the screen to be unlocked.

          Because it’s not an encrypted backup you’ll be taking, it won’t bring your security options with the backup – no passwords, no keychain etc.

          Then, after it’s backed up to your computer (check the backup folder for size to be sure), you can go through the process of saving your shsh blobs & re-installing your existing iOS (I think that’s available to you) – if you want to be bothered with such an effort to get a well-outdated OS back on board.

          Look at ih8sn0w’s excellent tools iReb, iFaith & Sn0wbreeze to achieve that work, on ih8sn0w.com. You can trust his products too, the man is an iOS guru.

  3. I used an unencrypted backup, but I still got gibberish when I opened the file in notepad. Help?

  4. I remember my restrictions code but I can’t remember my screen lock passcode. Can I use it somehow to remind me a screen lock one?

    1. Sorry Bill, that’s a whole other implementation. The screen code isn’t, as far as I’m aware, available in such a manner.

      You’ve got me thinking though…

        1. Well Bill, you can just put your iPhone into Recovery or DFU mode & reinstall iOS through iTunes. Choose a new screen security code & try your hardest not to forget it.

  5. Hi, great tool but it didn’t work for me. My key is ruIBezCrx1PA11Su0rtccFPX2RU= and the salt is1yFP/w==

    1. Did you copy/paste the Key & Salt? Or type it in? Because there’s not room for failed results, input correct Key & Salt, iterate through the possibilities, ka-ching.

      Anyway, see my reply to msoulz above for the alternative solution.

      1. Hello again, I originally typed it in but made a mistake. After I copied and pasted the info, it worked perfectly. THANK YOU very much for your help!

  6. Sorry, I forgot to say thanks!! Didn’t work for me but I appreciate that you put this out there.

    1. I emailed msoulz with the alternative workaround for this issue – replacing his Key & Salt data in his backup with the demo data in this post, saving the file then restoring the iPhone from backup & using 0001 as the passcode. It works.

  7. Interesting – it gave me the passcode that I thought it was, and have been entering all along, and it still didn’t work. Must be a phone issue.

  8. I look after a bunch of iPads and the restrictions code on a number was unknown (lost in history and staff change). Took a while to locate the right file but when i did the cracker sorted the problem. Saved me a heap of rebuilds…. big thanks!

    1. No, I leave performance enhancement in users hands. If you want the answer 5x faster, open 5 tabs & set the start correspondingly.

      Not the worst idea I’ve ever heard though, maybe I might find time for this

  9. Thank you so much, you were very helpful and aft several attempts I could finally solve the problem!!!

    Congratulations also for being so good.

    Maurizio

    1. Yeah, there is. Read the instructions written on this page, iFile is only even briefly mentioned, it’s certainly not imperative to the recovery.

  10. hello 1024kb,
    i just left the message to you that i’ve tried long time but it just didn’t work on my iphone.But now it worked!!! i used chrome before but it didn’t show anything. i change to ie and it starts running and i finally found my code! Really really really thank you so much to create this magical cracker!!!!!!

    1. This was my bad, I didn’t check everything everywhere on the site after a WordPress update a few days before. User comments like this one alerted me to the problem – which is now solved.

  11. Dear 1024kb
    i’ve read the article and comments that this magical code worked on their iphone, but i’ve tried and waited, it doesn’t show any pins… don’t know which part is wrong:(
    RetrictionPasswordKey is: 5g3MCwnUAIjaV4M65n0sS7hM+KE=
    RestrictionPasswordSalt is: e+ZLGw==
    I will be glad hearing back from you.

  12. Thanks, worked like a charm! I was contemplating erasing my content and starting from scratch until, it asked me for the restrictions password and i found your page!

Leave a Reply

Your email address will not be published. Required fields are marked *