Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 06 Jan 2014 02:33:24 +0100
From: magnum <>
To: "" <>
Subject: Crack IOS7 RestrictionsPasswordKey hashes from

In a recent discussion on Hashcat forums 
( we discovered the algo 
behing IOS 7.02+ hashing of "Restrictons" PIN code. Until now it was in 
the clear, now it's pbkdf2-hmac-sha1 with 1000 iterations. From 
googling, it seems noone figured this out before.

HashCat does not have any generic pbkdf2-hmac-sha1 format though, so it 
can't be used yet. I really thought we had one but we didn't! So I 
whipped one up and while I was at it, I wrote an "" tool to 
fetch and convert the hashes from a .plist. I haven't tested it except 
with snippets posted on forums.

Since it's just a 4-digit PIN code the keyspace is really really tiny so 
it's a guaranteed crack in a split second. The problem is not the choice 
of algorithm: There's not much Apple can do about it except using 
password instead of PIN.

The code is in latest bleeding tree:


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.