Add ios7tojohn.pl and docs for it.

openwall · Jan 6, 2014 · 3e080d8 · 3e080d8 · ios7hash · Apr 5, 2014
1 parent 7524c1b
commit 3e080d8
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 0 deletions.
diff --git a/doc/README.ios7 b/doc/README.ios7
@@ -0,0 +1,20 @@
+Cracking IOS 7 restrictions PIN code
+====================================
+
+1. Fetch the file com.apple.restrictionspassword.plist from your phone. How
+   you do this is out of scope for this document, just google it.
+
+
+2. Run ios7tojohn on that file, redirecting output to a new file. Eg:
+
+   $ ./ios7tojohn com.apple.restrictionspassword.plist > ioshash
+
+
+3. Run john on the new file, only using four digits (it's a PIN code):
+
+   $ ./john ioshash -inc:digits -min-len=4 -max-len=4
+
+
+4. The password will get cracked in a split second. This is not because Apple
+   used a very poor hash mechanism but because the keyspace of a PIN code is
+   so very tiny.
diff --git a/run/ios7tojohn.pl b/run/ios7tojohn.pl
@@ -0,0 +1,63 @@
+#!/usr/bin/env perl -w
+#
+# This software is Copyright (c) 2014 magnum
+# and it is hereby released to the general public under the following terms:
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+
+use strict;
+use MIME::Base64;
+use File::Basename;
+
+# Example input (from com.apple.restrictionspassword.plist):
+#    <key>RestrictionsPasswordKey</key>
+#    <data>
+#    J94ZcXHm1J/F9Vye8GwNh1HNclA=
+#    </data>
+#    <key>RestrictionsPasswordSalt</key>
+#    <data>
+#    /RHN4A==
+#    </data>
+#
+# Example output:
+# $pbkdf2-hmac-sha1$1000.fd11cde0.27de197171e6d49fc5f55c9ef06c0d8751cd7250
+
+die "Usage: $0 [file [file...]]\n" if ($#ARGV < 0);
+
+my ($type, $key, $salt) = ();
+
+while(<>) {
+	s/\r//g; # Drop Redmond Garbage[tm]
+	if (m#^\s*<key>(.*)Key</key>\s*$#) {
+		$type = $1;
+		next;
+	}
+	# Single line
+	if ($type && m#^\s*<data>([0-9a-zA-Z/.=]+)</data>\s*$#) {
+		my $data = $1;
+		if (!$key) {
+			$key = $data;
+		} elsif (!$salt) {
+			$salt = $data;
+			print "$type:\$pbkdf2-hmac-sha1\$1000.${salt}.${key}:::", basename($ARGV, ".plist"), "::${ARGV}\n";
+			$type = $key = $salt = undef;
+			next;
+		} else {
+			die "Error parsing file ${ARGV} line $.\n";
+		}
+	}
+	# Multi line (but all data on one line)
+	elsif ($type && m#^\s*<data>\s*$#) {
+		my $data = unpack("H*", decode_base64(<ARGV>));
+		if (!$key) {
+			$key = $data;
+		} elsif (!$salt) {
+			$salt = $data;
+			print "$type:\$pbkdf2-hmac-sha1\$1000.${salt}.${key}:::", basename($ARGV, ".plist"), "::${ARGV}\n";
+			$type = $key = $salt = undef;
+			next;
+		} else {
+			die "Error parsing file ${ARGV} line $.\n";
+		}
+	}
+}