
Pinfinder: iOS Restrictions Passcode Recovery - brigham
https://pinfinder.net
======
FiloSottile
It’s stored hashed with 1000 iterations of PBKDF1:
[https://github.com/gwatts/pinfinder/blob/a3e1d1b709ad6c9a109...](https://github.com/gwatts/pinfinder/blob/a3e1d1b709ad6c9a109795c0e711317f8f2089fc/pinfinder.go#L323)

Note that this tool extracts the hash from a decrypted iTunes backup. That
contains (nearly) all the device data, so by the time an attacker has that,
they aren’t going to need much else.

Apple could bind it to the hardware if they wanted to, but that’s going above
and beyond, which I’m not sure is any use here.

------
amacbride
Worked like a charm for me, after a little tweaking of the source code. (My
use case was a 70-year-old who couldn't remember which code she used on her
phone.)

------
saagarjha
Arguably a better link, which explains how the process actually works:
[https://nbalkota.wordpress.com/2014/04/05/recover-your-
forgo...](https://nbalkota.wordpress.com/2014/04/05/recover-your-forgotten-
ios-7-restrictions-pin-code/)

------
yoz-y
In the past I have successfully used
[http://ios7hash.derson.us](http://ios7hash.derson.us) for iOS 11 restrictions
code cracking. I use restrictions to remove some features I don't use and as a
fool I have not set the code to 0000 for this one device.

It would be actually quite useful if one could remove the restrictions from
the Apple Id page or something like that.

------
givinguflac
This is cool, but seems like a big security flaw on Apple’s part. Most people
likely use the same passcode for their device and the restrictions passcode. I
imagine this security risk can be mitigated by encrypting the backup, but I
still think it’s a flaw in need of fixing.

~~~
tptacek
Restrictions aren't really a security feature.

~~~
seandougall
They’re not, but if someone does use the same passcode, it could open up a
vulnerability.

That said, using the same passcode would defeat the purpose for what I believe
is the primary use case (I want to loan you my device, so I have to give you
the unlock passcode, but I don’t want to give you unfettered access). So I
really think having the passcodes match is an edge case. I can see it
happening in other use cases, though (e.g. kiosks).

~~~
ryanwaggoner
Pretty sure the primary use case is kids, not loaning your device to a friend.

