bruteforce passcode

Well-known iOS jailbreak developer and hacker Majd Alfhaily was intrigued when read about MDSec’s black box hardware brute force for iOS devices. The tool, which runs over a USB connection, tries every possible passcode combination in an attempt to unlock an iPhone secured with a simple passcode.

The downside of such a tool, is that each PIN entry takes approximately 40 seconds, so it could take more than 110 hours to brute force an iPhone. Majd, being the curious person that he is, devised a way to do it in a fraction of the time using only software. The only caveat, if you even want to call it that given what it does, is that the device must be able to run unsigned code, i.e., the device must be jailbroken.

Majd’s tool would only take about 14 hours to try all possible passcode combinations 0000 through 9999. This is because he’s coded his tool in such a way that the device doesn’t disable after 10 bad passcode attempts, and it only requires five seconds instead of 40 seconds between each new attempt.

Although we certainly would not condone the usage of a tool like this for unscrupulous reasons, it’s a very interesting read, and the way Alfhaily pulls it off is pretty impressive. Watch the video above to see an example of his code in action.

Indeed, this tool is eye-opening, but it doesn’t mean that your iPhone is in imminent danger of being hacked. Consider these reasons:

  • Non-jailbroken iPhones are not susceptible to this hack, since it requires running unsigned code
  • A person would have to have physical access to your device to perform the hack
  • A complex passcode would exponentially increase the security of your device, and renders the tool (in its current state) useless

In my opinion, the best thing that you can do to protect yourself is to use a complex passcode if you’re really worried about the security of your device. While a complex passcode is definitely not infallible, it certainly helps.

What do you think?

  • Carlos Medina

    This guy… hes going places.

    P.S. Just complete motivation to my eye when i see this especially with uplifting music lol.

    • steev-o

      Here’s the funny part…”he’s only 17 yo” 🙂
      You do the imaginary part of his next few years 😀

      • Brian Brown

        innovation at its finest

      • Carlos Medina

        Now you got me sitting here wonder what the hell have i been doing for my life lol. Guess that’s what happens when you apply yourself to what you love.

  • Brian Brown

    how do you have osx on a hp machine?

    • Hackintosh.. Easily have a mac on a budget!

      • Brian Brown

        really? thnks. ill check it out

      • Brian May

        Hope you’re a masochist lol. I have two hackintosh machines and the first few months were a real pain to get it all configured correctly. But it’s all worth it in the end. Google is your friend.

  • Brian Brown

    Yeah.. nsa or cia will be in contact with the dev. Real soon

    • Digitalfeind

      I’m sure Apple gives them Back-door access. Just ask China.

  • Harsh Sac

    This is a very helpful tool
    not for hackers but for people who have somehow got their phone locked with a mysterious passcode
    it once happened to me, a friend of mine did it as a prank, and then couldn’t remember the combination. I had an iPhone 4 then running iOS 5.1.1
    And that happened to be the unique combination that was required by a previous tool for functioning (iPhone 4 on iOS 5.1)
    it took about 45 minutes to brute force into the phone
    It sure saved my arse back then…
    And god forbid, but if it were to happen again, this would help someone again…

  • goeo_

    this is a tweak that you need to install before forgetting your password

    uh

    good idea

    • Elias Chao

      You can install it via SSH.

      • goeo_

        with ssh access i can just remove the password too. also takes much less than 14 hours

  • Dany Lisiansky

    If the device is Jailbroken, why would you have to brute force anything while you can just disable the password itself?

    I actually done this in various iOS versions (until I switched to TouchId device) so when my device connects to my Macs over USB, connected to my wifi network and in range of my house, it will disable the need of password.

    • Niclas

      If no ssh and pw is changed with no afc. How do you disable it?

      • Dany Lisiansky

        You can still elevate yourself to root with stock afc access.
        A simple logical exploit will do the work (I have a few that still work on iOS 8..)

      • Niclas

        Ok, but as far as I know, no exploit in the wild does this?

  • rutzgup

    Isn’t it possible to make a backup of the device and then try to brute force the backup to avoid the limitation of X tries per second?

    • Garry

      nope when trying to backup itunes will ask you to press accept on phone to make connection with your pc or mac.the cother case senario is if its already been backed up on itunes before than it shouldnt ever be a problem

  • HamptonWalley

    I do not want any passcode anymore, just my fingerprint

  • Garry

    and anyways most people dont jailbreak so people who jailbreak and loose there phone lesson for them the real use of this will be when there will be an actual method to jailbreak with bypass code on

  • markelite

    Well a complex passcode wouldn’t really help would it? No matter how complex you make it, it’ll still be still 4 digit pin unless you change it to a password.

    • You can have any password you like by switching off “Simple Passcode” in options.

      • Saar

        This option makes this “hack” irrelevant.

      • markelite

        Exactly what I am saying, you can’t make the Simple Passcode complex cause it’d still be 4 digit numbers.

  • eXoguti097

    I don’t mind waiting a maximum of 4.5 days to unlock a phone (I don’t mean stolen phones), as chances are it could be somewhere in the middle, or just not at the very end.

  • Mark Kramer

    “Well-known iOS jailbreak developer and hacker Majd Alfhaily ” Never heard of him. What has he done?

  • Sleetui

    Yes, useful if for some reason you got locked out of your iDevice via a bad tweak etc.

  • Jailbreak is increasing the security risk. Glad to know it don’t work on non-jailbroken devices. Still IP Box method is pretty scary and apple should address it upcoming updates.

    • Apple have addressed it. It’s called use a complex passcode rather than an insecure 4 digit passcode…

      • Niclas

        No. It is a flaw.

      • How is it a flaw?

        This is because he’s coded his tool in such a way that the device doesn’t disable after 10 bad passcode attempts, and it only requires five seconds instead of 40 seconds between each new attempt.

        The developer has modified iOS. This software is no different to a piece of malware and nothing Apple can do can change that. If you have root access to a device you can pretty much do whatever you want to your device and nothing Apple can do can fix that other than closing jailbreak exploits (which they do)…

      • Niclas

        “Still IP Box method is pretty scary and apple should address it upcoming updates.”
        It has nothing to do with jailbroken software. Look it up.
        It is a flaw.

      • I don’t mean to be rude / arrogant but did you read the article?

        The only caveat, if you even want to call it that given what it does, is that the device must be able to run unsigned code, i.e., the device must be jailbroken.

      • Niclas

        I did. But you obviusly didn’t read the comment you’re replying to.
        IP-Box has nothing to do with jailbreaking.
        It is a flaw, end of story.

      • IP-Box is a flaw that’s been patched so I assumed that the comment was in reference to the tool discussed in this article. I guess I misunderstood the comment…

      • Niclas

        All good. It’s patched in the beta right?

      • Which should eventually reach consumers. The flaw means it takes 40 seconds per password attempt. If you excercise good security practice and have a complex password this isn’t even an issue since it would take years to crack your password. Nobody’s that patient…

      • Niclas

        That is all true but ppl dont use complex pincodes

      • Well people should since there are only 10,000 different combinations of a 4 digit pin code…

        It’s either use a complex password or chance it and wipe your device after ten wrong password attempts…

        I can understand why people don’t use complex passwords though. Either they don’t want to spend the time inputting it or they just aren’t educated enough to know why they shouldn’t use a 4 digit pin code…

        Like I said though, the fix will eventually reach consumers and with it taking 40 seconds per password attempt it’s basically the worlds slowest brute force attack, hardly an issue like another commenter states 9999 is probably the last combination tried so it would take ages just to guess that (40 seconds * 10,000 = 400000 = 6666.66 minutes = 111.11 hours = 4.62 days)

      • Niclas

        Well, that is PRE-flaw-fix.
        POST-flaw-fix it would take indeinitely longer time since you get locked out for trying for increasing time.

  • PINPAL

    Most complex passcode 9999 takes it’s the last passcode the tool tries therefore it os the most secure againest the tool, againest humans though.. Well..

  • xS1nZ

    How do I use your method? I have an iPhone jailbroken on 8.1 and this guy who made Translock will not release a compiled version therfore the only one who has ever gotten any use out of his hack is himself. In issues, people requested how to compile or use the hack and he just ended all of the discussions without any comment. Not trying to be annoying, just wondering if there was a way I could use yours. I clicked on that link, but there is a lot more to it than that.