故事起源於幫長輩換手機,這時手機有用過 itunes 備份過一份並且加密,但...怎麼都想不起密碼。在網路上找尋解法時,大概可以看到幾款破解軟體(推論是免費試用,真正要破解時需加價)。此刻的不方便,反而要感謝起 Apple 資安服務,高規格保護資料!大家的破解原理都是一樣的:暴力解-猜密碼。
研究後,發現有個 hashcat 的 open source 統包了眾多加密系統的猜密碼任務,而網路上 2017年也以人講解使用過程,還滿仔細的:
Crack Encrypted iOS backups with Hashcat
筆記一下過程:
- 先找到 iOS 備份檔擺放的位置: https://support.apple.com/en-us/HT204215
- macOS: ~/Library/Application Support/MobileSync/Backup/
- 備份都是目錄結構,找到目錄中的 Manifest.plist 檔案
- 依照裡頭的資訊,準備餵給 hashcat 的資料,可分成 iOS 10 以上跟 iOS 9 以前,組成 inputFromManifest.txt 資料
- Less then iOS 10:
- $itunes_backup$*<ver>*<WPKY>*<ITER>*<SALT>**
- iOS 10 or later:
- $itunes_backup$*<ver>*<WPKY>*<ITER>*<SALT>*<DPIC>*<DPSL>
如此,就可以靠 hashcat 來運算,其原理包括支援平行處理(GPU)去算出密碼,包括從字典檔、暴力猜等等的。此外,關於上述 2~3 步驟,其實也有人佛心提供工具:github.com/philsmd/itunes_backup2hashcat,透過 perl 小程式自動幫人從 Manifest.plist 組出資訊:
% perl itunes_backup2hashcat.pl yourBackupDir/Manifest.plist$itunes_backup$*10*#######*####*######*######*##################% perl itunes_backup2hashcat.pl yourBackupDir/Manifest.plist > inputFromManifest.txt
後續就著重 hashcat 的指令筆記,若要更多指令資訊,逛個官方網站是最方便的:hashcat.net/wiki/doku.php?id=hashcat
以在 https://www.youtube.com/watch?v=MMySnPzsPYU 內提供的範例資訊:
% cat inputFromManifest.txt$itunes_backup$*10*c8c96e8d6175f1356da6dcf5791ad76be166232b4a01bd6974abb27c39034993591c15ba03a14e3b*10000*0ca3ccfc453b32f9ca9aceb754b87f4e0ab9cb95*10000000*bdee6869caa7999e9576f390a248a29f38d10d6f
這時都是 iOS 10 的密碼,因此在使用 hashcat 會採用 -m 148000 參數。若是 iOS 9 以前,要用 -m 14700 參數這些都有定義在官方網站的 wiki 中。
第一招:暴力解,此例猜4個數字:
% hashcat -d 1 -m 14800 ./inputFromManifest.txt -a 3 '?d?d?d?d'hashcat (v6.2.3) startingOpenCL API (OpenCL 1.2 (Jun 17 2021 15:24:17)) - Platform #1 [Apple]====================================================================* Device #1: Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz, 16320/16384 MB (4096 MB allocatable), 4MCU* Device #2: Intel(R) Iris(TM) Plus Graphics 640, skippedMinimum password length supported by kernel: 0Maximum password length supported by kernel: 256Hashes: 1 digests; 1 unique digests, 1 unique saltsBitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesOptimizers applied:* Zero-Byte* Single-Hash* Single-Salt* Brute-Force* Slow-Hash-SIMD-LOOP* (null)Watchdog: Temperature abort trigger set to 100cHost memory required for this attack: 1 MB[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>
這時隨時都可以按 s 去看暴力解的進度:
Session..........: hashcatStatus...........: RunningHash.Name........: iTunes backup >= 10.0Hash.Target......: $itunes_backup$*10*c8c96e8d6175f1356da6dcf5791ad76b...d10d6fTime.Started.....: Wed Aug 25 20:37:03 2021 (6 mins, 50 secs)Time.Estimated...: Wed Aug 25 23:30:00 2021 (2 hours, 46 mins)Kernel.Feature...: Pure KernelGuess.Mask.......: ?d?d?d?d [4]Guess.Queue......: 1/1 (100.00%)Speed.#1.........: 1 H/s (13.34ms) @ Accel:128 Loops:256 Thr:1 Vec:4Recovered........: 0/1 (0.00%) DigestsProgress.........: 0/10000 (0.00%)Rejected.........: 0/0 (0.00%)Restore.Point....: 0/1000 (0.00%)Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:8056320-8056576Candidate.Engine.: Device GeneratorCandidates.#1....: 1234 -> 1124Hardware.Mon.SMC.: Fan0: 100%Hardware.Mon.#1..: Temp: 66c[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>
而幸運解出密碼時,會顯示以下資訊,主要是 Status 會顯示 Cracked 而密碼則是紀錄在冒號後面 (:1234)
$itunes_backup$*10*c8c96e8d6175f1356da6dcf5791ad76be166232b4a01bd6974abb27c39034993591c15ba03a14e3b*10000*0ca3ccfc453b32f9ca9aceb754b87f4e0ab9cb95*10000000*bdee6869caa7999e9576f390a248a29f38d10d6f:1234Session..........: hashcatStatus...........: CrackedHash.Name........: iTunes backup >= 10.0Hash.Target......: $itunes_backup$*10*c8c96e8d6175f1356da6dcf5791ad76b...d10d6fTime.Started.....: Wed Aug 25 20:37:03 2021 (8 mins, 26 secs)Time.Estimated...: Wed Aug 25 20:45:29 2021 (0 secs)Kernel.Feature...: Pure KernelGuess.Mask.......: ?d?d?d?d [4]Guess.Queue......: 1/1 (100.00%)Speed.#1.........: 1 H/s (11.09ms) @ Accel:128 Loops:256 Thr:1 Vec:4Recovered........: 1/1 (100.00%) DigestsProgress.........: 512/10000 (5.12%)Rejected.........: 0/512 (0.00%)Restore.Point....: 0/1000 (0.00%)Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:9984-9999Candidate.Engine.: Device GeneratorCandidates.#1....: 1234 -> 1124Hardware.Mon.SMC.: Fan0: 100%Hardware.Mon.#1..: Temp: 65cStarted: Wed Aug 25 20:36:57 2021Stopped: Wed Aug 25 20:45:30 2021
第二招:將可能的密碼寫在 myPasswordlist.txt 中去驗證,指令:
% cat myPasswords.txt5678098761234% hashcat -d 1 -m 14800 ./inputFromManifest.txt ./myPasswords.txthashcat (v6.2.3) startingOpenCL API (OpenCL 1.2 (Jun 17 2021 15:24:17)) - Platform #1 [Apple]====================================================================* Device #1: Intel(R) Core(TM) i5-7360U CPU @ 2.30GHz, 16320/16384 MB (4096 MB allocatable), 4MCU* Device #2: Intel(R) Iris(TM) Plus Graphics 640, skippedMinimum password length supported by kernel: 0Maximum password length supported by kernel: 256Hashes: 1 digests; 1 unique digests, 1 unique saltsBitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesRules: 1Optimizers applied:* Zero-Byte* Single-Hash* Single-Salt* Slow-Hash-SIMD-LOOP* (null)Watchdog: Temperature abort trigger set to 100cHost memory required for this attack: 1 MBDictionary cache built:* Filename..: ./myPasswords.txt* Passwords.: 3* Bytes.....: 16* Keyspace..: 3* Runtime...: 0 secsThe wordlist or mask that you are using is too small.This means that hashcat cannot use the full parallel power of your device(s).Unless you supply more work, your cracking speed will drop.For tips on supplying more work, see: https://hashcat.net/faq/moreworkApproaching final keyspace - workload adjusted.$itunes_backup$*10*c8c96e8d6175f1356da6dcf5791ad76be166232b4a01bd6974abb27c39034993591c15ba03a14e3b*10000*0ca3ccfc453b32f9ca9aceb754b87f4e0ab9cb95*10000000*bdee6869caa7999e9576f390a248a29f38d10d6f:1234Session..........: hashcatStatus...........: CrackedHash.Name........: iTunes backup >= 10.0Hash.Target......: $itunes_backup$*10*c8c96e8d6175f1356da6dcf5791ad76b...d10d6fTime.Started.....: Wed Aug 25 20:52:58 2021 (10 secs)Time.Estimated...: Wed Aug 25 20:53:08 2021 (0 secs)Kernel.Feature...: Pure KernelGuess.Base.......: File (./myPasswords.txt)Guess.Queue......: 1/1 (100.00%)Speed.#1.........: 0 H/s (0.18ms) @ Accel:128 Loops:256 Thr:1 Vec:4Recovered........: 1/1 (100.00%) DigestsProgress.........: 3/3 (100.00%)Rejected.........: 0/3 (0.00%)Restore.Point....: 0/3 (0.00%)Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:9984-9999Candidate.Engine.: Device GeneratorCandidates.#1....: 5678 -> 1234Hardware.Mon.SMC.: Fan0: 20%Hardware.Mon.#1..: Temp: 58c...
大概就這兩招筆記一下,未來忘記密碼時,就可以靠 hashcat 幫忙批次測試記憶中的密碼了