November 21, 2024
Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims

Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims

Posted April 3, 2012 at 12:49am by iClarified
Will Strafach, a developer and hacker known as chronic, has shot down 'two minute passcode cracking' claims sparked by a recent video of the XRY software tool used by law enforcement.

The original article in Forbes said Micro Systemation, the company behind the software, "seeks out security flaws in the phone's software just as jailbreakers do." However, it turns out that they are just using Geohot's limera1n.

They do not use anything special that is "similar to" the exploits used in jailbreak programs; They are simply loading a custom ramdisk by utilizing the publicly available "limera1n" exploit by George Hotz. The ramdisk isn't even very special, because anyone could put together their own using open source tools. The only "special" thing XRY has done is create a tool that is simple enough to be utilized by LE personnel.


Strafach notes that this means that XRY does not work on the iPhone 4S, iPad 2, or iPad 3. He also takes issue with the two minute passcode cracking claim. In the video (which has now been taken down), XRY is shown cracking a password of 0000. If your passcode was something more complicated it could take far longer to crack. In fact, the company told Forbes that much.

"The more complex the password, the longer and harder it's going to be to access the phone," he says. "In some cases, it takes so long to brute force that it's not worth doing it."

Read More [via 9to5Mac]


Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims


Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (6)
You must login or register to add a comment...
Russell
Russell - April 4, 2012 at 6:48am
I have not read the TOS of Geohot's limera1n, but if he said it can't be commercially redistributed, can't he sue Micro Systemation?
crosby87871
crosby87871 - April 3, 2012 at 11:49am
LOL guy get PWNED!
Not Dumb
Not Dumb - April 3, 2012 at 7:21am
4 digits 10 possibilities per digit means 10,000 different options. Just set your iDevice to wipe after 10 attempts and choose some number that has no digit less than a 5. No brute force algorithm will guess your password with 10 guesses.
Tom Braby
Tom Braby - April 4, 2012 at 3:58am
The claim is that they hash the key offline, bypassing the wipe policy. Still not as vulnerable as claimed.
Paul
Paul - April 3, 2012 at 1:24am
I said exactly the same thing concerning the original article.
Mes
Mes - April 3, 2012 at 12:54am
Makes sense. I thought the passcode was cracked way too easily. Older iOS versions were easy, but that changed after 4.x. Thanks Chronic
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Ventura
Where to Download macOS Sequoia
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS