• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • iOS Hacker Makes Software-only Passcode Brute-force Attack Tool for Jailbroken iPhones


    A little black box that could potentially crack your iPhone's numeric passcode in under 111 hours has been getting quite the buzz around the Internet lately. Although, iOS developer and hacker Majd Alfhaily has found a way to crack your iPhone's numeric passcode even faster and only with software, eliminating the need to have the little black box.

    There is a catch though; your iPhone has to be jailbroken for this to work, which means that if you have a non-jailbroken device, then you're not vulnerable to this kind of attack. Additionally, for this to work you must have a basic numeric passcode and not one of the complex word-based passcodes that are also an option in Apple's iOS operating system if you need additional security.

    Alfhaily is calling his work "TransLock" and he has open sourced his code called "libTransLock" on GitHub at this link for anyone to check out and learn from. In an interesting blog post, Alfhaily explains his code and what he did to make this tool. It's a very intriguing read for anyone that's into these kinds of things and there is certainly a lot to be learned.

    Basically what happens is the software disables the feature of iOS that locks the device after 10 failed passcode attempts by hooking into the process that normally handles this feature and returning a Boolean value of false instead of true. In doing so, this leaves the device wide open to being cracked without any hope of the device locking the user out before they get the chance to enter your device.

    Alfhaily notes that the software can crack a jailbroken iOS device within 14 hours, depending on what the passcode is, by trying a new passcode every 5 seconds in what is called a brute force attack. Once successful, the tool reboots the iPhone and shows a message on the display that shows the passcode.

    You can watch the hacker's demonstration video of the program working on an iPhone below:



    The hacker has plans to release this tool publicly in the future, but for now, those that are savvy in hacking and coding will be able to check out the open source code on the hacker's Github we discussed earlier.

    Obviously, this is not something you should just go around using on everyone's iPhone to gain unlawful privileges into someone's private life, but it's a very interesting proof of concept that shows just how vulnerable a jailbroken device can be to attacks like this.

    Fortunately, if you keep your device close to you at all times, there's no way this attack could work on you because the hacker needs to actually be holding your device for up to 14 hours, which seems like a very unlikely situation unless your iPhone is stolen from you. Moreover, since it requires a jailbroken device to hook into the process needed for this attack to work, the majority of worldwide iOS devices are unaffected by this type of attack because the iPhone will lock the user out after 10 failed passcode attempts; so this is nothing to panic about.

    Still, very intriguing.

    Sources: Majd Alfhaily's Blog via Majd Alfhaily
    This article was originally published in forum thread: iOS Hacker Makes Software-only Passcode Brute-force Attack Tool for Jailbroken iPhones started by Anthony Bouchard View original post
    Comments 1 Comment
    1. TDH Advocate's Avatar
      TDH Advocate -
      These are the people I love to see things from because it's just so interesting to see these things done. Kind of like the guy who has been making android wear compatible with ios (yesterday he uploaded a video with music app compatibility) and it's so interesting.