Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims

Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims

Posted by · 15314 views · Translate
Will Strafach, a developer and hacker known as chronic, has shot down 'two minute passcode cracking' claims sparked by a recent video of the XRY software tool used by law enforcement.

The original article in Forbes said Micro Systemation, the company behind the software, "seeks out security flaws in the phone's software just as jailbreakers do." However, it turns out that they are just using Geohot's limera1n.

They do not use anything special that is "similar to" the exploits used in jailbreak programs; They are simply loading a custom ramdisk by utilizing the publicly available "limera1n" exploit by George Hotz. The ramdisk isn't even very special, because anyone could put together their own using open source tools. The only "special" thing XRY has done is create a tool that is simple enough to be utilized by LE personnel.

Strafach notes that this means that XRY does not work on the iPhone 4S, iPad 2, or iPad 3. He also takes issue with the two minute passcode cracking claim. In the video (which has now been taken down), XRY is shown cracking a password of 0000. If your passcode was something more complicated it could take far longer to crack. In fact, the company told Forbes that much.

"The more complex the password, the longer and harder it's going to be to access the phone," he says. "In some cases, it takes so long to brute force that it's not worth doing it."

Read More [via 9to5Mac]

Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims
Russell - April 4, 2012 at 6:48am
I have not read the TOS of Geohot's limera1n, but if he said it can't be commercially redistributed, can't he sue Micro Systemation?
crosby87871 - April 3, 2012 at 11:49am
LOL guy get PWNED!
Cheap bastards - April 3, 2012 at 10:25am
Lol at this cheap Micro Systemation bastards... It takes guts to rip off someone else's work like that and promote it as a groundbreaking tool... with an exploit that has existed for a year now or more made by a real iOS hacker. These suckers are just like corporate script kiddies lol!! Way to go Micro Systemation folks! Maybe in a year or so you can start grasping the tech behind Absinthe/Corona and """innovate""" again. LOLOL SO SAD!!!
Not Dumb - April 3, 2012 at 7:21am
4 digits 10 possibilities per digit means 10,000 different options. Just set your iDevice to wipe after 10 attempts and choose some number that has no digit less than a 5. No brute force algorithm will guess your password with 10 guesses.
Tom Braby - April 4, 2012 at 3:58am
The claim is that they hash the key offline, bypassing the wipe policy. Still not as vulnerable as claimed.
2 More Comments