Chronic Shoots Down Two Minute iPhone Passcode Cracking Claims
Will Strafach, a developer and hacker known as chronic, has shot down 'two minute passcode cracking' claims sparked by a recent video of the XRY software tool used by law enforcement.
The original article in Forbes said Micro Systemation, the company behind the software, "seeks out security flaws in the phone's software just as jailbreakers do." However, it turns out that they are just using Geohot's limera1n.
They do not use anything special that is "similar to" the exploits used in jailbreak programs; They are simply loading a custom ramdisk by utilizing the publicly available "limera1n" exploit by George Hotz. The ramdisk isn't even very special, because anyone could put together their own using open source tools. The only "special" thing XRY has done is create a tool that is simple enough to be utilized by LE personnel.
Strafach notes that this means that XRY does not work on the iPhone 4S, iPad 2, or iPad 3. He also takes issue with the two minute passcode cracking claim. In the video (which has now been taken down), XRY is shown cracking a password of 0000. If your passcode was something more complicated it could take far longer to crack. In fact, the company told Forbes that much.
"The more complex the password, the longer and harder it's going to be to access the phone," he says. "In some cases, it takes so long to brute force that it's not worth doing it."
Read More [via 9to5Mac]