A Pickle

Discussion in 'Mac Programming' started by NewMacCity, Aug 27, 2012.

  1. NewMacCity macrumors newbie

    Joined:
    Feb 26, 2009
    #1
    I've gotten myself into A pickle.

    The Problem:
    A partial password to my Encrypted iPhone back up. :eek:

    The Solution:
    Write a simple bruteforce cracker to recover my pw.

    The Plan:
    -Learn Obj C on Xcode and possibly Interface builder (seems to be the way to go after reading the FAQ's)
    -practice practice practice go a little bit insane practice practice practice
    -debug debug debug go a little bit insane...
    -Recover pw! =)

    Expectations:
    -a simple GUI (would be helpful but not necessary)
    -ability to define variable and static value for each password character
    -able to interact with iTunes password prompt
    -read from a file of possible password characters
    -recognize and save successful character string

    I'm not asking for coding details or algorithms. I'm looking forward to figuring those out on my own. What I am asking for is
    any insight/advice you may have to offer.

    About me, contextual background info:

    I have a very basic understanding of programming fundamentals, if you count 2 years of QBasic in high school. Yes, there are other solutions, but I think this would be a fun project and I really don't want to reset my phone, pay for shady software, or compile someone else's program w/o the proper experience(fear of backdoors).

    I hope I'm not breaking any rules posting about pw cracking. I realize this may seem suspicious to the skeptical and cautious out there (i would be). So please feel free to message me privately if you have any questions or if you don't want to reply publicly.

    Again, any insight/advice you may have to offer is greatly appreciated.

    Thank you!
     
  2. blueroom macrumors 603

    blueroom

    Joined:
    Feb 15, 2009
    Location:
    Toronto, Canada
  3. NewMacCity thread starter macrumors newbie

    Joined:
    Feb 26, 2009
    #3
    Not quite the response I was hoping for, I guess Jagger had it right, "you don't always get what you want"

    But at least it's a start. /shrug
     
  4. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #4
    What's the maximum time you're willing to wait to reach step 4? 1 year? 5 years? 30 years? That may seem like a silly question, but it's actually very important.

    What's the maximum amount of effort you're willing to put into the first 3 steps? Again, it's very important to get a realistic answer to this.

    People with no experience in these matters (learning to program well, and password cracking) frequently underestimate the skill or time actually needed.

    I've got over 20 years of programming experience, including at least 5 years in security, and writing a password cracker would not be something I would undertake as blithely as you seem to propose.

    Personally, I would have taken great pains up front to make sure my password wasn't lost, or intentionally set a shorter and more easily crackable one, but it's too late for that now.


    That doesn't even seem like a practical design, so after you learn the programming language and have some skill in writing real-world programms, you'll have to study password cracking more earnestly, otherwise you'll really be wasting your time. And I don't just mean wasting a month or two, I mean like wasting a few millenia by using a poor algorithm, or a poor implementation, or a poor design.

    For example, you should start by reading this Ars Technica article.
     
  5. NewMacCity, Aug 27, 2012
    Last edited: Aug 27, 2012

    NewMacCity thread starter macrumors newbie

    Joined:
    Feb 26, 2009
    #5
    That's very sobering, it seems I was a tad drunk/overzealous with excitement. chown33, thanks for taking the time.

    Looks like it's time to do that reset after all and chalk this one up to lessons learned the hard way.

    Though not all is lost. This whole fiasco began when an online account of mine was compromised which led to lots of reading up on infosec. It's a crazy insecure world out there, as that arstechnica article points out so well. It's pretty overwhelming actually thinking about how much data is so vulnerable.

    Curious, chown33 do those years/experience in infosec you mentioned make you feel more or less secure?

    (i still plan on getting my feet wet with obj c/xcode just with maybe a less ambitious project lol)
     
  6. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #6
    It depends. Among other things it helps me avoid stupid mistakes like using the same password on multiple accounts. Or at least I understand the risks of doing so, and I don't waste time using strong passwords on accounts with low risk (such as my MacRumors account).

    The main thing is I always ask myself, "What's the worst that can happen?", and because I know some of the things that can happen, and how those might be recovered from (or not recovered from), it guides me in putting effort into the things that matter. Like recovering passwords for a phone, or choosing an admin password for a local machine (as distinct from a portable machine).

    It's also good to know about really basic stuff, such as the likelihood of a disk failure and losing data is far higher than the risk of an online password compromise. So safeguarding data is more about making backups and being sensible than it is about being super-security-aware.
     
  7. holmesf, Aug 27, 2012
    Last edited: Aug 27, 2012

    holmesf macrumors 6502a

    Joined:
    Sep 30, 2001
    #7
    It would be much easier to attack the iTunes backup files directly, and not program a GUI or have your app interact with iTunes. Those tasks are a serious waste of time, and interacting with iTunes would frankly be a nightmare.

    There are some details about how iTunes backups are encrypted here: http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf

    But seriously, start with smaller goals.
     

Share This Page