iPhones and iPads enable users to password protect their backups, and when they choose to do this their data is secured in an encrypted backup.
What is an iPhone backup password?
The backup file was encrypted, but I forgot my encrypted iPhone backup password so I tried a few password sets commonly used by myself. However, none of them was correct. For my case, is it possible to restore my iPhone with that password-locked iTunes backup file? Thanks!” “I had the same problem. I forgot my iPhone backup password.
An iPhone or iPad backup password — sometimes called an iTunes backup password — is set when backing up your iOS device in an encrypted format. The password is securely stored on your device, so that whenever it is called upon to produce a backup, it will generate an encrypted one.
When you choose to protect your backup, you'll need to remember your backup password to ever access that backup's contents. This password is set separately from your iPhone's passcode or your Apple ID's password. So whilst you may set the password to anything you like, resetting your Apple ID won't help you recover it.
What is an iPhone backup password needed for?
Your backup password is needed to read or restore from your iPhone backup, or to remove your iPhone's backup password.
It is not needed to create more backups, to access your iCloud or Apple Music data, to add new devices to your account, or to reset your device.
Over the years Apple have used a few different formats for protecting their encrypted backups. The last big change was made as part of the iOS 10.2 release. iPhone Backup Extractor fully supports all versions of encrypted iTunes backups, as well as iOS backups made by any other software.
Should I password protect my backups?
Setting a password on an iPhone or iPad backup is a great idea, as it helps to protect your data. As the backup is more secure, it means the device can safely include more data in the backup, including health data, which would otherwise be left out. That's handy for you if you ever need to restore from the backup.
How to reset your backup password and create a new backup
If you forget your backup password but don't need access to your backup's contents, you can overwrite it with a new backup:
Be aware that this will overwrite any pre-existing iPhone backup you might have, and all data included in them.
How to recover a lost iPhone backup password
If you've lost or forgotten your iTunes backup password, there are a few techniques you can use to try to recover it.
1. Try known passwords
First, it's worth trying a bunch of passwords that you might have used. There's no penalty to trying a number of different passwords in iTunes, although each check can take a little while. There's no such thing as a default password for an iOS backup.
Perhaps you used one of the following:
Does Apple sometimes automatically choose a backup password?
We often hear from people who have lost their password, claiming their iPhone must have automatically set an unknown password for them. In over ten years — and 1,000+ successful recoveries — we've never once uncovered a password that was truly unknown to the user.
The past is a foreign country. They choose passwords differently there.
Passwords are set on the device, not by your computer. If your device was bought or configured by somebody else, it's possible that you need to ask them for the password.
2. Check the macOS keychain
If you use a Mac and configured the iTunes backup password on that Mac, your computer may have kept a record of the password in its keychain.
You can check this by loading the 'Keychain Access' app that comes with every Mac.
Unfortunately, there's no simple equivalent of doing this for Windows users.
3. Backup to iCloud, erase the device and restore
There's also a nuclear technique for removing an iTunes backup password setting from your device. Enable iCloud backups under settings, back it up, then erase and restore it.
This process is long-winded -- especially for users with a lot of data or a slower connection -- and ideally avoided. https://qrddzre.weebly.com/download-wireshark-mac.html. You can see our guide to making an iCloud backup to follow this approach.
4. Brute-force the backup password
Apple provide technical details on how encrypted backups work. Simply put, modern iOS backups use
AES-256 , with 10,000,000 iterations. That makes checking a single password slow enough, even if it's the right password. Trying many different passwords with a tool like hashcat is a very slow process.
Assuming the password had 8 digits, limited to only upper or lower-case English letters or numbers — and no punctuation symbols — there would be 218,340,105,584,896 (628) possible combinations.
Using a $1,300 GeForce 1080 Ti GPU, it would be possible to try around 100 passwords per second, which would mean it would be possible to break that password in around 69,000 years. That's substantially before the heat death of the universe, but it's still a long way away. The process could be sped up with a machine with 4x $5,000 Nvidia K80 GPUs, but even with a 10x improvement it would still take around ten thousand years, and the electricity consumption would be enormous.
Earlier versions of iOS created backups with much weaker encryption, as below:
Thus, from a practical perspective, it can be possible to recover a password if one has a general idea about its form, such that a few hundred or thousand guesses would find it.
How to speed up password recovery with an ASIC or quantum computer
You might ask, what about quantum computers, or dedicated hardware? Let's take a look.
You might be curious about working with a university with access to quantum computing resources. Whilst there are quite a few click-bait articles out there on the amazing powers of the technology, it doesn't make cracking strong encryption much easier.
There are two good resources on this: this sober paper (nicely summarised by The Register: 'Grover's algorithm would need about 1032 years to crack SHA-256'). Then there's this, less sober article, which suggests that even if one were to build a Dyson sphere and capture all of the energy radiated by the sun it might still be hard. ?♂️
There's another approach that might be faster than general quantum, and that's using an ASIC. This is essentially a custom piece of hardware that is designed specifically for the encryption algorithm one wants to break. Whilst it sounds like everything either uses SHA-1 or SHA-256, the reality is that the parameters used with the encryption matter, which from a practical perspective means you'd need to get one made for the iPhone backup algorithm, rather than being able to use a generalised device. In this case, an iPhone backup uses 10,000,000 iterations of SHA-256. You could probably get a good ASIC built for under $100k, but how much faster it'd be is hard to say. Even if it were 10,000 times faster (it wouldn't be!) it would still be too slow.
The problem ultimately is that even if recovery is worth $250k, the cost of nailing a decent password is substantially greater. Few people have the appetite for the equivalent of a mortgage on an attempt with at best a fraction of percent chance of success in their lifetime.
Given how brutal the brute force probabilities are, that points to using a structured process to recover or trigger memories of a lost password. If the value of recovery is great enough, we'd recommend a process like this:
Freezing all your data to prevent accidental overwrites, deletions or modifications
Triggering memory responses
Intensively search for potential password variants
5. If in doubt: reach out
Our support team are able to help customers with recovery of lost passwords in some cases. Please do reach out to us using the support details below.
Two weeks ago I was in the midst of a nightmare. I’d forgotten a password. Not just any password. THE password. Without this one password I was cryptographically locked out of thousands and gigabytes worth of files I care about. Highly sensitive and valuable files that include work documents, personal projects, photos, code snippets, notes, family stuff, etc. The password in question unlocks these files from the protection of locally stored AES-256 encrypted disk image. A location where an “email me a password reset link” is not an option. File backups? Of course! Encrypted the same way with the same password. Password paper backup? Nope. I’ll get to that. I somehow needed to “crack” this password. If not, the amount of epic self-pwnage would be too horrible to imagine.
Before sharing how I got myself into this predicament, it’s necessary to reveal some details about my personal computer security habits. More specifics than I’m normally comfortable sharing.
As my badge wall shows, I travel a lot, all around the world, and often with the same laptop. A MacBook Pro. My computer becoming lost, stolen, or imaged by border guards and other law enforcement officers is a constant concern. To protect against these potential physical attacks, OS X dutifully offers FileVault.
FileVault is a full disk encryption feature utilizing XTS-AES 128 crypto. Enabling FileVault means that even if someone has physical possession of my computer, or obtains a full copy of the hard drive, they’d be the proud new owner of a cutting-edge machine, but unable to get any useful data off of it. That is unless my admin password, which unlocks FileVault, is ridiculously simple, and it isn’t. By all practical means, “cracking” this password is impossible.
What is possible is law enforcement, or a robber, forcibly stopping me and “asking” for my admin password, a method capable of defeating FileVault’s full disk encryption. Realistically, while my brazilian jiu-jitsu black belt certainly helps in many situations, it can be utterly useless in other real-world encounters. I’ll of course resist giving up my admin password to the extent I’m able, but must assume I may have to “comply” at some point. If this should happen, ideally my data, other than email, should remain safe even after the adversary lands on my desktop.
Setting up this type of layered security fall-back plan is where we return to the conversation of encrypted disk images. On OS X, Disk Utility can be used to create encrypted disk images called DMGs. DMGs are self-contained portable files, of customizable size, that when mounted (i.e. double-clicked) display on the desktop like any other disk drive where files can be stored.
Upon creation of DMGs the level of encryption strength can be set, the highest being AES-256. If FileVault’s AES-128 crypto is already “impossible” to crack, AES-256 DMGs are exponentially more impossible. To ensure this, all you have to do is set a reasonable password. We’re talking even 6 characters or longer, some upper and lower case, and maybe toss in a digit and special character. DON’T SAVE THE PASSWORD IN YOUR KEYCHAIN. Doing so defeats the entire purpose of what we’re trying to accomplish, because the admin password unlocks the keychain.
A great thing about DMGs is that they can be stored anywhere. Hidden in some obscure directory on the local machine, a network storage device, a USB drive, whatever. All my confidential files are typically stored this way, in a series of encrypted DMGs with separate passwords. Also very important, DMGs containing sensitives files are only mounted on an as-needed basis. This is for two reasons:
What’s also cool is a DMG can be used to store additional account passwords, flat file style. Passwords, which can be made super strong and don’t have to be committed to memory. Simply copy-paste as necessary. This FileValue / DMG setup makes it very convenient to only have to remember a small hand full of passwords, including the admin password, to access everything important and without sacrificing security. Well, convenient up until the point where you forget a DMG password. In my case, caused by my scheduled ritual of “change all my passwords.” Ugh!
Apple Encrypted Backup Forgot Password
I wake up once upon a recent morning and begin my daily routine. Check calendar. Check email. Checks RSS. Check Twitter. Start working, start reading. As is common, I mount a DMG and am greeted by the familiar password dialog. First password attempt, fail. Second attempt, fail. Third attempt, fail. Warning dialog appears. That’s weird, I thought. Normally I’m a proficient touch typist. Am I’m fat-fingering the password? Three strikes and I’m out again.
Annoyed, but not concerned. Check the caps lock key. Nope. Try the password again. Fail, fail, fail. Fail, fail, fail. Rinse, repeat several more times. WTF! Am I at least trying to type the correct password for the DMG? I believe so. Let me try a few “shouldn’t work passwords” just in case Morning Brain is causing problems. A few dozen password fails later, annoyance begins constricting into panic. It’s OK, consoling myself, I’ll come back to this in a little while. It’ll be fine. I have some non-DMG-required work to complete anyway.
An hour later, I repeated the same password attempt cycle. No dice. The password fails mounting up are now in the hundreds. I start to mouth some obscenities and my keyboard is really not liking the pounding. My wife is beginning to eyeball me with concern. I’m running out of ideas of what that problem could be. That’s about when I recalled recently changing all my passwords. A few moment laters, that’s when it hit me, like really hit me. For whatever reason, I’d forgotten what I changed the password to. *Gulp*. Oh, no!
Credit: http://xkcd.com/
Think positive, think optimistic. Keep calm. Carry on. It’ll come to me. I’ve never forgotten these passwords before. I even remember most of it. At least, I think I do.
I’m periodically trying different passwords throughout the day, throughout out the evening. One day turns into two, two into three. All like the first. Only now I’m losing sleep. I’m waking up in the middle of the night and have to try a few more passwords just so I can get back to sleep. For those who don’t know, dreaming of password combinations sucks. What also sucks is without access to this DMG, more specifically the work documents within it, my daily productivity plummets.
Finally, after nearly a week I have to admit to myself, I forgot it. That I’m in trouble. Time for Plan B. Google.
I begin searching around for DMG password cracking tools. My thought is since I have a partial password, I should be fine. Most of the results pages are littered with people responding by cracking jokes when asked about cracking DMG AES crypto. That’s not very encouraging. Then I come across something called crowbarDMG, which is basically a GUI for command:
>$ hdiutil attach -passphrase <passphrase> DiskImage.dmg
hdiutil locks a DMG file when attempting to mount it, so crowbarDMG runs single threaded, which essentially means a cracking speed of 1 password c/s. Yeah, slow. For my particular circumstance, this was fine. I figured I was only missing between 1 – 3 characters of the password anyway. A day of cracking, maybe two, and I’d be back in business. It was not to be. Then my fuzzy memory suggested I might be missing as much as 6 characters. If that be the case, by sheer math, at least multiple decades worth of cracking would be necessary at current speed. Time for Plan C. Twitter.
Having ~15,000 followers interested in computer security has its perks. Through the years I’ve come to expect a good percentage of them have a stinging sense of humor. Similar to the Google search, 99% of the responses received were sarcastic. This included one such retort from a friend who works in law enforcement computer forensics. I’m sure some tweets were funny, but I was in no laughing mood. I was freaked. A sense of futility and finality was setting in.
That was until Solar Designer, gat3way, Dhiru Kholia, and Magnum, the guys behind the infamous John the Ripper (JtR) password cracker answered my plea. Then Jeremi Gosney of Stricture Consulting Group graciously offered up the use of his mega hash cracking computing resources as well. You remember Stricture from their Ars article, they have an insane “25-GPU cluster cracks every standard Windows password in < 6 hours.” Collectively, these guys are the amongst the world’s foremost experts in password cracking. If they can’t help, no one can. No joking around, they immediately dove right in. Spotify download mac.
Now, I couldn’t just share out my DMG for others to attempt to crack. Its enormous size basically precluded that. But even if I could, I wouldn’t. Given the sensitive nature of the data, I actually preferred the data lost than suffer any risk of a leak. Fortunately, JtR has something called dmg2john. dmg2john scrapes the DMG and provides output which can be cracked with JtR by others without putting the data at risk. Nice! Unfortunately, when I got there, dmg2john and JtR were broken when it came to DMGs. I provided the bug details to john-dev and john-users mailing list to replicate. The JtR developers had the issues fixed in a couple days. These guys are awesome.
Next step, send the dmg2john output of my DMG over to Jeremi at Stricture along with everything I think I remember about what my password might have been. Jeremi informs me of the next challenge, he’s only able to crack my DMG at a speed of ~100 c/s! At that rate it’s going to take a little over a decade worth of cracking to exhaust the password key space. I’m thinking this is very odd, it’s only maybe 6 extra characters tops. Jeremi explains why…
Recover Encrypted Password On Iphone
The reason it’s so slow is because your AES256-encrypted DMG uses 250,000 rounds of PBKDF2-HMAC-SHA-1 to generate the encryption key. The ludicrous round count makes it extremely computationally expensive, slowing down the HMAC-SHA1 process by a factor of 250,000.
My Xeon X7350 can crack a single round of HMAC-SHA1 at a rate of 9.3 million hashes per second. But since we are using 250,000 rounds, it means I was reduced to doing ~ 37 hashes per second. Using all four processors I was only able to pull about 104 hashes per second total (doesn’t scale perfectly.)
Once understanding this, Jeremi begins asking for more information about what the extra six or so characters in my password might have been. We’re they all upper and lower case characters? What about digits? Any special characters? Which characters were most likely used, or not used? Ever bit of intel helped a lot. We managed to whittle down an in initial 41106759720 possible password combinations to 22472. This meant the total amount of time required to crack the DMG was reduced to 3.5 minutes on his rig.
Forgot Password To Encrypted Dmg Download
Subsequently, Jeremi sent me what had to be one the most relieving and frightening emails I’ve ever received in my life. Relieving because I recognized the password immediately upon sight. I knew it was right, but my anxiety level remained at 10 until typing it in and seeing it work. I hadn’t touched my precious data in weeks! It was a tender moment, but also frightening because, well, no security professional is ever comfortable seeing such a prized password emailed to them from someone else. When/if that happens, it typically means you are hacked and another pain awaits.
Interestingly, in living out this nightmare, I learned A LOT I didn’t know about password cracking, storage, and complexity. I’ve come to appreciate why password storage is ever so much more important than password complexity. If you don’t know how your password is stored, then all you really can depend upon is complexity. This might be common knowledge to password and crypto pros, but for the average InfoSec or Web Security expert, I highly doubt it.
Now, after telling everyone a few of my best tricks and enduring an awful deficiency in one of them, I’ll obviously have to change things up a bit. Clearly I need paper backup, and thinking maybe about giving it to my attorney for safekeeping where it’ll enjoy legal privilege protection. We’ll see.
Forgot Encrypted Backup Password On Itunes
In the meantime, I can’t thank the John the Ripper guys and Jeremi from Stricture Consulting enough. If you need a password cracked, for personal and professional reasons, this is where you look to.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |