Problems with Apple iOS 10.2+ Backup Password Recovery

With its iOS 10.2 update released in 2016 Apple introduced some serious security measures to protect iOS backups from GPU-accelerated password recovery.

By adding 10 000 000 more iterations of PBKDF2 algorithm with SHA25 hashing to the previously used 10 000 iterations of PBKDF2/SHA1, Apple has greatly improved built-in brute-force protection to prevent an unauthorized user from trying to guess your passcodes.

The updated encryption algorithms dramatically slowed down password guessing attacks for iPhone/iPad backup passwords.

For example, programs of Passcovery Suite search iOS 10.2 backup passwords on AMD RX480 graphics card at 60 passwords per second, while in previous iOS editions the speed is 70 thousand passwords per second.
The speed of brute forcing has dropped several-fold.

That does not only concern Passcovery Suite, but all password recovery programs that support Apple iOS 10.2-13.x backup files. Such changes in performance are not due to program efficiency, but due to security improvement.

Increased amount of calculations in Passcovery Suite also affected the attack status saving function (.prs file).

Crack an Apple iOS backup passwords in Passcovery Suite
Fig. 1. CPU/GPU load during recovery of Apple iOS backup password

During preliminary computing of a data block (execution of 10M iterations of PBKDF2 algorithm for each password in the block) performed by graphics cards, there are no data to be saved in the program. The software can only save the attack status after processing the entire block and receiving results from GPU. If you interrupt the process, you will lose all data that have already been computed for this particular data block, and the search status file will only contain information about the previously checked block.

In the program interface, estimated calculation time of data block sent to GPU is indicated in brackets next to the entire range calculation time.

Apple was among the first to apply recommendations proposed in RFC 8018 (10M iterations for PBKDF2) and implement really die-hard protection of Apple iOS backup files.

This yet once again emphasized the importance of range customization options in password recovery programs. The key to successful recovery of Apple iOS backup file would be the ability to cut off necessary ranges and use the maximum speed possible with the existing hardware.

Passcovery Suite Solutions for Apple iOS Backup Files

Passcovery Suite is a universal GPU-accelerated program to recover passwords of popular file formats. Among its competitors, Passcovery demonstrates consistently high speed of brute force. Extra acceleration on AMD/NVIDIA graphics cards.

Supports Apple iOS 4.x-13.x backup files.

It offers the following range customization options:

  • Brute force with extended mask attack (allows to configure character sets individually for each position in the password)
  • Dictionary attack with mutations (allows you to combine up to 4 dictionaries and change passwords according to mutation rules)

More details and free demo:

Passcovery Suite Passcovery Suite
for Apple iOS backups, Microsoft Office, OpenOffice, LibreOffice, Adobe PDF files, Zip, RAR, TrueCrypt, WPA/WPA2
20.12 Download x86
(18784 Kb)
Download x64
(16212 Kb)