Hacker Chronic Clears Up Misconceptions About Two-Minute iPhone Passcode Cracking Claims

iPhone Passcode

Last week, a Swedish company - Micro Systemation claimed that they had developed an application called XRY that is used by law enforcement to access information from passcode protected iPhones and Android based smartphones of criminal suspects or military detainees.

They also published a video, which suggested that it was very easy to crack iPhone’s passcode.

iOS hacker and developer – Chronic has written a blog post to clear up misconceptions. He explains that application like XRY are utilizing exploits used in jailbreak tools:

They do not use anything special that is “similar to” the exploits used in jailbreak programs; They are simply loading a custom ramdisk by utilizing the publicly available “limera1n” exploit by George Hotz. The ramdisk isn’t even very special, because anyone could put together their own using open source tools. The only “special” thing XRY has done is create a tool that is simple enough to be utilized by LE personnel.

He also clarifies that the “limera1n” exploit used by applications like XRY was patched by Apple in the A5 chip, which powers iPad 2 and iPhone 4S and also A5X chip that powers iPad 3,, which was also pointed out by our reader Sghfdhh in the original post.

The simplest way to “thwart” the use of this software on your phone would be to get the latest model, because (as people who are familiar with jailbreaking know) the limera1n exploit is fixed in the bootrom of the A5 (iPad 2 and iPhone 4S) as well as the A5X (iPad 3) chip.

Chronic also points out that it was possible to crack the passcode in 2 minutes as the passcode used in the video was 0000. As we had pointed out, you can make it tougher to crack the passcode by using one that is long, has letters, punctuation, symbols, and numbers (Settings -> General -> Passcode Lock -> Turn off the Simple Passcode toggle -> enter a new passcode).

Not surprisingly, Micro Systemation has pulled the “we can crack the passcode in 2 minutes” video from YouTube.

Like this post? Share it!

  • Dan

    Informative! Thanks.

  • pakaku

    What if you set your iPhone to wipe all data after ten tries? Did they cover that somewhere?

    • Sghdfdhh

      That would only thwart them someone else enters ten wrong guesses before they hook your iPhone up to a PC and exploit it. This exploit doesn’t use the logon screen and thus doesn’t trigger the wipe.

      Find My iPhone’s remote wipe will work (if done in time) because that deletes the key hashes this exploit is trying to brute force.

      Using a strong password (for instance one generated by apg on a machine with working random numbers) is a much better solution. If your password is 8-10 letters and numbers, and the only place in the universe it exists is inside your head, then your adversary is more likely to win the lottery on consecutive weeks than guess your password.

  • http://www.motorbeam.com/ fas

    What is Apple doing?

    • http://www.iPhoneForums.net JDogg

      What is Apple doing about what?!?