14 DAY TRIAL // A software-based method has been developed for learning the security passcode for iPhone devices that are jailbroken, allowing an individual to unlock them in a maximum of 14 hours.
Depending on the defined code, the time required for learning the protective 4 digits can be lower than this, though.
Hardware approach unlocks iOS device in up to 111 hours
A previous procedure was disclosed a couple of weeks ago, involving a hardware device that could achieve the same results, but on non-jailbroken devices, too, the total period of time estimated being about 111 hours; again, the code (0000 through 9999) may be identified sooner than this.
The process takes this long because Apple added brute-force protection for its devices and only 10 wrong PINs can be attempted before the product gets disabled, making it unusable.
However, by disconnecting the power of the device, a reset is produced, allowing for other codes to be tried. By some rough calculation, each PIN entry takes about 40 seconds.
Software library bypasses the 10 failed attempts restriction
iOS jailbreaker Majd Alfhaily published TransLock under the GNU public license on Monday, a software library that injects into SpringBoard, the app that manages the home screen on iOS devices, which is protected by the four-digit PIN.
By observing the operating system activity generated when entering a code, Alfhaily managed to find a workaround that would allow TransLock a much faster operation. This was achieved by hooking the “SBFDeviceLockController” class and overriding the return value for the methods used, setting them to “No.”
This resulted in the possibility to try a PIN every five seconds, since the device no longer disables the passcode entry after 10 failed attempts, which amounts to a maximum unlock time of 14 hours.
The only prerequisite is that the device be jailbroken in order to achieve execution privilege of unsigned code.
Alfhaily says that he is working on a utility for Mac that automates the entire procedure and delivers TransLock to the targeted device via USB.
The developer created a video that demonstrates the success of TransLock:
