Apple iPhone Root Password and Mobile User Password

You must be wondering why the heck is there a master root password for a phone? But obviously this is what contained inside the Apple iPhone, the password for root, commonly known as super user with ultimate administration privileges on Linux or Unix based systems, and mobile user account for the operating system that runs iPhone, a power smartphone. Hackers had managed to crack and decrypt the password from the firmware files of iPhone. What a joke is that, so far no obvious and easy way to use these passwords in useful way yet.

The passwords were extracted from an official Apple iPhone restore image, which you can download for free. To extract and see its contents, rename the file to .zip extension and then unpack it. The archive contains two .dmg disk images: a password encrypted system image 694-5262-39.dmg and an unencrypted user image 694-5259-38.dmg. Hacker managed to discover from the unencrypted image that all iPhones shipped with predefined passwords to ‘root’ and ‘mobile’ accounts, complete with the passwords hashes which is encrypted with insecure 64-bits encryption system. This is enough for password cracking utility such as John the Ripper, commonly used to recover Windows password to reveal the actual decrypted password for root and mobile account.

So now we have the password for these 2 accounts in iPhone firmware, both a simple 6 letter words in all lower case characters

root: alpine
mobile: dottie

But what’s next? Nobody knows how to use these passwords yet, as iPhone has no console or terminal access, and runs no service such as SSH, so there is no way to log in as either account. May be hackers can run the iPhone restore image in virtual image to simulate an iPhone to further crack the firmware to unveil hidden features or functionalities, or add in more software, and then repack the restore image to flash into iPhone. But at this technical level, the hackers will be easily gain access into internal structure of iPhone without the cracked passwords.

So meanwhile, just keep the 2 passwords for root and mobile, just in case iPhone crackers really make some headway, or there is surprise from Apple.


7 Responses to “Apple iPhone Root Password and Mobile User Password”

  1. Cydia: The iPhone “Get out of jail free” card | TeleRead: Bring the E-Books Home
    August 8th, 2009 09:52
    7

    [...] It is possible to install OpenSSH, so that the device can be ssh’d to or from, allowing power users to run programs on the iPhone or iPod Touch via a connection from a desktop computer. (The root and user passwords for the devices are widely known.) [...]

  2. Asher Saeed
    May 27th, 2009 21:45
    6

    These passwords ARE needed, if you know how to SSH into your iphone/ipod, you will need these passwords to login.

    No mystery about it.

  3. conor
    May 5th, 2009 06:48
    5

    Actually there is a terminal application available for the iPhone. And these passwords worked for me when using that application.

    The project homepage for mobile terminal is below and it is available for download through cydia.

    http://code.google.com/p/mobileterminal/

  4. maaaatteo
    February 24th, 2009 20:46
    4

    oh, i’m using firmware 2.1 :)

  5. maaaatteo
    February 24th, 2009 20:45
    3

    i can access through ssh using “root” and “alpine”, but not using “mobile” and “dottie”.

    is this normal? here’s my /etc/ssh/sshd_config,
    but i cannot find a line for “allowed users” or something lije that..


    # $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2

    # HostKey for protocol version 1
    HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 768

    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6

    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys

    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no

    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes

    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    #UsePAM no

    #AllowTcpForwarding yes
    GatewayPorts clientspecified
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    UsePrivilegeSeparation no
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    UseDNS no
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no

    # no default banner path
    #Banner /some/path

    # override default of no subsystems
    Subsystem sftp /usr/libexec/sftp-server

    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server

  6. monkey
    October 7th, 2008 01:33
    2

    If anyone cares: the above passwords are also valid for iPhone firmware 2.1, released in September 2008.

  7. HyperLink
    September 26th, 2008 20:48
    1

    ora si puo’ usare la password: installando openssh su iphone è possibile accedervi via shh appunto!

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to comments feature has been disabled. To receive notification of latest comments posted, subscribe to My Digital Life Comments RSS feed or register to receive new comments in daily email digest.
Custom Search

New Articles

Incoming Search Terms for the Article

iphone default password - iphone root password - iphone mobile password - iphone ssh password - iphone default root password - iphone password - change iphone password - iphone default ssh password - iphone ssh root password - default iphone password - iphone ssh default password - change root password iphone - default iphone root password - change root password openssh iphone - default root password iphone - iphone change root password - root password iphone - Password iphone - default ssh password iphone - iphone mobile user password - SSH iphone password - how to change iphone password - ssh password iphone - change iphone root password - change default iphone password - default iphone ssh password - changing iphone password - default password iphone - iphone password mobile - iphone change password - how to change iphone root password - change password iphone - iphone change mobile password - change iPhone default password - iphone default passwords - change default ssh password iphone - iphone su password - change default password iphone - iphone change default ssh password - how to change iphone default password - how to change root password on iphone - iphone change default password - ssh iphone root password - mobile password iphone - iphone user password - iphone default password ssh - change password on iphone - default password for iphone - iphone forgot password - iphone root -