Apple iPhone Root Password and Mobile User Password
You must be wondering why the heck is there a master root password for a phone? But obviously this is what contained inside the Apple iPhone, the password for root, commonly known as super user with ultimate administration privileges on Linux or Unix based systems, and mobile user account for the operating system that runs iPhone, a power smartphone. Hackers had managed to crack and decrypt the password from the firmware files of iPhone. What a joke is that, so far no obvious and easy way to use these passwords in useful way yet.
The passwords were extracted from an official Apple iPhone restore image, which you can download for free. To extract and see its contents, rename the file to .zip extension and then unpack it. The archive contains two .dmg disk images: a password encrypted system image 694-5262-39.dmg and an unencrypted user image 694-5259-38.dmg. Hacker managed to discover from the unencrypted image that all iPhones shipped with predefined passwords to ‘root’ and ‘mobile’ accounts, complete with the passwords hashes which is encrypted with insecure 64-bits encryption system. This is enough for password cracking utility such as John the Ripper, commonly used to recover Windows password to reveal the actual decrypted password for root and mobile account.
So now we have the password for these 2 accounts in iPhone firmware, both a simple 6 letter words in all lower case characters
root: alpine
mobile: dottie
But what’s next? Nobody knows how to use these passwords yet, as iPhone has no console or terminal access, and runs no service such as SSH, so there is no way to log in as either account. May be hackers can run the iPhone restore image in virtual image to simulate an iPhone to further crack the firmware to unveil hidden features or functionalities, or add in more software, and then repack the restore image to flash into iPhone. But at this technical level, the hackers will be easily gain access into internal structure of iPhone without the cracked passwords.
So meanwhile, just keep the 2 passwords for root and mobile, just in case iPhone crackers really make some headway, or there is surprise from Apple.
Related Articles
- Disable Direct Root Login and User Access via SSH to Server
- Change and Reset MySQL root Password
- Reset the Root Password of MySQL Server
- PCLoginNow (PC Login Now) Free Download to Reset Windows Admin or User Password
- Change Oracle Database User Password
- Yahoo!Mobile For Mobile Web and Apple iPhone App
- Reset and Change Windows NT/2000 Administrator or User Password with chntpw in Linux
- Create a Secure and Strong Password using Password Chart
- How to Get Linux Server Sends Email Alert on Root Login
- Apple Announces iPhone 1.1.3 Software Update
Entries (RSS)
August 8th, 2009 09:52
[...] It is possible to install OpenSSH, so that the device can be ssh’d to or from, allowing power users to run programs on the iPhone or iPod Touch via a connection from a desktop computer. (The root and user passwords for the devices are widely known.) [...]
May 27th, 2009 21:45
These passwords ARE needed, if you know how to SSH into your iphone/ipod, you will need these passwords to login.
No mystery about it.
May 5th, 2009 06:48
Actually there is a terminal application available for the iPhone. And these passwords worked for me when using that application.
The project homepage for mobile terminal is below and it is available for download through cydia.
http://code.google.com/p/mobileterminal/
February 24th, 2009 20:46
oh, i’m using firmware 2.1
February 24th, 2009 20:45
i can access through ssh using “root” and “alpine”, but not using “mobile” and “dottie”.
is this normal? here’s my /etc/ssh/sshd_config,
but i cannot find a line for “allowed users” or something lije that..
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowTcpForwarding yes
GatewayPorts clientspecified
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
October 7th, 2008 01:33
If anyone cares: the above passwords are also valid for iPhone firmware 2.1, released in September 2008.
September 26th, 2008 20:48
ora si puo’ usare la password: installando openssh su iphone è possibile accedervi via shh appunto!