Apple iPhone Root Password and Mobile User Password
You must be wondering why the heck is there a master root password for a phone? But obviously this is what contained inside the Apple iPhone, the password for root, commonly known as super user with ultimate administration privileges on Linux or Unix based systems, and mobile user account for the operating system that runs iPhone, a power smartphone. Hackers had managed to crack and decrypt the password from the firmware files of iPhone. What a joke is that, so far no obvious and easy way to use these passwords in useful way yet.
The passwords were extracted from an official Apple iPhone restore image, which you can download for free. To extract and see its contents, rename the file to .zip extension and then unpack it. The archive contains two .dmg disk images: a password encrypted system image 694-5262-39.dmg and an unencrypted user image 694-5259-38.dmg. Hacker managed to discover from the unencrypted image that all iPhones shipped with predefined passwords to ‘root’ and ‘mobile’ accounts, complete with the passwords hashes which is encrypted with insecure 64-bits encryption system. This is enough for password cracking utility such as John the Ripper, commonly used to recover Windows password to reveal the actual decrypted password for root and mobile account.
So now we have the password for these 2 accounts in iPhone firmware, both a simple 6 letter words in all lower case characters
root: alpine
mobile: dottie
But what’s next? Nobody knows how to use these passwords yet, as iPhone has no console or terminal access, and runs no service such as SSH, so there is no way to log in as either account. May be hackers can run the iPhone restore image in virtual image to simulate an iPhone to further crack the firmware to unveil hidden features or functionalities, or add in more software, and then repack the restore image to flash into iPhone. But at this technical level, the hackers will be easily gain access into internal structure of iPhone without the cracked passwords.
So meanwhile, just keep the 2 passwords for root and mobile, just in case iPhone crackers really make some headway, or there is surprise from Apple.
Share and contribute or get technical support and help at My Digital Life Forums.
Related Articles
- Disable Direct Root Login and User Access via SSH to Server
- Reset the Root Password of MySQL Server
- Change and Reset MySQL root Password
- Change Oracle Database User Password
- PCLoginNow (PC Login Now) Free Download to Reset Windows Admin or User Password
- Apple Announces iPhone, Apple TV
- How to Emulate iPhone (Change User Agent) in Safari and Firefox Web Browser
- iPhone: Cisco vs Apple
- Apple iPhone Self Battery Replacement Kit
- AT&T Subsidies Apple with $325 per Each 3G iPhone Sold
Entries (RSS)
September 26th, 2008 20:48
ora si puo’ usare la password: installando openssh su iphone รจ possibile accedervi via shh appunto!
October 7th, 2008 01:33
If anyone cares: the above passwords are also valid for iPhone firmware 2.1, released in September 2008.