Reset your forgotten iPhone4 SSH password.

Wonderful, I SSH’d to my iPhone 4 this morning to find out I forgot the mobile and root account passwords. Not to worry! We can fix this!

Ok this is relatively simple the only problem I ran into was that MobileTerminal crashes under iOS4 so I had to figure out another way to edit the files in question as well as come up with the crypto hashes, but lets not get ahead of ourselves.

First we need to make some backups, PLEASE PLEASE PLEASE do not skip this part!There is a potential to really screw things up if you make a mistake and have a backup. Its easy to correct by restoring the original file. Proceed at your own risk if I outline something here you do not understand find someone who is more versed in unix to assist you, or shoot me an email and I’ll do my best to help you out.

Since we cant use MobileTerminal we need another way, head into the Cydia Store and find an application called iFile and install it to your device. Fire up iFile and browse to /etc you can do this by clicking the button in the top left until your at the root of the filesystem / then finding the etc folder and clicking it.

Now find the file master.passwd, don’t open it yet, we first need to make that backup click the edit button in the top right of the screen and select the master.passwd file, there will be a red checkmark showing you have it selected, now hit the button in the bottom right (the arrow coming out of the box). And select Copy/Link. You now have the file copied to iFile’s clipboard, click the done button (top right). Followed by the home button, (little house 2nd from right on the bottom).

Hit the edit button again but before you select anything click the bottom right button (the arrow coming out of the box) and click Paste. We now have our backup.

Navigate back to the /etc folder. open up the master.passwd file the 2 lines we are interested in are:

root:UI48wgPSS/M1k:0:0::0:0:System Administrator:/var/root:/bin/sh
mobile:UI48wgPSS/M1k:501:501::0:0:Mobile User:/var/mobile:/bin/sh

Before you go thinking you have my Hashes I’ve replaced both of them with the hash for the Password of Password1 (not my password).

To get new hashes we need to generate one, head over to functions-online.com’s crypt function: http://www.functions-online.com/crypt.html

$str is your new password
$salt is an optional string to base the hashing on, when I first learned this I was taught to use a salt of ‘Ul’ others might work but I’ve always stuck with Ul since I know it works. generate your new passwords and then get them onto your device somehow, I used http://myphonedesktop.com/ which allows me to transfer things (images, text etc) to my phone pretty easy. you could also simply generate the crypto hash in MobileSafari on your phone then simply copy paste it over, you want to replace the part between the
::’s I;ve highlighted it for you. now just save the file and SSH to your phone with your new password.

root:UI48wgPSS/M1k:0:0::0:0:System Administrator:/var/root:/bin/sh
mobile:UI48wgPSS/M1k:501:501::0:0:Mobile User:/var/mobile:/bin/sh

If it still does not work we should restore your backup from the mobile users home directory (/var/mobile/master.passwd) back over the /etc/master.passwd file and try again.

This works because most applications on the iPhone are executed with root permissions giving the iFile application the ability to edit a file only the root user should have access to. this is also why its very important to always reset your password if your going to jailbreak your iPhone. all it takes is someone sniffing out your iPhone on an open wifi and figuring out they can use the default password of ‘alpine’ to get full access to your device while its in your pocket.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1KjVEx57oCL7Exuc6RCuVPhbPaWC4E34ba

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

Leave a Reply