Lesson Learned: I chose a bad site name fully expecting Apple to change their restrictions code hashing algorithm in the next iOS version... But this site works for iOS 7, 8, and 9!
Special thanks to these folks: Hashcat and John the Ripper who figured out the encryption scheme & a way to break it VERY FAST!
This is a much slower way, but accessible by all through a simple webpage!
I am hosting the code on GitHub so you can help make it better!
iOS7+ encrypts the Restrictions Passcode using pbkdf2-hmac-sha1, which is quite strong!
The problem is that the keyspace (0000 to 9999) is very small!
To speed up the search, you can open multiple windows and use different starting & ending codes.
If this site helps you or you have questions, let me know: ios7hash (at) derson.us
You will need access to iOS backup files or a jailbroken device to find the encrypted keys.
From a jailbroken device, you need this file: com.apple.restrictionspassword.plist
On Windows or a Mac, the file can be found in an unencrypted iTunes backup of your device:
On Windows, the file is located here: "%AppData%\Apple Computer\MobileSync\Backup\" xxxRandomxxx\
Mac: ~/Library/Application Support/MobileSync/Backup/ where the "~" represents your Home folder.
-- note, if you don't see Library in your Home folder, hold Option and click the Go menu.
The file you need has this crazy name: 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b
If your backups are encrypted, there are other tools that can open the encrypted files...
Within that file, you should find text like this:
The key is: M/p4734c8/SOXZnGgZot+BciAW0= and the salt is: aSbUXg== You can copy & paste these keys above to watch the script work. (hint: 0001)
The script will automatically stop & a pop-up will appear with your code.
If you have questions or need additional directions, check out a great blog by nbalkota.
There are many tools available to read/decrypt iTunes backups, search Google.
My favorite is iBackupBot because it has a built in viewer & can decrypt backups.