You must be wondering why the heck is there a master root password for a phone? But obviously this is what contained inside the Apple iPhone, the password for root, commonly known as super user with ultimate administration privileges on Linux or Unix based systems, and mobile user account for the operating system that runs iPhone, a power smartphone. Hackers had managed to crack and decrypt the password from the firmware files of iPhone. What a joke is that, so far no obvious and easy way to use these passwords in useful way yet.

The passwords were extracted from an official Apple iPhone restore image, which you can download for free. To extract and see its contents, rename the file to .zip extension and then unpack it. The archive contains two .dmg disk images: a password encrypted system image 694-5262-39.dmg and an unencrypted user image 694-5259-38.dmg. Hacker managed to discover from the unencrypted image that all iPhones shipped with predefined passwords to ‘root’ and ‘mobile’ accounts, complete with the passwords hashes which is encrypted with insecure 64-bits encryption system. This is enough for password cracking utility such as John the Ripper, commonly used to recover Windows password to reveal the actual decrypted password for root and mobile account.

So now we have the password for these 2 accounts in iPhone firmware, both a simple 6 letter words in all lower case characters

root: alpine
mobile: dottie

But what’s next? Nobody knows how to use these passwords yet, as iPhone has no console or terminal access, and runs no service such as SSH, so there is no way to log in as either account. May be hackers can run the iPhone restore image in virtual image to simulate an iPhone to further crack the firmware to unveil hidden features or functionalities, or add in more software, and then repack the restore image to flash into iPhone. But at this technical level, the hackers will be easily gain access into internal structure of iPhone without the cracked passwords.

So meanwhile, just keep the 2 passwords for root and mobile, just in case iPhone crackers really make some headway, or there is surprise from Apple.