Lesson Learned: I chose a bad site name fully expecting Apple to change their restrictions code hashing algorithm in the next iOS version... But this site works for iOS 8 as well as iOS 7! Thanks to you early adopters for letting me know!
Special thanks to these folks: Hashcat and John the Ripper who figured out the encryption scheme & a way to break it VERY FAST!
This is a much slower way, but accessible by all through a simple webpage!
I am hosting the code on GitHub so you can help make it better!
iOS7 encrypts the Restrictions Passcode using pbkdf2-hmac-sha1, which is quite strong!
The problem is that the keyspace (0000 to 9999) is very small!
To speed up the search, you can open multiple windows and use different starting & ending codes.
If this site helps you or you have questions, let me know: ios7hash (at) derson.us
You will need access to iOS backup files or a jailbroken device to find these keys.
From a jailbroken device, you need this file: com.apple.restrictionspassword.plist
On Windows or a Mac, the file can be found in an unencrypted iTunes backup of your device:
On Windows, the file is located here: "%AppData%\Apple Computer\MobileSync\Backup\" xxxRandomxxx\
Mac: ~/Library/Application Support/MobileSync/Backup/ where the "~" represents your Home folder.
-- note, if you don't see Library in your Home folder, hold Option and click the Go menu.
The file you need has this crazy name: 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b
If your backups are encrypted, there are other tools that can open the encrypted files...
Within that file, you should find text like this:
The key is: M/p4734c8/SOXZnGgZot+BciAW0= and the salt is: aSbUXg== You can copy & paste these keys above to watch the script work. (hint: 0001)
If you are having issues and are looking for more directions, check out a great blog by nbalkota.
There are many tools available to read/decrypt iTunes backups, search Google.
My favorite is iBackupBot because it has a built in viewer & can decrypt backups.