iOS Restrictions Passcode Cracker
A JavaScript implementation using CryptoJS
http://code.google.com/p/crypto-js/

Lesson Learned: I chose a bad site name fully expecting Apple to change their restrictions code hashing algorithm in the next iOS version... But this site works for iOS 8 as well as iOS 7! Thanks to you early adopters for letting me know!

Special thanks to these folks: Hashcat and John the Ripper
who figured out the encryption scheme & a way to break it VERY FAST!
This is a much slower way, but accessible by all through a simple webpage!

I am hosting the code on GitHub so you can help make it better!

iOS7 encrypts the Restrictions Passcode using pbkdf2-hmac-sha1, which is quite strong!
The problem is that the keyspace (0000 to 9999) is very small!

NOTE: Nothing is trasmitted to the server, Javascript does all the work within your browser.
To speed up the search, you can open multiple windows and use different starting & ending codes.

RestrictionsPasswordKey:
RestrictionsPasswordSalt:
Starting Passcode: Last Search Code:

Notes:

If this site helps you or you have questions, let me know: ios7hash (at) derson.us

You will need access to iOS backup files or a jailbroken device to find these keys.
From a jailbroken device, you need this file: com.apple.restrictionspassword.plist

On Windows or a Mac, the file can be found in an unencrypted iTunes backup of your device:
On Windows, the file is located here: "%AppData%\Apple Computer\MobileSync\Backup\" xxxRandomxxx\
Mac: ~/Library/Application Support/MobileSync/Backup/ where the "~" represents your Home folder.
-- note, if you don't see Library in your Home folder, hold Option and click the Go menu.
The file you need has this crazy name: 398bc9c2aeeab4cb0c12ada0f52eea12cf14f40b

If your backups are encrypted, there are other tools that can open the encrypted files...

Within that file, you should find text like this: <dict> <key>RestrictionsPasswordKey</key> <data> M/p4734c8/SOXZnGgZot+BciAW0= </data> <key>RestrictionsPasswordSalt</key> <data> aSbUXg== </data> </dict> The key is: M/p4734c8/SOXZnGgZot+BciAW0= and the salt is: aSbUXg==
You can copy & paste these keys above to watch the script work. (hint: 0001)

If you are having issues and are looking for more directions, check out a great blog by nbalkota.

There are many tools available to read/decrypt iTunes backups, search Google.
My favorite is iBackupBot because it has a built in viewer & can decrypt backups.