Posts Tagged ‘EDPR’

Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)

Wednesday, June 8th, 2016

Investigators start seeing BitLocker encrypted volumes more and more often, yet computer users themselves may be genuinely unaware of the fact they’ve been encrypting their disk all along. How can you break into BitLocker encryption? Do you have to brute-force the password, or is there a quick hack to exploit?

We did our research, and are ready to share our findings. Due to the sheer amount of information, we had to break this publication into two parts. In today’s Part I, we’ll discuss the possibility of using a backdoor to hack our way into BitLocker. This publication will be followed by Part II, in which we’ll discuss brute-force possibilities if access to encrypted information through the backdoor is not available. (more…)

Elcomsoft Distributed Password Recovery Updated with OS X Keychain Support and Enhanced GPU Acceleration

Thursday, November 26th, 2015

We’ve recently updated Elcomsoft Distributed Password Recovery, adding enhanced GPU-assisted recovery for many supported formats. In a word, the new release adds GPU-accelerated recovery for OS X keychain, triples BitLocker recovery speeds, improves W-Fi password recovery and enhances GPU acceleration support for Internet Key Exchange (IKE).


Elcomsoft Distributed Password Recovery Video Tutorial

Thursday, February 26th, 2015

Anyone considering the possibility to purchase Elcomsoft Distributed Password Recovery has a wonderful opportunity to explore the program together with Sethioz and get a clearer understanding of how the program works and what requires your special attention when you are using EDPR. This video assumes you are already familiar with basics of password cracking and suggests more information for your convenient work with the tool.

This is a very detailed tutorial showing how to prepare EDPR for work, which includes setting up connection between server and agents via local host or Internet, selecting the right IP address, paying attention to the fact that server’s and agent’s versions should be the same (users often neglect this fact), choosing a task, choosing the right attack options (they are all sufficiently explained), using side monitoring tools, checking your GPU temperature and utilization percentage on all connected computers and so on. So, let’s watch it now.

If you had any questions watching this video or would like to share your own experience using EDPR you are welcome to continue the topic here in comments.

Cracking Wi-Fi Passwords with Sethioz

Wednesday, February 18th, 2015

If you care about password cracking, hardware acceleration or Wi-Fi protection this interview with our friend Sethioz is certainly for you. Being currently a freelance security tester Sethioz kindly shared his experience in cracking passwords using video cards, which in its turn derived from his gaming interest in cards. His personal experience may be very helpful to those whose concern about password cracking is not trivial.

How did it all start or what was the reason to try to find a Wi-Fi password?

There is no short answer to this, if there would be, I guess it would be “curiosity”. I think I got my first computer somewhere in 2002-2003 (my own PC) and ever since I’ve been interested in everything that is not “normal”, such as reverse engineering, debugging, hacking games, cracking password etc. (more…)

Distributed Password Recovery: Faster, Smarter and Cost-Effective

Tuesday, February 3rd, 2015

We have just released a long-awaited update to one of our flagship products, Elcomsoft Distributed Password Recovery. While you can learn more about what’s been added and changed from our official announcement, in this post we’d like to share some insight about the path we took to design this update. (more…)

ElcomSoft Breaks Passwords Faster with NVIDIA Tesla K20 Acceleration

Tuesday, February 5th, 2013

We have just updated Advanced Office Password Recovery and Distributed Password Recovery with NVIDIA Tesla K20 support, enabling world’s fastest password recovery with NVIDIA’s latest supercomputing platform. Elcomsoft Advanced Office Password Recovery removes document restrictions and recovers passwords protecting Microsoft Office documents, while Elcomsoft Distributed Password Recovery can quickly break a wide range of passwords on multiple workstations with near zero scalability overhead.

GPU-accelerated password recovery dramatically reduces the time required to break long and complex passwords, offering more than 20-fold performance gain over CPU-only operations (compared to a quad-core Intel i7 CPU). NVIDIA’s latest Tesla K20 platform further increases the performance, delivering a nearly 1.5x performance increase compared to the use of a dual-core NVIDIA GeForce GTX 690 board.

A workstation equipped with an NVIDIA Tesla K20 unit can crunch as many as 27500 Office 2007 passwords per second, or 13500 passwords per second in the case of Microsoft Office 2010. In comparison, the next-best solution, a dual-core GeForce GTX 690 board, can try some 19000 Office 2007 or 9000 Office 2010 passwords per second.

The updated Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery now fully support the latest NVIDIA supercomputing hardware, enabling users to gain unrestricted access to many types of documents in far less time.

ElcomSoft Breaks Into MS Office 2013

Wednesday, September 26th, 2012

ElcomSoft has recently updated two products recovering Microsoft Office passwords with Office 2013 support. Elcomsoft Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery received the ability to recover plain-text passwords used to encrypt documents in Microsoft Office 2013 format. Initially, we are releasing a CPU-only implementation, with support for additional hardware accelerators such as ATI and NVIDIA video cards scheduled for a later date.

Stronger Protection

In version 2013, Microsoft used an even tighter encryption compared to the already strong Office 2010. To further strengthen the protection, Microsoft replaced SHA1 algorithm used for calculating hash values with a stronger and slower SHA512. In addition, the encryption key is now 256 bits long, while the previous versions of Microsoft Office were using ‘only’ 128 bits. While the length of the encryption key has no direct effect on the speed of password recovery, the slower and stronger hash calculation algorithm does. It’s obvious that Microsoft is dedicated to making subsequent Office releases more and more secure.

No Brute Force

While we continue supporting brute force attacks, brute force becomes less and less efficient with every new release of Microsoft Office even with full-blown hardware acceleration in place. Office 2013 sets a new standard in document encryption, pretty much taking brute force out of the question. This is why we continue relying on a variety of smart attacks that include a combination of dictionary attacks, masks and advanced permutations. Brute-forcing SHA512 hashes with 256-bit encryption key is a dead end. Smart password attacks are pretty much the only way to go with Office 2013.

Accelerating Password Recovery: the Addition of FPGA

Tuesday, July 17th, 2012

Back in 2008, ElcomSoft started using consumer-grade video cards to accelerate password recovery. The abilities of today’s GPU’s to perform massively parallel computations helped us greatly increase the speed of recovering passwords. Users of GPU-accelerated ElcomSoft password recovery tools were able to see the result 10 to 200 times (depending on system configuration) sooner than the users of competing, non-accelerated products.

Today, ElcomSoft introduced support for a new class of acceleration hardware: Field Programmable Gate Arrays (FPGAs) used by Pico Computing in its hardware acceleration modules. Two products have received the update: Elcomsoft Phone Password Breaker and Elcomsoft Wireless Security Auditor, enabling accelerated recovery of Wi-Fi WPA/WPA2 passwords as well as passwords protecting Apple and Blackberry offline backups. In near future, Pico FPGA support will be added to Elcomsoft Distributed Password Recovery.

With FPGA support, ElcomSoft products now support a wide range of hardware acceleration platforms including Pico FPGA’s, OpenCL compliant AMD video cards, Tableau TACC, and NVIDIA CUDA compatible hardware including conventional and enterprise-grade solutions such as Tesla and Fermi.

Hardware Acceleration of Password Recovery
Today, no serious forensic user will use a product relying solely on computer’s CPU. Clusters of GPU-accelerated workstations are employed to crack a wide range of passwords from those protecting office documents and databases to passwords protecting Wi-Fi communications as well as information stored in Apple and BlackBerry smartphones. But can consumer-grade video cards be called the definite ‘best’ solution?

GPU Acceleration: The Other Side of the Coin
Granted, high-end gaming video cards provide the best bang for the buck when it comes to buying teraflops. There’s simply no competition here. A cluster of 4 AMD or NVIDIA video cards installed in a single chassis can provide a computational equivalent of 500 or even 1000 dual-core CPU’s at a small fraction of the price, size and power consumption of similarly powerful workstation equipped only with CPU’s.

However, GPU’s used in video cards, including enterprise-grade solutions such as NVIDIA Tesla, are not optimized for the very specific purpose of recovering passwords. They still do orders of magnitude better than CPU’s, but if one’s looking for a solution that prioritizes absolute performance over price/performance, there are alternatives.

 How Would You Like Your Eggs?
A single top of the line video card such as AMD Radeon 7970 consumes about 300 W at top load. It generates so much heat you can literally fry an egg on it! A cluster of four gaming video cards installed into a single PC will suck power and generate so much heat that cooling becomes a serious issue.

Accelerating Password Recovery with FPGAs
High-performance password cracking can be achieved with other devices. Field Programmable Gate Arrays (FPGAs) will fit the bill just perfectly. A single 4U chassis with a cluster of FPGA’s installed can offer a computational equivalent of over 2,000 dual-core processors.

The power consumption of FPGA-based units is dramatically less than that of consumer video cards. For example, units such as Pico E-101 draw measly 2.5 W. FPGA-based solutions don’t even approach the level of power consumption and heat generation of gaming video cards, running much cooler and comprising a much more stable system.

GPU vs. FPGA Acceleration: The Battle
Both GPU and FPGA acceleration approaches have their pros and contras. The GPU approach offers the best value, delivering optimal price/performance ratio to savvy consumers and occasional users. Heavy users will have to deal with increased power consumption and heat generation of GPU clusters.

FPGA’s definitely cost more per teraflop of performance. However, they are better optimized for applications such as password recovery (as opposed to 3D and video calculations), delivering significantly better performance – in absolute terms – compared to GPU-accelerated systems. FPGA-based systems generate much less heat than GPU clusters, and consume significantly less power. In addition, an FPGA-based system fits perfectly into a single 4U chassis, allowing forensic users building racks stuffed with FPGA-based systems. This is the very reason why many government, intelligence, military and law enforcement agencies are choosing FPGA-based systems.