Posts Tagged ‘EPPB’

Acquiring 64-bit Apple Devices

Monday, November 23rd, 2015

Last week we released the second version of Elcomsoft iOS Forensic Toolkit, our physical acquisition tool for iPhones and iPads. For the first time ever, the toolkit comes with the ability to acquire information from jailbroken 64-bit iPhones such as Apple iPhone 5S, 6/6S/Plus, and 64-bit iPads including iPad mini 2-4, iPad Air/Air2 and iPad Pro.

The 64-bit acquisition process differs significantly from the old methods we used to extract data from 32-bit devices. The new method is backward compatible with 32-bit iPhones and iPads; however, if you have a choice, we recommend sticking with the old and proven acquisition routine if you’ve got a 32-bit iPhone to extract.

Important note: a working jailbreak is absolutely mandatory for the new acquisition process to work.

If you don’t want the theory, you may skip directly to the step-by-step guide to physical acquisition for 64-bit devices. (more…)

Elcomsoft Phone Viewer: iOS 9, Media Gallery and Location Tracking

Wednesday, November 11th, 2015

We’ve just released the first major update to Elcomsoft Phone Viewer, our lightweight forensic tool for glancing over data extracted from mobile devices. Boosting version number to 2.0, we added quite a lot of things, making it a highly recommended update.

So what’s new in Phone Viewer 2.0? Improved compatibility with full support for iOS 9 backups (both local and iCloud). Support for media files (pictures and videos) with thumbnail gallery and built-in viewer. EXIF parsing and filtering with geolocation extraction and mapping. These things greatly enhance usage experience and add the ability to track subject’s coordinates on the map based on location data extracted from the images captured with their smartphone.


Breaking Into iCloud: No Password Required

Tuesday, June 17th, 2014

With little news on physical acquisition of the newer iPhones, we made every effort to explore the alternatives. One of the alternatives to physical acquisition is over-the-air acquisition from Apple iCloud, allowing investigators accessing cloud backups stored in the cloud. While this is old news (we learned to download data from iCloud more than two years ago), this time we have something completely different: access to iCloud backups without a password! The latest release of Phone Password Breaker is all about password-free acquisition of iCloud backups. (more…)

Phone Password Breaker with all-new UI, BlackBerry 10 support, and downloading Windows Phone 8 data from the cloud

Thursday, May 8th, 2014

This time, we are updating our bread-and-butter mobile forensic tool, Elcomsoft Phone Password Breaker, to version 3.0 (beta). This new version has many things that are new or have changed. Let’s see what’s new, and why. (more…)

Elcomsoft Phone Password Breaker Enhances iCloud Forensics and Speeds Up Investigations

Thursday, August 22nd, 2013

It’s been a while since we updated Elcomsoft Phone Password Breaker, dedicating our efforts to physical acquisition of iOS devices instead. Well, now when the new iOS Forensic Toolkit is out, it is time to update our classic phone recovery tool.

The new version of Elcomsoft Phone Password Breaker is released! While you can read an official press-release to get an idea of what’s new and updated, you may as well keep reading this blog post to learn not only what is updated, but also why we did it.

Dedicated to iCloud Forensics

This new release is more or less completely dedicated to enhancing support for remote recovery of iOS devices via iCloud. Why do it this way?

Because iCloud analysis remains one of the most convenient ways to acquire iOS devices. You can read more about iCloud analysis in a previous post here. Let’s see what else is available.


iCloud backups inside out

Monday, February 25th, 2013

It’s been a while since we released the new version of Elcomsoft Phone Password Breaker that allows downloading backups from iCloud (read the press release). Many customers all over the world are already using this new feature intensively, but we still get many questions about its benefits, examples of cases when it can be used and how to use it properly. We also noticed many ironic comments in different forums (mostly from users without any experience in using iOS devices and so have no idea what iCloud backups actually are, I guess), saying that there is nothing really new or interesting there, because anyone with Apple ID and password can access the data stored in iCloud backup anyway.

Well, it seems some further explanation is needed. If you are already using EPPB (and this feature in particular) you will find some useful tips for future interaction with iCloud, or even if you don’t have an iOS device (you loser! just kidding :)) please go ahead and learn how iCloud can be helpful and dangerous at the same time. (more…)

Accelerating Password Recovery: the Addition of FPGA

Tuesday, July 17th, 2012

Back in 2008, ElcomSoft started using consumer-grade video cards to accelerate password recovery. The abilities of today’s GPU’s to perform massively parallel computations helped us greatly increase the speed of recovering passwords. Users of GPU-accelerated ElcomSoft password recovery tools were able to see the result 10 to 200 times (depending on system configuration) sooner than the users of competing, non-accelerated products.

Today, ElcomSoft introduced support for a new class of acceleration hardware: Field Programmable Gate Arrays (FPGAs) used by Pico Computing in its hardware acceleration modules. Two products have received the update: Elcomsoft Phone Password Breaker and Elcomsoft Wireless Security Auditor, enabling accelerated recovery of Wi-Fi WPA/WPA2 passwords as well as passwords protecting Apple and Blackberry offline backups. In near future, Pico FPGA support will be added to Elcomsoft Distributed Password Recovery.

With FPGA support, ElcomSoft products now support a wide range of hardware acceleration platforms including Pico FPGA’s, OpenCL compliant AMD video cards, Tableau TACC, and NVIDIA CUDA compatible hardware including conventional and enterprise-grade solutions such as Tesla and Fermi.

Hardware Acceleration of Password Recovery
Today, no serious forensic user will use a product relying solely on computer’s CPU. Clusters of GPU-accelerated workstations are employed to crack a wide range of passwords from those protecting office documents and databases to passwords protecting Wi-Fi communications as well as information stored in Apple and BlackBerry smartphones. But can consumer-grade video cards be called the definite ‘best’ solution?

GPU Acceleration: The Other Side of the Coin
Granted, high-end gaming video cards provide the best bang for the buck when it comes to buying teraflops. There’s simply no competition here. A cluster of 4 AMD or NVIDIA video cards installed in a single chassis can provide a computational equivalent of 500 or even 1000 dual-core CPU’s at a small fraction of the price, size and power consumption of similarly powerful workstation equipped only with CPU’s.

However, GPU’s used in video cards, including enterprise-grade solutions such as NVIDIA Tesla, are not optimized for the very specific purpose of recovering passwords. They still do orders of magnitude better than CPU’s, but if one’s looking for a solution that prioritizes absolute performance over price/performance, there are alternatives.

 How Would You Like Your Eggs?
A single top of the line video card such as AMD Radeon 7970 consumes about 300 W at top load. It generates so much heat you can literally fry an egg on it! A cluster of four gaming video cards installed into a single PC will suck power and generate so much heat that cooling becomes a serious issue.

Accelerating Password Recovery with FPGAs
High-performance password cracking can be achieved with other devices. Field Programmable Gate Arrays (FPGAs) will fit the bill just perfectly. A single 4U chassis with a cluster of FPGA’s installed can offer a computational equivalent of over 2,000 dual-core processors.

The power consumption of FPGA-based units is dramatically less than that of consumer video cards. For example, units such as Pico E-101 draw measly 2.5 W. FPGA-based solutions don’t even approach the level of power consumption and heat generation of gaming video cards, running much cooler and comprising a much more stable system.

GPU vs. FPGA Acceleration: The Battle
Both GPU and FPGA acceleration approaches have their pros and contras. The GPU approach offers the best value, delivering optimal price/performance ratio to savvy consumers and occasional users. Heavy users will have to deal with increased power consumption and heat generation of GPU clusters.

FPGA’s definitely cost more per teraflop of performance. However, they are better optimized for applications such as password recovery (as opposed to 3D and video calculations), delivering significantly better performance – in absolute terms – compared to GPU-accelerated systems. FPGA-based systems generate much less heat than GPU clusters, and consume significantly less power. In addition, an FPGA-based system fits perfectly into a single 4U chassis, allowing forensic users building racks stuffed with FPGA-based systems. This is the very reason why many government, intelligence, military and law enforcement agencies are choosing FPGA-based systems.

Explaining that new iCloud feature

Tuesday, May 29th, 2012

It’s been almost two weeks since we have released updated version of Elcomsoft Phone Password Breaker that is capable of downloading backups from the iCloud and we have seen very diverse feedback ever since. Reading through some articles or forum threads it became quite evident that many just do not understand what we have actually done and what are the implications. So I am taking another try to clarify things.


Get More Apples :)

Wednesday, May 16th, 2012

Let’s play a game! Rules are simple – just try to catch as much apples as you can into your police cap. Good catchers will get 25% discount for the new version of Elcomsoft Phone Password Breaker. Your challenge is just 100 apples, so let’s play! :)

ElcomSoft Helps Investigate Crime Providing Yet Another Way to Break into iOS with iCloud Attack

Tuesday, May 15th, 2012


Elcomsoft Phone Password Breaker and Elcomsoft iOS Forensic Toolkit have been around for a while, acquiring user information from physical iPhone/iPad devices or recovering data from user-created offline backups. Both tools required the investigator to have access to the device itself, or at least accessing a PC with which the iOS device was synced at least once. This limited the tools’ applications to solving the already committed crime, but did little to prevent crime that’s just being planned.

The new addition to the family of iOS acquisition tools turns things upside down. Meet updated Elcomsoft Phone Password Breaker – a tool that can now retrieve information from suspects’ phones without them even noticing. The newly introduced attack does not need investigators to have access to the phone itself. It doesn’t even require access to offline backups produced by that phone. Instead, the new attack targets an online, remote storage provided by Apple. By attacking a remote storage, the updated tool makes it possible watching suspects’ iPhone activities with little delay and without alerting the suspects. In fact, the tool can retrieve information from the online storage without iPhone users even knowing, or having a chance to learn about the unusual activity on their account. (more…)