Smartphone Forensics: Cracking BlackBerry Backup Passwords

September 30th, 2010 by Vladimir Katalov
Category: «Elcomsoft News», «Mobile», «Security»

BlackBerry dominates the North American smartphone market, enjoying almost 40 per cent market share. A 20 per cent worldwide market share isn’t exactly a bad thing, too. The total subscriber base for the BlackBerry platform is more than 50 million users.

Today, we are proud to present world’s first tool to facilitate forensic analysis of BlackBerry devices by enabling access to protected data stored on users’ BlackBerries.

One of the reasons of BlackBerry high popularity is its ultimate security. It was the only commercial mobile communication device that was ever allowed to a US president: Barack Obama has won the privilege to keep his prized BlackBerry despite resistance from NSA. (On a similar note, Russian president Dmitry Medvedev was handed an iPhone 4 a day before its official release by no one but Steve Jobs himself. No worries, we crack those, too).



All data transmitted between a BlackBerry Enterprise Server and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Unique private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Even more; to secure information stored on BlackBerry smartphones, password authentication can be made mandatory through the policies of a BlackBerry Enterprise Server (default, password authentication is limited to ten attempts, after which the smartphone's wiped clean with all its contents erased). Local encryption of all data, including messages, address book and calendar entries, memos and tasks, is also provided, and can be enforced via the IT policy as well. With the supplied Password Keeper, Advanced Encryption Standard (AES) encryption allows password entries to be stored securely on the smartphone, enabling users to keep their online banking passwords, PIN codes and financial information handy – and secure. If that’s not enough, system administrators can create and send wireless commands to remotely change BlackBerry device passwords, lock or delete information from lost or stolen BlackBerries.

Sounds pretty secure, does it? As always, there is the weakest link. With BlackBerry, the weakest link is its offline backup mechanism.

Backups are good. If you don’t do backups yet you definitely should. Any decent IT policy will mandate you to backup data at certain intervals. This is true not only for laptops, desktops or servers, but also for mobile devices and smartphones. A lost BlackBerry can definitely ruin your day without having a recent backup handy. How long will it take you to get everything back on your new BlackBerry? Count contacts, appointments, mail accounts and their settings, installed applications, photos, device preferences, etc. Backups offer a convenient way to reduce this time to just a few minutes.

Backups are also evil. They create a new instance of information that might be private or sensitive. It is easy to manage this information while it stays inside a secure device, and it might be a nightmare to manage it when it is out. Backup encryption is supposed to solve the problem. If you’re one of those guys with search warrants, I doubt that you like the idea of encrypting anything, BlackBerry backups included. At least if this isn’t your own backup.

Smartphone manufacturers provide software not only for syncing devices with desktop computers, but also for creating backups. For example, Apple iPhone users have iTunes. For BlackBerries, it is BlackBerry Desktop Software. According to the application manual:

The BlackBerry Desktop Software is designed to link the content and applications on your BlackBerry device with your computer.

You can use the BlackBerry Desktop Software to do the following tasks:

• synchronize your organizer data (calendar entries, contacts, tasks, and memos) and media files (music, pictures, and videos)

• back up and restore your device data

• manage and update your device applications

• transfer your device settings and data to a new BlackBerry device

• use your device as a modem to connect to the Internet from your computer

• manage multiple devices

• charge your device

Creating device backup is quite simple; again, following the manual:

To back up data that is in your built-in media storage, mass storage mode must be turned on.

1. Connect your BlackBerry device to your computer.

2. In the BlackBerry Desktop Software, click [Device] > [Back up].

3. Do one of the following:

• To back up all your device data, click [Full].

• To back up all your device data except for email messages, click [Quick].

• To select which types of device data to back up, click [Custom]. Select the check box next to the data you want to back up.

4. If your device includes built-in media storage and you want to back up data that is stored there, select the [Files saved on my built-in media storage] check box.

5. Do any of the following:

• To change the default name for the backup file, in the File name field, type a new name.

• To encrypt your data, select the [Encrypt backup file] check box. Type a password.

• To save your settings so that you are not prompted to set these options again when you back up your device, select the [Don't ask for these settings again] check box.

6. Click [Back up].

So when you restore the device from a backup, you will have to supply the same password you entered to create it (as if it’s not obvious).

Contrary to iPhone backups that consist of a collection of multiple files, BlackBerry backups are stored in a single file – either with .ipd (Windows version of BlackBerry Desktop) or .bbb (Mac version) extension. In fact, .bbb is simply a ZIP archive incorporating .ipd file inside.

Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises.

In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2’000 iterations in iOS 3.x, and 10’000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it’s BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we’ve been expecting BlackBerry backup protection to be at least as secure as Apple’s, which turned not to be the case.

What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast – even without GPU acceleration we can go over millions of passwords per second. Here is the performance chart

In case these numbers don't give you much of a hint, here is the tip: if the password is 7 character long (a typical length) and contains only small letters or only capitals, it will take only about half an hour to recover the password on an Intel Core i7 CPU. And even if the password is composed of both uppercase and lowercase letters, the recovery will succeed in less than three days.

Of course, longer passwords will take more time, but the big question is: are you able to memorize longer passwords, or will you write them down?

Sorry, forgot to mention. To recover BlackBerry passwords, you'll need our Elcomsoft Phone Password Breaker (formerly "Elcomsoft iPhone Password Breaker" – sorry Apple, we've dropped an 'i' because not only iPhone backups are supported now, but your competitors as well. The abbreviated name remains EPPB for the time being).

And now some quick tips. First, not only brute-force attack is available: the dictionary attack (our favorite, especially when used with permutations) is there as well.

Second, once the password is recovered (or if you already know it), EPPB can decrypt the backup so that you can use it to restore the device or analyze its contents using any 3rd party mobile forensic tools like ABC Amber BlackBerry Converter.