Cracking BlackBerry backups is now slower… but still possible, thx to GPU acceleration

December 24th, 2010 by Vladimir Katalov
Category: «Cryptography», «Elcomsoft News»
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

If you have read our recent Cracking BlackBerry Backup Passwords article, you should be familiar with encryption implemented in BlackBerry Desktop Software. Just reminding:

In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2’000 iterations in iOS 3.x, and 10’000 iterations in iOS 4.x, BlackBerry uses only one.

So password verification is (was) so fast/simple that we did not care about implementing it on the GPU — modern CPU is able to crack almost 8 million passwords per second (thanks to multi-threading and AES-NI). We would not call that the vulnerability, but still the weak link.

But new versions of BlackBerry Desktop Software have been released reсently (6.0 for Windows and 2.0 for Mac). And as always, there are bad news and there are good news.

Bad news (for those who forgot his own password): there are 20,000 PBKDF2 iterations now (yes, two times more than in iOS 4! :)). That means that even 6-core Intel CPU can crack not more than 2,000 passwords per second only.

Good news (for the same audience): new version of Elcomsoft Phone Password Breaker not only supports the BlackBerry files with new/improved encryption, but supports GPU acceleration as well (previously, it was available for iTunes backups only). With it, we can get about 7,000 passwords per second on NVIDIA GeForce GTX 580, and about 20,000 p/s on ATI Radeon HD 5970. Also, AMD Radeon HD 6970 is now supported (though we have not tested our code on this card, sorry).


  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

REFERENCES:

Elcomsoft Phone Breaker

Gain full access to information stored in FileVault 2 containers, iOS, Apple iCloud, Windows Phone and BlackBerry 10 devices! Download device backups from Apple iCloud, Microsoft OneDrive and BlackBerry 10 servers. Use Apple ID and password or extract binary authentication tokens from computers, hard drives and forensic disk images to download iCloud data without a password. Decrypt iOS backups with GPU-accelerated password recovery.

Elcomsoft Phone Breaker official web page & downloads »