DFU Mode Cheat Sheet

January 14th, 2021 by Oleg Afonin

The Device Firmware Upgrade mode, or simply DFU, just got a second breath. The ability to image the file system, decrypt the keychain and even do passcode unlocks on some older iPhone models has been made possible thanks to the checkm8 exploit and the checkra1n jailbreak, both of which require switching the phone into DFU. The procedure is undocumented, and the steps are different for the various devices.

Read the rest of this entry »

Elcomsoft vs. Hashcat Part 4: Case Studies

December 9th, 2020 by Andrey Malyshev

This is the final part of the series of articles comparing Elcomsoft Distributed Password Recovery with Hashcat. We’ve already compared the features, the price and performance of the two tools. In this study, we tried breaking passwords to several common formats, including Word document, an encrypted ZIP archive, and a VeraCrypt container. We summarized our experiences below.

Read the rest of this entry »

How to Remove The iPhone Passcode You Cannot Remove

December 8th, 2020 by Vladimir Katalov

From time to time, we stumble upon a weird issue that interferes with the ability to install a jailbreak. One of such problems appearing literally out of the blue is the issue of being unable to remove the screen lock password on some iPhone devices. What could be the reason and how to work around the issue? Read along to find out!

Read the rest of this entry »

The Evolution of iOS Acquisition: Jailbreaks, Exploits and Extraction Agent

December 3rd, 2020 by Oleg Afonin

The past two years have become a turning point in iOS acquisition. The release of a bootrom-based exploit and the corresponding jailbreak made BFU acquisition possible on multiple devices regardless of security patches. Another exploit covers the entire iOS 13 range on all devices regardless of their hardware revision. ElcomSoft developed a jailbreak-free extraction method for the entire iOS 9.0-13.7 range. Let’s see what low-level acquisition options are available today, and when to use what.

Read the rest of this entry »

iOS Extraction Without a Jailbreak: iOS 9 through iOS 13.7 on All Devices

December 3rd, 2020 by Vladimir Katalov

After adding jailbreak-free extraction for iOS 13.5.1 through 13.7, we now support every Apple device running any version of iOS from 9.0 through 13.7 with no gaps or exclusions. For the first time, full file system extraction and keychain decryption are possible on all devices running these iOS versions.

Read the rest of this entry »

Elcomsoft vs. Hashcat Part 3: Attacks, Costs, Performance and Extra Features

December 2nd, 2020 by Andrey Malyshev

Elcomsoft Distributed Password Recovery and Hashcat support a number of different attacks ranging from brute-force all the way to scriptable, dictionary-based attacks. The costs and performance are extremely important factors. We charge several hundred dollars for what, in the end, can be done with a free tool. Which tool has better performance, and are the extra features worth the price premium? Let’s check it out.

Read the rest of this entry »

Forensically Sound Cold System Analysis

December 1st, 2020 by Oleg Afonin

As opposed to live system analysis, experts performing the cold analysis are not dealing with authenticated user sessions. Instead, cold analysis can be viewed as an intermediary measure with live system analysis on the one end and the examination of a forensic disk image on another. Why and when would you use cold system analysis, what can you do and what benefits does it bring compared to the traditional approach? Read along to find out.

Read the rest of this entry »

The ABC’s of Password Cracking: The True Meaning of Speed

November 30th, 2020 by Oleg Afonin

When adding a new encryption format or comparing the performance of different password recovery tools, we routinely quote the recovery speed expressed in the number of passwords per second. But what is the true meaning of password recovery speeds? Do the speeds depend solely, or at all, on the encryption algorithm? What’s “military grade” encryption, and does it guarantee the security of your data? And why on Earth breaking AES-256 encryption takes so vastly different effort in different file formats? Read along to find out.

Read the rest of this entry »

Elcomsoft System Recovery: a Swiss Army Knife of Desktop Forensics

November 26th, 2020 by Oleg Afonin

Accessing a locked system is always a challenge. Encrypted disks and encrypted virtual machines, encrypted files and passwords are just a few things to mention. In this article we are proposing a straightforward workflow for investigating computers in the field.

Read the rest of this entry »

Elcomsoft vs. Hashcat Part 2: Workflow, Distributed and Cloud Attacks

November 25th, 2020 by Oleg Afonin

The user interface is a major advantage of Elcomsoft tools. Setting up attacks in Elcomsoft Distributed Password Recovery is simpler and more straightforward compared to the command-line tool. In this article, we’ll talk about the general workflow, the use and configuration of distributed and cloud attacks in both products.

Read the rest of this entry »

Elcomsoft vs. Hashcat: Addressing Feedback

November 25th, 2020 by Oleg Afonin

After publishing the first article in the series, we received numerous comments challenging our claims. We carefully reviewed every comment, reread and reevaluated our original article.  Elcomsoft vs. Hashcat Rev.1.1 is here.

Read the rest of this entry »