DFU Mode Cheat Sheet
January 14th, 2021 by Oleg Afonin
The Device Firmware Upgrade mode, or simply DFU, just got a second breath. The ability to image the file system, decrypt the keychain and even do passcode unlocks on some older iPhone models has been made possible thanks to the checkm8 exploit and the checkra1n jailbreak, both of which require switching the phone into DFU. The procedure is undocumented, and the steps are different for the various devices.
Elcomsoft vs. Hashcat Part 4: Case Studies
December 9th, 2020 by Andrey Malyshev
This is the final part of the series of articles comparing Elcomsoft Distributed Password Recovery with Hashcat. We’ve already compared the features, the price and performance of the two tools. In this study, we tried breaking passwords to several common formats, including Word document, an encrypted ZIP archive, and a VeraCrypt container. We summarized our experiences below.
How to Remove The iPhone Passcode You Cannot Remove
December 8th, 2020 by Vladimir Katalov
From time to time, we stumble upon a weird issue that interferes with the ability to install a jailbreak. One of such problems appearing literally out of the blue is the issue of being unable to remove the screen lock password on some iPhone devices. What could be the reason and how to work around the issue? Read along to find out!
The Evolution of iOS Acquisition: Jailbreaks, Exploits and Extraction Agent
December 3rd, 2020 by Oleg Afonin
The past two years have become a turning point in iOS acquisition. The release of a bootrom-based exploit and the corresponding jailbreak made BFU acquisition possible on multiple devices regardless of security patches. Another exploit covers the entire iOS 13 range on all devices regardless of their hardware revision. ElcomSoft developed a jailbreak-free extraction method for the entire iOS 9.0-13.7 range. Let’s see what low-level acquisition options are available today, and when to use what.
iOS Extraction Without a Jailbreak: iOS 9 through iOS 13.7 on All Devices
December 3rd, 2020 by Vladimir Katalov
After adding jailbreak-free extraction for iOS 13.5.1 through 13.7, we now support every Apple device running any version of iOS from 9.0 through 13.7 with no gaps or exclusions. For the first time, full file system extraction and keychain decryption are possible on all devices running these iOS versions.
Elcomsoft vs. Hashcat Part 3: Attacks, Costs, Performance and Extra Features
December 2nd, 2020 by Andrey Malyshev
Elcomsoft Distributed Password Recovery and Hashcat support a number of different attacks ranging from brute-force all the way to scriptable, dictionary-based attacks. The costs and performance are extremely important factors. We charge several hundred dollars for what, in the end, can be done with a free tool. Which tool has better performance, and are the extra features worth the price premium? Let’s check it out.
Forensically Sound Cold System Analysis
December 1st, 2020 by Oleg Afonin
As opposed to live system analysis, experts performing the cold analysis are not dealing with authenticated user sessions. Instead, cold analysis can be viewed as an intermediary measure with live system analysis on the one end and the examination of a forensic disk image on another. Why and when would you use cold system analysis, what can you do and what benefits does it bring compared to the traditional approach? Read along to find out.
The ABC’s of Password Cracking: The True Meaning of Speed
November 30th, 2020 by Oleg Afonin
When adding a new encryption format or comparing the performance of different password recovery tools, we routinely quote the recovery speed expressed in the number of passwords per second. But what is the true meaning of password recovery speeds? Do the speeds depend solely, or at all, on the encryption algorithm? What’s “military grade” encryption, and does it guarantee the security of your data? And why on Earth breaking AES-256 encryption takes so vastly different effort in different file formats? Read along to find out.
Elcomsoft System Recovery: a Swiss Army Knife of Desktop Forensics
November 26th, 2020 by Oleg Afonin
Accessing a locked system is always a challenge. Encrypted disks and encrypted virtual machines, encrypted files and passwords are just a few things to mention. In this article we are proposing a straightforward workflow for investigating computers in the field.
Elcomsoft vs. Hashcat Part 2: Workflow, Distributed and Cloud Attacks
November 25th, 2020 by Oleg Afonin
The user interface is a major advantage of Elcomsoft tools. Setting up attacks in Elcomsoft Distributed Password Recovery is simpler and more straightforward compared to the command-line tool. In this article, we’ll talk about the general workflow, the use and configuration of distributed and cloud attacks in both products.
Elcomsoft vs. Hashcat: Addressing Feedback
November 25th, 2020 by Oleg Afonin
After publishing the first article in the series, we received numerous comments challenging our claims. We carefully reviewed every comment, reread and reevaluated our original article. Elcomsoft vs. Hashcat Rev.1.1 is here.
