Corporate & forensic solutions
Elcomsoft Phone Breaker
Recover Password-Protected BlackBerry and Apple Backups
Elcomsoft Phone Breaker enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms. The password recovery tool supports all Blackberry smartphones as well as Apple devices running iOS including iPhone, iPad and iPod Touch devices of all generations released to date, including the iPhone 6S Plus and iOS 9.
Retrieve Cloud Backups: Apple iCloud and Windows Live
Cloud acquisition is an alternative way of retrieving information stored in mobile backups produced by Apple iOS, and the only method to explore Windows Phone 8 devices. Elcomsoft Phone Breaker can retrieve information from Apple iCloud and Windows Live! services provided that original user credentials for that account are known.
Online backups can be acquired by forensic specialists without having the original iOS or Windows Phone device in hands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID or Live ID accompanied with the corresponding password.
Note: downloading iOS 9 iCloud backups is currently available in Windows version only (and requires iCloud for Windows to be installed; Mac version is now able to download iOS 8 (and older) backup at this time, but will be updated soon.
The Forensic edition of Elcomsoft Phone Breaker enables over-the-air acquisition of iCloud data without having the original Apple ID and password. Password-free access to iCloud data is made possible via the use of a binary authentication token extracted from the user’s computer.
Elcomsoft Phone Breaker supports accounts with Apple's two-step verification. Note that older versions of Elcomsoft Phone Breaker did not support secondary authentication and would fail even if the second authentication factor were accessible. Access to the second authentication factor such as a trusted device or recovery key is required. Once the secondary authentication step is completed, Phone Password Breaker will save a binary authentication token to bypass manual authentication for subsequent sessions.
Note: at this time, Microsoft Live! accounts that use two-factor authentication are not supported.
Accessing iCloud without Login and Password
If the user’s Apple ID and password are not available, Elcomsoft Phone Breaker can use a binary authentication token created by Apple iCloud Control Panel in order to login to iCloud and retrieve information. The use of authentication tokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is available.
The Forensic edition of Elcomsoft Phone Breaker comes with the ability to acquire and use authentication tokens from Windows and Mac OS X computers, hard drives or forensic disk images. Authentication tokens for all users of that computer can be extracted, including domain users (providing that their system logon passwords are known). The tools are available in both Windows and Mac versions of the tool.
Authentication tokens are obtained from the suspect’s computer on which iCloud Control Panel is installed. In order for the token to be created, the user must have been logged in to iCloud Control Panel on that PC at the time of acquisition. Authentication tokens can be extracted from live systems (a running Mac OS or Windows PC) or retrieved from users’ hard drives or forensic disk images.
iCloud Control Panel is an integral part of Mac OS systems, and installs separately on Windows PCs. Most users will stay logged in to their iCloud Control Panel for syncing contacts, passwords (iCloud Keychain), notes, photo stream and other types of data without re-typing their password. All this means that the probability of obtaining authentication tokens from PCs with iCloud Control Panel installed is high.
In addition to iCloud backups, Elcomsoft Phone Breaker can download files stored in the user’s iCloud account such as documents or spreadsheets, application-specific data, WhatsApp backups, 1Password database, Passbook data etc. Note that there is no email notification sent by Apple when downloading files from iCloud. Both "old" iCloud accounts and iCloud Drive accounts are supported.
Note: on Windows, downloading files from iCloud Drive requires iCloud for Windows to be installed. On MacOS X, iCloud Control Panel is a part of the operating system, but iCloud Drive support is available on OS X version 10.10 (Yosemite) only, and does not work with 10.10.5 and 10.11 yet.
Unlock Apple and BlackBerry Backups
The new tool recovers the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices (running BlackBerry 7 OS or earlier). The backups contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.
Note: this feature is available in Windows version only.
Decrypt BlackBerry 10 Backups
Local backups produced by BlackBerry Link are always encrypted with a highly secure hardware-specific encryption key, effectively preventing forensic analytic tools from processing BlackBerry 10 data. As even the original use has no control over the password protecting these backups, the only possible way of using these backups was restoring them onto a BlackBerry device with the same BlackBerry ID, making forensic analysis of these backups extremely cumbersome.
Elcomsoft Phone Breaker can effectively decrypt BlackBerry 10 backups produced with BlackBerry Link if the user’s BlackBerry ID and password are known.
Selective Access to iCloud Backups
Downloading a large backup for the very first time can potentially take hours. Subsequent updates are incremental, and occur much faster. If speed is essential, Elcomsoft Phone Breaker offers the ability to quickly acquire select information and skip data that’s taking the longest to download (such as music and videos). Information such as messages, attachments, phone settings, call logs, address books, notes, calendars, email account settings, camera roll, and many other pieces of information can be pre-selected and downloaded in just minutes, providing investigators with near real-time access to essential information.
Perform Enhanced Forensic Analysis on iOS Devices
ElcomSoft offers the complete toolkit for performing forensic analysis of encrypted user data stored in certain iPhone/iPad/iPod devices. The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and decrypting the file system dump. Access to most information is provided in real-time. In addition to Elcomsoft Phone Breaker, the toolkit includes the ability to decrypt images of devices’ file systems, as well as a free tool that can extract the encrypted file system out of the device in raw form. More information is available on a dedicated Web page.
Features and Benefits
Note: password recovery features are available in Windows version only.
ElcomSoft offers a highly efficient, cost-effective solution to lengthy attacks by dramatically increasing the speed of password recovery when one or more supported video cards are present. The company’s patented GPU acceleration reduces the time required to recover iPhone/iPad/iPod and BlackBerry backup passwords by orders of magnitude. The latest generation of ElcomSoft GPU acceleration technology supports unlimited numbers of AMD or NVIDIA boards such as NVIDIA 400/500/600/700/800/900-series and AMD 5000/6000/7000/R7/R9-series. ElcomSoft GPU acceleration provides true supercomputer performance at consumer prices.
To make GPU acceleration cost-effective, ElcomSoft implemented support for multiple diverse GPU acceleration units running at the same time. Effectively, this budget-friendly solution allows mixing multiple generations of compatible video cards, extending existing systems by adding new acceleration hardware instead of replacing.
Note: not applicable to MacOS X version
Elcomsoft Phone Breaker supports an advanced dictionary attack with customizable permutations. According to multiple security researches, the majority of users choose meaningful, dictionary-based passwords that are easier for them to remember. Elcomsoft Phone Breaker is able to recover such passwords and their variations quickly and efficiently no matter which language they are. Elcomsoft Phone Breaker supports a variety of permutations of dictionary words, trying hundreds of variants for each dictionary word to ensure the best possible chance to recover the password.
Note: not applicable to MacOS X version
Extract and Decrypt Stored Passwords
In Apple iPhone devices, passwords to email accounts, Web sites, and certain third-party software are stored securely in keychains that are encrypted with hardware keys unique to each individual device. Prior to the release of iOS 4, keychains remained encrypted with a device-specific hardware key; but with the release of Apple iOS 4, the keychains are stored encrypted only with backup’s master password. Elcomsoft Phone Breaker is able to instantly read and decrypt all keychain data including stored passwords if a backup password is known or recovered. iOS 5/6/7/8/9 are supported as well, of course.
Please note that to decrypt the keychain from local (iTunes) password-protected backup, you only need the password to backup itself. For local non-encrypted backups and backups downloaded from iCloud, decryption of the keychain is possible if you have physical access to the device and so can get the specific encryption key (0x835, so-called 'securityd') from there (e.g. using Elcomsoft iOS Forensic Toolkit).
Elcomsoft Phone Breaker does not use Apple iTunes or BlackBerry Desktop Software, and does not need to have those products installed. All password recovery operations are performed offline.
Elcomsoft Phone Breaker can decrypt encrypted containers created by popular password managers including BlackBerry Password Keeper and Wallet for BlackBerry, as well as 1Password, allowing investigators accessing all of the suspect’s stored passwords.
Access Information Stored in BlackBerry Password Keeper and Wallet
A great deal of highly valuable information is stored in BlackBerry Password Keeper and BlackBerry Wallet apps (prior to BlackBerry 10). Users' login credentials with Web site passwords are kept in BlackBerry Password Keeper to provide mobile users with faster login experience. BlackBerry Wallet stores users' financial information including credit card numbers, billing and shipping addresses, loyalty points numbers, etc.
Information in BlackBerry Password Keeper and Wallet has an extra layer of protection. The data is securely encrypted, protected with individual master passwords. Elcomsoft Phone Password Breaker can quickly recover the master passwords, and unlock access to users’ passwords and financial information stored in Password Keeper and Wallet apps.
Instant Decryption of BlackBerry Password Keeper (BlackBerry 10)
Previous versions of BlackBerry Password Keeper used a user-specified master password to protect the password container. Recent versions of BlackBerry Password Keeper employ an escrow key to achieve the same. Elcomsoft Phone Breaker can extract the escrow key and instantly decrypt BlackBerry Password Keeper containers extracted from BlackBerry 10 backups.
Note: BlackBerry 10 backups themselves are also protected and must be decrypted with Elcomsoft Phone Breaker prior to targeting BlackBerry Password Keeper.
1Password is a popular cross-platform password manager available for Mac OS X, Windows, Android and iOS. 1Password containers are protected with a user-defined master password. Elcomsoft Phone Breaker can attack master passwords and decrypt 1Password containers retrieved from Dropbox, iTunes of iCloud backups.
Recover BlackBerry Device Password
The recovery of BlackBerry (prior to verison 10) password is possible if the user-selectable Device Password security option is enabled to encrypt media card data. By analyzing information stored on encrypted media cards, Elcomsoft Phone Password Breaker can try millions password combinations per second, recovering a fairly long 7-character password in a matter of hours. With the ability to recover the device password, ElcomSoft does what's been long considered impossible, once again making Elcomsoft Phone Password Breaker the world's first.
Note: this feature is available in Windows version only.
Note: password recovery features and iOS 9 downloading iCLoud backups are available in Windows version only.
Elcomsoft Phone Breaker supports Windows Vista, Windows 7, Windows 8/8.1/10 and Windows Server 2003/2008/2012 with x32 and x64 architectures. Password-protected backups to iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6S, iPhone 6S Plus, iPad (all generations including iPad Pro), iPad Mini and iPod Touch (all generations) devices are supported.
Please note that Elcomsoft Phone Password Breaker is NOT able to remove the iOS activation lock or iPhone passcode lock, unlock iPhone from the carrier, jailbreak the iPhone or remove SIM card PIN code. It is intended for recovery of backup passwords only. For more information, read the EPPB manual and Phone Password Breaker FAQ.
Purchase EPB (Windows) Download free trial version of EPB (Windows) Current version: 5.01.7219
Purchase EPB (MacOS X) Download free trial version of EPB (MacOS X) Current version: 4.11.5621
The product can be uninstalled through Control Panel ‘Programs and features’, or using ‘Unistall’ program in Start menu. Standard Windows Installer service is being used.