Corporate & forensic solutions
Elcomsoft Phone Breaker
Recover Password-Protected BlackBerry and Apple Backups
Elcomsoft Phone Breaker enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms. The password recovery tool supports all Blackberry smartphones as well as Apple devices running iOS including iPhone, iPad and iPod Touch devices of all generations released to date, including the iPhone 6 Plus and iOS 8.
Retrieve Cloud Backups: Apple iCloud and Windows Live
Cloud acquisition is an alternative way of retrieving information stored in mobile backups produced by Apple iOS, and the only method to explore Windows Phone 8 devices. Elcomsoft Phone Breaker can retrieve information from Apple iCloud and Windows Live! services provided that original user credentials for that account are known.
Online backups can be acquired by forensic specialists without having the original iOS or Windows 8 Phone device in hands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID or Live ID accompanied with the corresponding password.
Please note that a notification message might be sent to the owner of the Apple iCloud account when the given iCloud backup is accessed from a different computer at the first time. Apple turns the notifications on and off from time to time (right now there are no notifications).
The Forensic edition of Elcomsoft Phone Breaker enables over-the-air acquisition of iCloud data without having the original Apple ID and password. Password-free access to iCloud data is made possible via the use of a binary authentication token extracted from the user’s computer.
Elcomsoft Phone Breaker supports accounts with Apple's two-factor authentication. Note that older versions of Elcomsoft Phone Breaker did not support secondary authentication and would fail even if the second authentication factor were accessible. Access to the second authentication factor such as a trusted device or recovery key is required. Once the secondary authentication step is completed, Phone Password Breaker will save a binary authentication token to bypass manual authentication for subsequent sessions.
Note: at this time, Microsoft Live! accounts that use two-factor authentication are not supported.
Accessing iCloud without Login and Password
The Forensic edition of Phone Password Breaker comes with all the tools necessary to acquire and decrypt such tokens from Windows and Mac OS X computers. During the extraction, authentication tokens for all users of that computer can be extracted, including domain users (providing that their system logon passwords are known). The tools are available in Windows and Mac versions correspondingly.
The ability to use authentication tokens acquired from the suspect’s computer in place of plain-text logon credentials is of major importance to forensic investigators. Authentication tokens can be obtained from the suspect’s computer where iCloud Control Panel is installed. In order to obtain the token, the user must have been logged in to iCloud Control Panel on that PC at the time of acquisition. Authentication tokens can be extracted from live systems (a running Mac OS or Windows PC) or retrieved from users’ hard drives or forensic disk images.
iCloud Control Panel is an integral part of Mac OS systems, and installs separately on Windows PCs. Most users will stay logged in to their iCloud Control Panel for syncing contacts, passwords (iCloud Keychain), notes, photo stream and other types of data. All this means that the probability of obtaining authentication tokens from PCs with iCloud Control Panel installed is high.
In addition to iCloud backups, Elcomsoft Phone Breaker can download files stored in the user’s iCloud account such as documents or spreadsheets, application-specific data, WhatsApp backups etc. Note that there is no email notification sent by Apple when downloading files from iCloud. Both "old" iCloud accounts and iCloud Drive accounts are supported.
Unlock Apple and BlackBerry Backups
The new tool recovers the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices (running BlackBerry 7 OS or earlier). The backups contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.
Decrypt BlackBerry 10 Backups
Local backups produced by BlackBerry Link are always encrypted with a highly secure hardware-specific encryption key, effectively preventing forensic analytic tools from processing BlackBerry 10 data. As even the original use has no control over the password protecting these backups, the only possible way of using these backups was restoring them onto a BlackBerry device with the same BlackBerry ID, making forensic analysis of these backups extremely cumbersome.
Elcomsoft Phone Breaker can effectively decrypt BlackBerry 10 backups produced with BlackBerry Link if the user’s BlackBerry ID and password are known.
Selective Access to iCloud Backups
Downloading a large backup for the very first time can potentially take hours. Subsequent updates are incremental, and occur much faster. If speed is essential, Elcomsoft Phone Breaker offers the ability to quickly acquire select information and skip data that’s taking the longest to download (such as music and videos). Information such as messages, attachments, phone settings, call logs, address books, notes, calendars, email account settings, camera roll, and many other pieces of information can be pre-selected and downloaded in just minutes, providing investigators with near real-time access to essential information.
Perform Enhanced Forensic Analysis on iOS 4+ Devices
ElcomSoft offers the complete toolkit for performing forensic analysis of encrypted user data stored in certain iPhone/iPad/iPod devices. The toolkit allows eligible customers acquiring bit-to-bit images of devices’ file systems, extracting phone secrets (passcodes, passwords, and encryption keys) and decrypting the file system dump. Access to most information is provided in real-time. In addition to Elcomsoft Phone Breaker, the toolkit includes the ability to decrypt images of devices’ file systems, as well as a free tool that can extract the encrypted file system out of the device in raw form. More information is available on a dedicated Web page.
Features and Benefits
ElcomSoft offers a highly efficient, cost-effective solution to lengthy attacks by dramatically increasing the speed of password recovery when one or more supported video cards are present. The company’s patented GPU acceleration reduces the time required to recover iPhone/iPad/iPod and BlackBerry backup passwords by orders of magnitude. The latest generation of ElcomSoft GPU acceleration technology supports unlimited numbers of AMD or NVIDIA boards such as NVIDIA 400/500/600/700/800-series and AMD 5000/6000/7000/R7/R9-series. ElcomSoft GPU acceleration provides true supercomputer performance at consumer prices.
To make GPU acceleration cost-effective, ElcomSoft implemented support for multiple diverse GPU acceleration units running at the same time. Effectively, this budget-friendly solution allows mixing multiple generations of compatible video cards, extending existing systems by adding new acceleration hardware instead of replacing.
Elcomsoft Phone Breaker supports an advanced dictionary attack with customizable permutations. According to multiple security researches, the majority of users choose meaningful, dictionary-based passwords that are easier for them to remember. Elcomsoft Phone Breaker is able to recover such passwords and their variations quickly and efficiently no matter which language they are. Elcomsoft Phone Breaker supports a variety of permutations of dictionary words, trying hundreds of variants for each dictionary word to ensure the best possible chance to recover the password.
Extract and Decrypt Stored Passwords
In Apple iPhone devices, passwords to email accounts, Web sites, and certain third-party software are stored securely in keychains that are encrypted with hardware keys unique to each individual device. Prior to the release of iOS 4, keychains remained encrypted with a device-specific hardware key; but with the release of Apple iOS 4, the keychains are stored encrypted only with backup’s master password. Elcomsoft Phone Breaker is able to instantly read and decrypt all keychain data including stored passwords if a backup password is known or recovered. iOS 5/6/7/8 are supported as well, of course.
Please note that to decrypt the keychain from local (iTunes) password-protected backup, you only need the password to backup itself. For local non-encrypted backups and backups downloaded from iCloud, decryption of the keychain is possible if you have physical access to the device and so can get the specific encryption key (0x835, so-called 'securityd') from there (e.g. using Elcomsoft iOS Forensic Toolkit).
Elcomsoft Phone Breaker does not use Apple iTunes or BlackBerry Desktop Software, and does not need to have those products installed. All password recovery operations are performed offline.
Access Information Stored in BlackBerry Password Keeper and Wallet
A great deal of highly valuable information is stored in BlackBerry Password Keeper and BlackBerry Wallet apps (prior to BlackBerry 10). Users' login credentials with Web site passwords are kept in BlackBerry Password Keeper to provide mobile users with faster login experience. BlackBerry Wallet stores users' financial information including credit card numbers, billing and shipping addresses, loyalty points numbers, etc.
Information in BlackBerry Password Keeper and Wallet has an extra layer of protection. The data is securely encrypted, protected with individual master passwords. Elcomsoft Phone Password Breaker can quickly recover the master passwords, and unlock access to users’ passwords and financial information stored in Password Keeper and Wallet apps.
Recover BlackBerry Device Password
The recovery of BlackBerry (prior to verison 10) password is possible if the user-selectable Device Password security option is enabled to encrypt media card data. By analyzing information stored on encrypted media cards, Elcomsoft Phone Password Breaker can try millions password combinations per second, recovering a fairly long 7-character password in a matter of hours. With the ability to recover the device password, ElcomSoft does what's been long considered impossible, once again making Elcomsoft Phone Password Breaker the world's first.
Elcomsoft Phone Breaker supports Windows Vista, Windows 7, Windows 8 and Windows Server 2003/2008/2012 with x32 and x64 architectures. Password-protected backups to iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6, iPhone 6 Plus, iPad (all generations), iPad Mini and iPod Touch (all generations) devices are supported.
Please note that Elcomsoft Phone Password Breaker is NOT able to remove the iOS activation lock or iPhone passcode lock, unlock iPhone from the carrier, jailbreak the iPhone or remove SIM card PIN code. It is intended for recovery of backup passwords only. For more information, read the EPPB manual and Phone Password Breaker FAQ.
Current version: 4.0.2047 Purchase EPB Download free trial version of EPBThe product can be uninstalled through Control Panel ‘Programs and features’, or using ‘Unistall’ program in Start menu. Standard Windows Installer service is being used.