Elcomsoft breaks VeraCrypt containers, expands cloud support with Microsoft Azure deployment

Elcomsoft Distributed Password Recovery 4.20 helps forensic experts gain effective access to even more encrypted and locked evidence. The update adds support for VeraCrypt containers and introduces the ability to deploy on-demand cloud instances in Microsoft Azure. In addition, the update adds support for FileVault 2 encrypted volumes located on APFS-formatted partitions, and offers ultra-fast attacks for Tally Vault passwords.

We strive to improve our tools, working hard to enable forensic experts gain effective access to more encrypted evidence than ever. In this release, we added support for two major encrypted containers, enabled easy on-demand deployment to Microsoft Azure, and introduced an ultra-fast attack on Tally Vault passwords. To make attacks even smarter, we have improved the masks, enabling experts to create attacks based on advanced password templates.

Finally, we have also updated Elcomsoft System Recovery. The tool can now extract hashes from APFS-formatted FileVault 2 volumes to quickly initiate password attacks without imaging the whole disk.

Breaking VeraCrypt containers

VeraCrypt is a de-facto successor to TrueCrypt, one of the most popular third-party crypto containers. A major addition to Elcomsoft Distributed Password Recovery 4.20 is the ability to attack passwords protecting encrypted volumes created with VeraCrypt.

VeraCrypt offers the choice of some 15 encryption algorithms and their combinations, as well as 5 hash-functions. Elcomsoft Distributed Password Recovery supports encrypted containers protected with any eligible combination of encryption algorithms and hash functions. GPU-accelerated, truly distributed LAN and cloud-based attacks make Elcomsoft Distributed Password Recovery the most versatile high-performance tool on the market.

Breaking FileVault 2 encryption on APFS volumes

The APFS (Apple File System) made its first appearance in macOS High Sierra. The new file system was designed from the ground up to replace the aging HFS/HFS+. Particularly targeting today’s ultra-fast solid-state media, APFS is now used throughout the entire Apple ecosystem, empowering Mac computers, iPad, iPhone and Apple TV devices.

In this release, Elcomsoft Distributed Password Recovery adds support for FileVault 2 volumes stored on APFS-formatted disks, allowing experts run GPU-accelerated distributed attacks on the latest versions of macOS.

Microsoft Azure deployment

If local resources are not enough to complete an attack in reasonable time, on-demand cloud instances may help solve the case faster. During the last years, Elcomsoft Distributed Password Recovery gained the ability to deploy cloud instances into Amazon EC2, providing additional power on demand and scaling back when the extra resources are not needed.

In this release, we are adding on-demand deployment of Elcomsoft Distributed Password Recovery agents in Microsoft Azure. Supporting Amazon EC2 and Microsoft Azure, the two largest cloud computing services, Elcomsoft Distributed Password Recovery becomes the perfect solution for dynamically changing workloads. Cloud instances with easy on-demand deployment are ready to assist when additional computational power is needed without the need to invest into building and maintaining an in-house infrastructure.

A comprehensive how-to walkthrough on deploying Distributed Password Recovery in Microsoft Azure is available in our blog: Using Microsoft Azure to Break Passwords

Recovering Tally Vault passwords

In this update, we have added support for Tally Vault passwords. Due to the low-end encryption implementation of Tally Vault, we’ve been able to achieve unprecedented recovery speeds of up to 10 million passwords per second with CPU-only attacks.

Release notes:

  • Added support for APFS (FileVault2) passwords
  • Added VeraCrypt support
  • Added support for Tally Vault passwords
  • Added support for Microsoft Azure instances
  • Dictionaries can be added from the program console
  • Improved flexible masks for more effective attacks
  • Added support for macOS Catalina keychain passwords
  • Added support for PMKID in WPA/WPA2-PSK password recovery
  • Updated support for the latest versions of 1Password containers
  • GPU acceleration: added support for AMD and Intel Graphics for 1Password, Dashlane and LastPass
  • GPU acceleration: improved support for PDF file format (including old versions)
  • Performance improvements (CPU and GPU) for 1Password, Crypt, Dashlane, Hancom, LastPass, Lotus Notes, Microsoft Office, Apple iWork, OpenDocument, RAR archives, sha1
  • Bug fixes: 7-zip, BitLocker, DCC, IKE, PFS, KeePass, iTunes, plain md5 and sha hashes, SQL, macOS, ZIP

See also