iPhone/iPod Backup Password Recovery

February 4th, 2010 by Andrey Belenko

ElcomSoft iPhone Password BreakerToday we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.

In case you do not know, iTunes routinely makes backups of iPhones and iPods being synced to it. Such backups contain a plethora of information, essentially all user-generated data from the device in question. Contacts, calendar entries, call history, SMS, photos, emails, application data, notes and probably much more. Not surprisingly, such information manifests significant value for investigators. To make their job easier there are tools to read information out of iTunes backups, one example of such tool being Oxygen Forensic Suite (http://www.oxygen-forensic.com/). Such tools can not deal with encrypted backups, though.

Starting with iTunes 8.2 and iPhoneOS 3.0 (that is, June 2009) it became possible to protect iTunes backups with a password. After you specify protection password, no backup data leaves or enters device unencrypted. That is, contacts, emails, photos, etc. are encrypted on the device, transmitted encrypted over USB cable, and saved encrypted on hard disk. Apparently, such backups exhibit much less value for investigators.

This is where our tool comes into play. Given a password-protected backup, it can run various password recovery attacks, trying thousands passwords per second. Unquestionably, it supports multi-core CPUs, extended CPU instructions, and acceleration using GPU cards (only NVIDIA for the moment, ATI and friends coming in a month or two). Technologically, the product is pretty cool (and it’s going to become better).

However, this is an early beta and it obviously lacks some functionality. You cannot pause/resume recovery. You are limited to wordlist-based attacks only. It is no way bug-free and it will expire on March, 15 after all. Still, you are invited to give it a try. You can download it at http://www.elcomsoft.com/eppb-beta.html.

Please submit your feedback to iphone at elcomsoft.com or use "Help ➯ Send feedback…" menu command from within program itself. Bug reports are welcome, so are suggestions and feature requests. Top contributors will receive iTunes gift certificates, free software licenses and discounts.

Tags: , , , , ,
Posted in Elcom-News, Security, Software | No Comments »

It was Data Privacy Day… our warmest congratulations!

January 29th, 2010 by Olga Koksharova

ElcomSoft always have yet another pair of eyes for your privacy… :)

Tags:
Posted in Did you know that...?, General | No Comments »

123 Out Goes… Your Password

January 22nd, 2010 by Katerina Korolkova, Media Relations

About a month ago, a SQL Injection flaw was found in the database of RockYou.com, a website dealing with social networking applications. The Tech Herald reports that 32.6 million passwords were exposed and posted online due to the flaw. The complete examination of the passwords from the list showed that the passwords in question are not only short as RockYou.com allows creating 5-character-passwords but also alphanumeric only.

A half of the passwords from the list contained names, slang and dictionary words, or word combinations. The Tech Herald enumerates the most common passwords: “123456″, followed by “12345″, “123456789″, “Password”, “iloveyou”, “princess”, “rockyou”, “1234567″, “12345678″, and “abc123″ to round out the top 10. Other passwords included common names such as “Jessica”, “Ashley”, or patterns like “Qwerty”.

Although the findings of the survey are deplorable, most sites do nothing to improve password security. At the same time some websites block special characters and do not allow users to choose them for passwords making user accounts vulnerable to malicious attacks.

As a part of problem solution, the Tech Herald sees sites enforcing users a hard rule of character length. We at ElcomSoft share the opinion that a password must be at least 9 characters long, consisting of upper and lowercase letters, numbers, and – preferably – special characters.

The article also highlights greater risks for the companies as attackers are using more advanced brute force attacks. According to the Tech Herald, “if an attacker would’ve used the list of the top 5000 passwords as a dictionary for brute force attack on Rockyou.com users, it would take only one attempt (per account) to guess 0.9-percent of the user’s passwords, or a rate of one success per 111 attempts”.

Related articles and publications:

A list of passwords used by the Conficker Worm Daniel V. Klein, ”Foiling the Cracker”: A Survey of, and Improvements to, Password Security,” 1990.

Posted in General, Human Factor, Industry News, Security | No Comments »

The 5th China Computer Forensics Conference

December 17th, 2009 by Olga Koksharova

So, they are back from CCFC  (Beijing) where Vladimir, Andrew, and Dmitry made their speeches and listened to those given by other reps.  Here is a follow-up of the conference with nice shots kindly taken by a keen “shooter” Dmitry Sklyarov ;) But first of all, we’d like to thank Sprite Guo for taking care of all preparations and perfect managing throughout the whole conference – our BIG thank you!

Remarkably, on guys’ returning there was no need to ask them about their trip, it was clearly seen on their fresh faces they are full of new ideas which is the most intrinsic value of all.

So, here is a photo-reportage…

Andrew Belenko is making his speech on the opening day

Vladimir, Dmitry, Andrew and Yurii at Tian’anmen

Dmitry Sklyarov is lecturing… as always ;)

Andrew, Vladimir and Sprite, cigarette-break

Guess what?

CCFC photo session :)

Sometimes it is like in a fairy tale

Dmitry, Vladimir and Andrew and the Great Wall of China

Would you like centipede?… :P

Wires again…

Tags: , , ,
Posted in Elcom-News, General | No Comments »

New sweeping WPA Cracker & its alternatives

December 8th, 2009 by Alexandra Tsybulskaya

It’s a well-know fact that WPA-PSK networks are vulnerable to dictionary attacks, though one cannot but admit that running a respectable-sized dictionary over a WPA network handshake can take days or weeks.

A low-cost service for penetration testers that checks the security of wireless networks by running passwords against a 135-million-word dictionary has been recently unveiled. The so-called WPA Cracker is a cloud-based service that accesses a 400-CPU cluster. For $34, it can run a password against all 135 million entries in about 20 minutes. Want to pay less, do it for $17 and wait 40 minutes to see the results.

Another notable feature is the use of the dictionary that has been set up specifically for cracking Wi-Fi Protected Access passwords. While Windows, UNIX and other systems allow short passwords, WPA pass codes must contain a minimum of eight characters. Its entries use a variety of words, common phrases and "elite speak" that have been compiled with WPA networks in mind.

WPA Cracker is used by capturing a wireless network's handshake locally and then uploading it, along with the network name. The service then compares the PBKDF2, or Password-Based Key Derivation Function, against the dictionary. The approach makes sense, considering each handshake is salted using the network's ESSID, a technique that makes rainbow tables only so useful.

Everything seems to be perfect, but for the fact that there exists another alternative to crack WPA passwords which allows to reach the same speed. Just instead of installing a 400-CPU cluster, it’s possible to set 4 top Radeons or about two Teslas and try Elcomsoft Wireless Security Auditor.

Elcomsoft Wireless Security Auditor: WPA-PSK Password Audit

Tags: , ,
Posted in Cryptography, Industry News, Security | No Comments »

ElcomSoft at INTERPOLITEX-2009

November 3rd, 2009 by Alexandra Tsybulskaya

In the period from 27 to 30 October 2009 in Moscow the XIII International exhibition of security facilities of the State "INTERPOLITEX – 2009" took place.

Our team was lucky to participate in this great event organized by the Government of Russia. It was the first time that we had the opportunity to take part in this exhibition, hope not the last one :) I’d like to share my opinion and overall impression of this event.

Actually, from the very beginning things went on smoothly, we were supplied with everything that was ordered (pleasant surprise for this country). Though we didn’t have much space at our stand, we were supposed to organize our booth very nicely, thanks to my colleagues, of course :-) so our booth, compared to all those enormous, two-storeyed stands, managed to attract the attention not only of gapers, but of security specialists and/or our potential clients as well. Here are some pics from the show:

Our booth. Looks nice, doesn't it?!

Alexander Shplatov (Elcom’s senior programmer ) with our collection of awards and letters of thanks:

Hard working process =)

The entire view of the exhibition:

All in all, the show was really great, including the demonstration of military high-tech special technical equipment and weapons :)

Thanks to everybody who took interest in our soft and visited us at INTERPOLITEX 2009!

Hope we will reap the benefits of our participation in this show in the near future!

Posted in General | 4 Comments »

ElcomSoft at it-sa, Nuremberg, Germany

October 14th, 2009 by Katerina Korolkova, Media Relations

IT-SA-Expo goes on very well and our presentation at the Technical Forum (Forum Blau) was a success – thanks to Rene Mathes who gave out the presentation and 8com GmbH. The talk was about how one speeds up the hash recovery process with the parallelizing CUDA technology. If you happen to be in Nuremberg, Germany, visit our booth at Hall 6 (Stand 542).

There is also a workshop on hash cracking at the booth of 8com where our software will be featured. It starts today at 11:45.
 

Click to enlarge

Click to enlarge

Posted in General | 4 Comments »

Need to protect your VBA macro ? Simply damage the file !

October 8th, 2009 by Andrey Malyshev

One of our customers sent me two Excel XLA add-ins. When I tried to open that file in the VBA Editor — the "Project is locked" message appeared. Add-in has been already unlocked by our VBA password recovery tool. According to Microsoft article this message may appear in two cases: when the macro is protected by password or when it is digitally signed. I analysed the macro password record and found that the password is empty. MS Excel also showed me that macro have no any digital signatures. Then I looked into protection record with more attention and for example found that:

"[Host Extender Info]" string is replaced to "[Host Extender 1nfo]".

There were some additional similar changes and finally I found that the macro has damaged digital signature record. It’s ignored when macro is running but when we try to open the macro to view — Excel shows the error.

Microsoft has very weak VBA macro protection. That’s why developers are searching for non-standard protection methods. It’s not simple to reconstruct a damaged macro and it may require a lot of time.

If your macro cannot be opened by our password recovery programs — the most probable reason is custom protection that damages some technical records. I cannot say that it’s a good protection. New versions of MS Office may not work correctly with damaged files.

Tags: , , , , , ,
Posted in Cryptography, Security, Software | No Comments »

Now: long-awaited ElcomSoft Password Recovery KIT

October 6th, 2009 by Olga Koksharova

Click to see this fat and full of cholesterol image in details

Our it-friends from Ukraine (KARPOLAN and Dmitry) highly optimized our developing processes and helped us finalize long-awaited Password Recovery KIT. We won’t go deep into technical details, just have a look at rough visualization.

Posted in Elcom-News, General, Hardware, Software | 2 Comments »

Load yourself to the full with books and music for free

September 21st, 2009 by Olga Koksharova

get books and music for freeBack from summer holidays? Suntanned, full of energy, had a good time? And worried about your bank account balance? Don’t strain your nerves unnecessarily, rather keep your business flourishing. We say that your money will return like a homing pigeon back to you! Keep your windows wide open

ElcomSoft prepared yet another pleasant and valuable surprise for you – money certificates up to $100 that you can spend in on-line shops (viz. Amazon and iTunes) on anything you want: music, books, video, software – anything!! Lightning never strikes in the same place, so, drop everything and buy now, because you’ll get back your money.

 

ATTN: This offer is not for long! So, stay tuned and keep your ears cocked for our news and other special offers.

Please learn terms and conditions to get your Amazon and iTunes gift certificate.

Tags: , ,
Posted in Elcom-News, General | 4 Comments »

« Older Entries
RSS for posts
RSS for comments
Subscribe
ElcomSoft on Twitter

Twitter Updates

    follow me on Twitter