Today we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.
In case you do not know, iTunes routinely makes backups of iPhones and iPods being synced to it. Such backups contain a plethora of information, essentially all user-generated data from the device in question. Contacts, calendar entries, call history, SMS, photos, emails, application data, notes and probably much more. Not surprisingly, such information manifests significant value for investigators. To make their job easier there are tools to read information out of iTunes backups, one example of such tool being Oxygen Forensic Suite (http://www.oxygen-forensic.com/). Such tools can not deal with encrypted backups, though.
Starting with iTunes 8.2 and iPhoneOS 3.0 (that is, June 2009) it became possible to protect iTunes backups with a password. After you specify protection password, no backup data leaves or enters device unencrypted. That is, contacts, emails, photos, etc. are encrypted on the device, transmitted encrypted over USB cable, and saved encrypted on hard disk. Apparently, such backups exhibit much less value for investigators.
This is where our tool comes into play. Given a password-protected backup, it can run various password recovery attacks, trying thousands passwords per second. Unquestionably, it supports multi-core CPUs, extended CPU instructions, and acceleration using GPU cards (only NVIDIA for the moment, ATI and friends coming in a month or two). Technologically, the product is pretty cool (and it’s going to become better).
However, this is an early beta and it obviously lacks some functionality. You cannot pause/resume recovery. You are limited to wordlist-based attacks only. It is no way bug-free and it will expire on March, 15 after all. Still, you are invited to give it a try. You can download it at http://www.elcomsoft.com/eppb-beta.html.
Please submit your feedback to iphone at elcomsoft.com or use "Help ➯ Send feedback…" menu command from within program itself. Bug reports are welcome, so are suggestions and feature requests. Top contributors will receive iTunes gift certificates, free software licenses and discounts.
So, they are back from CCFC (Beijing) where Vladimir, Andrew, and Dmitry made their speeches and listened to those given by other reps. Here is a follow-up of the conference with nice shots kindly taken by a keen “shooter” Dmitry Sklyarov ;) But first of all, we’d like to thank Sprite Guo for taking care of all preparations and perfect managing throughout the whole conference – our BIG thank you!
Remarkably, on guys’ returning there was no need to ask them about their trip, it was clearly seen on their fresh faces they are full of new ideas which is the most intrinsic value of all.
So, here is a photo-reportage…
Andrew Belenko is making his speech on the opening day
Vladimir, Dmitry, Andrew and Yurii at Tian’anmen
Dmitry Sklyarov is lecturing… as always
Andrew, Vladimir and Sprite, cigarette-break
Guess what?
CCFC photo session
Sometimes it is like in a fairy tale
Dmitry, Vladimir and Andrew and the Great Wall of China
Our it-friends from Ukraine (KARPOLAN and Dmitry) highly optimized our developing processes and helped us finalize long-awaited Password Recovery KIT. We won’t go deep into technical details, just have a look at rough visualization.
Back from summer holidays? Suntanned, full of energy, had a good time? And worried about your bank account balance? Don’t strain your nerves unnecessarily, rather keep your business flourishing. We say that your money will return like a homing pigeon back to you! Keep your windows wide open
ElcomSoft prepared yet another pleasant and valuable surprise for you – money certificates up to $100 that you can spend in on-line shops (viz. Amazon and iTunes) on anything you want: music, books, video, software – anything!! Lightning never strikes in the same place, so, drop everything and buy now, because you’ll get back your money.
ATTN: This offer is not for long! So, stay tuned and keep your ears cocked for our news and other special offers.
As the second summer month is coming to an end, it’s time to sum up our news and updates that you might have missed because of vacation in some tropical heaven. Last two weeks brought us really hot days, not only because of the temperature in Moscow City but also due to hard work on program updates. Here is the news:
We released the new version of Distributed Password Recovery. It features support for TheBat! and TheBat! Voyager mail clients master passwords (masterkey.dat) and passwords to TheBat! backup files (*.tbk). The GPU acceleration has been extended and now works for Domain Cached Credentials (DCC), as well as Office 2007, Adobe PDF 9, Windows logon passwords (LM and NTLM), WPA/WPA2, and MD5 hashes.
A new version of Elcomsoft Wireless Security Auditor was released. EWSA 1.03 is able to extract WPA-PSK password hashes from local systems when Wireless Zero Configuration is used.
Our website is now available in Spanish, Italian, and Polish. We promise to add more languages soon to bring our customers information in their native tongues.
Good news over here! We’ve got a nice and shiny registration certificate from the United States Patent and Trademark Office. Now our Thunder Tables have their (R) sign.
ATI Stream Developer Showcase enrolled our Elcomsoft Wireless Security Auditor in its security section, among other “notable applications” that use ATI Stream technology:
ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.
The questionnaire is well designed and if you have no time you can simply tick the matching answers which are prepared for your convenience. If you have a special experience to share or lots of thoughts on passwords, please take a while and use empty spaces provided for your own answers.
The survey is set to run for several weeks in order to cover more people, for we understand that summer is the best season for vacations. After the survey is completed and results calculated, we will release a full report with facts and figures. We tried to put sensible questions in the belief that results’ analysis will help us find out which questions should be better and more deeply highlighted in our articles, whitepapers, as well as in our blog.
This is the first our empirical research and we hope you will find it interesting and enjoyable. You definitely have your own opinion on passwords, and as you understand this survey is a perfect way for you to share that opinion. So what do you think? Be frank and open, take the questionnaire, and help us let others know about it.
All modern AMD and Intel processors are 64-bit and corresponding Windows versions are also on the market. It is highly recommended to use 64-bit systems (though 32-bit systems perfectly work on 64-bit processors) because in this case more than 3 Gb RAM can be employed, and today we have lots and lots of 64-bit systems, so it’s getting more and more critical. (more…)
Note to PGP legal dept: I’m not going to put the ® sign every time when I mention PGP. I’m just tired; we already did that in our press release and on our web site, and I think it’s enough. No, really? Well, I’ll repeat one more time: all names like PGP are trademarks or registered trademarks of their respective owners in the UK, USA, Russia and probably somewhere else – e.g. in Albania. There are too many countries to mention, sorry . Why should I care about (R)? Keep reading, and you’ll see the reason.
Note to PGP executive and marketing depts: thanks again for helping our marketing people to spread a word about company and our software. We have received many calls from local and international media, a nice press coverage, and a lot of people coming to our booth at InfoSecurity. Well, and several good orders – mostly from forensic/investigation people.
Now an update to my previous post. It becomes more and more funny: PGP has wrote about our ‘conflict’ in their own blog. And the author is… Jon Callas, CTO of PGP. He called his blog entry Lies, Damned Lies, and Marketing – not bad, eh? But the contents is even better. Jon starts with the words about ElcomSoft: "The company who made this has a great product, and as I said then, it’s a very cool product." Thanks Jon, but we already knew that our software is "great" and "cool" – otherwise we would not get enough sales . But Jon’s story continues with the following:
[ElcomSoft] booth said, “the only way to break into PGP®.” This is a lie, and a lie in two directions.
1.They’re not breaking into PGP, they’re doing password cracking. There’s a difference.
2.They’re not the only people who do it. As I’ve said before there are plenty of other password crackers, both commercial and open source.
In short, the sign was factually incorrect, and lies about PGP.
If we lie, please sue us. If we don’t, better be quiet, please. But PGP marketing people have selected the 3rd way: complained to Reed Exhibitions and asked to destroy [a part of] our booth. Well done.
About [1]: from my personal point of view, "breaking into PGP" can mean "password cracking" as well. Do we provide the tool to get access to password-protected PGP disk? Obviously we do. Did we say that it works in 100% cases, or that we cracked PGP encryption/algorithms? No we did not. Oh well, our English is definitely not perfect, but I think it is still better than your Russian, Jon
About [2]: yes, there is a lot of password crackers around. But I’m aware of just a single one (except ours, of course) for PGP Disk – and it is commercial; supports old versions of PGP Disk only; moreover, it is distributed only as a part of very expensive commerial e-discovery package – and it is MUCH slower than ours (because it does not use GPU acceleration). Sorry, I will not mention the vendor name here, simply because it is our competitor – and it did not pay us for an advertisement . Jon, I’d appreciate if you can name the other ones (commercial or open-source). If you cannot, YOU lie. But I like your wording "as I’ve said before"; I think I should used it myself, too (e.g. "as I’ve said before, PGP is not secure and can be cracked" – without reference, for sure ).
I recall how I talked to PGP representative a year ago – on previous InfoSecurity UK. The first question he asked was: "Have you received an e-mail from our legal department?". I replied "Should I?"; he said "Yes", and explained the reason: there was no (R) sign (near "PGP") in our press release (Elcomsoft Distributed Password Recovery Unlocks PGP Protection). Well, see the note at the beginning of this post
Another note: in fact, we were strictly prohibited (by Reed, but that’s definitely not their own initiative, but for sure PGP’s one) from printing anything about PGP on our booth. It’s a pity that I did not have a voice recorder handy. So if we wrote something like The only way to break PGP passwords, or The most cost-effective way to crack PGP passwords etc, such panel will be removed as well. We’ll probably try this next year. But we reserved the other place for InfoSecurity 2010 – not so close to PGP; I think it is a good idea anyway, because every half an hour they’re doing very loud (but not very smart) presentations telling people that PGP is #1 in this and that (nothing really interesting/technical/innovative).
Oh, I forgot to mention that we received a document from Reed explaining why they’ve removed our wall paper, finally – at the end of the first day, i.e. about 8 hours after removal. The official Regulations (sorry, I’m too lazy to scan it – but I will, if you wish) say that it should be done in advance (and no action can be made without prior notice in writing), but who cares? Anyway, for those who interested – here is how it looks like:
But I should also mention that Reed keeps their word: our panel has been replaced this morning (at their own cost). Have a look (the second panel from the right; the color is slightly different from the original one, but still better than nothing):
Lessons learned? You guess yourself. I would not say anything bad about PGP and/or Reed – they really helped us a lot. And I would NOT recommend PGP to send smarter people to the exhibition next year – so we’ll be able to save a significant part of our marketing budget
After all… All of the above (as well as my other posts) is my personal view, and not an official position of ElcomSoft. Yeah, I’m the CEO of ElcomSoft, and I’m the person who approved the design of our booth (btw, only two days before the show: we were really busy doing technical stuff), but anyway.
Oh, almost forgot to share one more picture – with ElcomSoft people:
From left to right:
Andrey Belenko, IT Security Analyst (and an inventor of GPU acceleration; well-known person in ‘crypto’ world)
Olga Koksharova, Marketing Director (doing real and smart marketing and PR, much better than PGP’s one)
Vladimir Katalov, CEO/co-owner (me; ex-programmer – not a stupid ‘manager’ hired by expensive headhunters)
And finally, thanks to all who made the comments to my previous post. As you can see, our blog is NOT MODERATED – in contrary to PGP’s one (which is actually premoderated, try it yourself; we made some comments there, but they have not appeared – at least in about two hours after writing). Censored?
Today we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.
Back from summer holidays? Suntanned, full of energy, had a good time? And worried about your bank account balance? Don’t strain your nerves unnecessarily, rather keep your business flourishing. We say that your money will return like a homing pigeon back to you! Keep your windows wide open 
Lightning never strikes in the same place, so, drop everything and buy now, because you’ll get back your money.
ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.
. But Jon’s story continues with the following:
