When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

What does enhanced security mean for the user? With iOS 5, they are getting a bit more security. Their keychain items such as Web site, email and certain application passwords will remain secure even if their phone falls into the hands of a forensic specialist. That, of course, will only last till the moment investigators obtain the original device passcode, which is only a matter of time if a tool such as iOS Forensic Toolkit is used to recover one.

What does this mean for the forensics? Bad news first: without knowing or recovering the original device passcode, some of the keychain items will not be decryptable. These items include Web site passwords stored in Safari browser, email passwords, and some application passwords.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Faster Operation

Besides adding support for the latest iOS 5, Elcomsoft iOS Forensic Toolkit becomes 2 to 2.5 times faster to acquire iOS devices. When it required 40 to 60 minutes before, the new version will take only 20 minutes. For example, the updated iOS Forensic Toolkit can acquire a 16-Gb iPhone 4 in about 20 minutes, or a 32-Gb version in 40 minutes.

Today we are releasing a new version of Phone Password Breaker, this time adding the ability to recover security passwords protecting BlackBerry handsets. Yes, that is the very password used to lock and unlock the device. And yes, no one has done that before (well, at least not publicly).

Before you get too excited, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode. If this condition is met, EPPB will be able to run password recovery against device security password. What is also important and rather exciting is that you don’t need the BlackBerry device itself. All that is needed is a media card that was used in that device. Actually, we only need one specific file from that media card, so yes, the recovery can be off-loaded and the password can be recovered offline.

So how does this feature work? It’s pretty straightforward: launch Elcomsoft Phone Password Breaker, click Open and specify that you want to recover a BlackBerry security password. After that, you’ll need to navigate to the info.mkf file from the encrypted media card. It is located in BlackBerry/system directory on the media card, and is marked as hidden. Once you open the file (and only if the file comes from the card encrypted using the “Security Password” or “Device Password” option) you will be able to start the recovery as usual. The good news is that recovery rate is amazingly fast by today’s standards: it tries several million passwords per second on a modern multi-core CPU equipped with AES-NI instructions. With Intel i7-970, I am getting 1.8 million passwords per second in wordlist mode, and about 5.9 million passwords per second in bruteforce mode. Compare that to iPhone passcode recovery rate of less than six passcodes per second for iPhone 4, and try to think hard about BlackBerry having better security.

Among other changes in this version is preliminary support for iOS 5 backups. As Apple readies its newest and most advanced mobile OS yet, we have updated EPPB to make it compatible with backups produced by the latest beta of iOS 5. All the usual features (password recovery, backup decryption, and Keychain explorer) are available for iOS 5 backups.

Speaking of iOS backup decryption, we added another option demanded by our customers. EPPB can now recover original file names when decrypting a backup. That means you will get a directory structure and meaningful file names, making it easier to explore and analyze backup contents.

I really hope you will enjoy the new features.

RIM BlackBerry smartphones have been deemed the most secure smartphones on the market for a long, long time. They indeed are quite secure devices, especially when it comes to extracting information from the device you have physical access to (i.e. mobile phone forensics). It is unfortunate, however, that a great deal of that acclaimed security is achieved by “security through obscurity”, i.e. by not disclosing in-depth technical information on security mechanisms and/or their implementation. The idea is to make it more difficult for third parties to analyze. Some of us here at Elcomsoft are BlackBerry owners ourselves, and we are not quite comfortable with unsubstantiated statements about our devices’ security and blurry “technical” documentation provided by RIM. So we dig.

Our first two targets are the apps providing secure storage of sensitive data: BlackBerry Password Keeper and BlackBerry Wallet. These applications are provided by RIM for free; Password Keeper is even included with each installation of BlackBerry OS. The two apps are the recommended way to store login credentials and other sensitive data such as credit card numbers. The data stored in those two apps could also be a wealth of information for investigators. According to RIM, all data is securely encrypted with AES-256. The encryption key is derived from user-specified master password, which can be different from device password. Password Keeper and Wallet master passwords can also be different.

Another notable fact is that Password Keeper and Wallet databases are included in the backup produced by BlackBerry Desktop Software. This means that, as a mobile forensics investigator, you can access those databases (containing encrypted data at this point) by either connecting suspects’ handset and running Desktop Software (if there is no password protection on the device) or by looking for stored device backups on suspects’ computer(s). And even if the backup you’ve been able to get a hold of is encrypted, our Elcomsoft Phone Password Breaker can recover the password for it .

Once you’ve got the (unencrypted) backup, Password Keeper and Wallet databases are accessible. The problem is that their data are still encrypted. And this is exactly what today’s EPPB release is about: recovering master passwords for Password Keeper and Wallet databases. Now you can load a BlackBerry device backup into EPPB and run password recovery against Password Keeper and Wallet databases. And what’s really good about this is that password recovery rate is great – hundreds of thousands and up to several millions passwords per second on modern CPU, depending on BlackBerry OS version. To the best of our knowledge, there were no tools capable of doing this until now, so we're proud to be the world’s first again, offering our customers unique functionality that’s not available in other vendors’ products.

So, you were able to discover the master password, what's next? Right now you have two options:

• Use BlackBerry Simulator, restore the backup to it, and use the recovered master password(s) to enter Password Keeper and/or Wallet. Access stored data as usual.
• Use Elcomsoft BlackBerry Backup Explorer, which can now show Password Keeper and Wallet data (as of version 9.61 being released today).

The third option to view Password Keeper and Wallet data within EPPB itself will be probably added with the next update. Speaking of updates, I'd like to tell you that this BlackBerry-related addition is really small compared to what's in the queue. If things go well, we hope to release "the next big thing" within 1-1.5 months from now. You're going to love it, I promise .

P.S. For those technically inclined out there, here’s a brief summary:

BlackBerry Password Keeper database format and protection is the same for OS 5, OS 6, and OS7. Per-item encryption key is derived by computing 3 (three) iterations of PBKDF2-SHA1 with master password and per-item salt.

Wallet database format and protection differs between OS 5 and OS 6/7.

For Wallet in OS 5, per-item encryption key is derived by computing 3 (three) iterations of PBKDF2-SHA1 with SHA-256 hash of master password and per-item salt.

For Wallet in OS 6 and OS 7, per-item encryption key is derived by computing a random number of iterations (between 50 and 100) of PBKDF2-SHA1 with SHA-512 hash of master password and per-item salt.

Encryption in all above formats is AES-256 in ECB (!) mode, SHA-1 hash of the data is appended before encrypting; data is padded as per PKCS #5.

In my opinion, should RIM have opted to be more open about their security mechanisms, someone (maybe even someone from their own team) could possibly point out that the level of protection against password recovery attacks is not sufficient for 2011.

• The ability to decrypt contents of the device keychain
• The ability to perform logical acquisition of the device
• Logging of all operations performed within Toolkit
• Support for iPhone 3G
• Support for iOS 3.x on compatible devices
• Support for iOS 4.3.4 (iOS 4.2.9 for iPhone 4 CDMA)
• Let me give a short description of each of the new features.

Keychain Decryption

Logical Acquisition

Logging

iPhone 3G and iOS 3.x Support

Compatibility with iOS 4.3.4 and iOS 4.2.9

The Onion News Network has a news webcast about Facebook program and its use in acquiring information during federal investigations and how greatly this project can save federal expenses:

CIA's 'Facebook' Program Dramatically Cut Agency's Costs

Joking aside, although Facebook was not presupposed to carry out any federal mission like this, the fact is that Feds can very well use Facebook to gather more details of people they are looking for. The question is: how can they do this (if, of course, that’s not the ‘special project’ itself)? One of possible ways to get necessary data would be to set an account and make friends with the suspect, however there are some hidden rocks in it. First, the suspect might not like to make friends with “camouflaged” feds; second, even if you managed to get friends, your access to suspects’ details can be restricted.  Obviously, this is not an easy way to chase a criminal, on the other hand it provides an opportunity to establish and initiate personal contact with the suspect if that’s required.

What else can be done? Well, getting access to suspects’ computer is not a bad idea and most probably this would be point number one. There are many ways to seize and arrest suspects’ computers and as soon as it is accessible computer specialists start scrutinizing its content in search of any evidence. Here all ElcomSoft password recovery tools come into action and now also Facebook Password Extractor designed exclusively for Facebook accounts. 

The new utility gets Facebook account passwords saved in Web browsers on the local computer.  Pleasant thing is that ElcomSoft decided to help saving federal costs as well and made the software free of charge: “This is our duty!”, says unnamed ElcomSoft representative. The main Facebook Passwords Extractor features:

• The utility is absolutely free
• Easy exploitation – you simply start the program and it takes over the rest of work
• Supports all popular Web browsers and their versions: Internet Explorer till v. 9, Mozilla Firefox till v. 4, Opera till v. 11.10, Google Chrome till v. 11, Apple Safari till v. 5
• Works almost instantly
• Finds unlimited (i.e. all) number of logins and passwords stored in Web browsers on local computer.
• Does not matter how long and complex the passwords are and what languages they're in

N.B. Passwords stored in Mozilla Firefox and Opera protected with master password, cannot be recovered with this tool. For the first one (Firefox), however, we do have the solution: Elcomsoft Distributed Password Recovery. Let us know if you're interested in Opera master password recovery, too!

Working with it is quite simple. Right after you start Facebook Password Extractor, it searches Web browsers installed in the system and analyses data stored in every of the installed browsers, local databases, and cache. This allows finding all account information (login – password) that has ever been saved in Web browsers as autocomplete and/or authentication data. All found passwords to Facebook accounts are being decrypted and displayed in convenient form.

There is one “problem” with Facebook Password Extractor, though. It works with Facebook only  . If you need to reveal passwords to other social networks, get the Elcomsoft Internet Password Breaker instead. It is not free, but you always get what you paid for – not just [saved] passwords to social networks, but also the contents of ‘autocomplete’ fields (an extremely good source of information, including passwords), Windows Live Mail credentials and more.

When it comes to obtaining the contents of iPhone’s file system, mobile forensic specialists usually mention the following three opportunities:

1. One can 'mount' the device, mapping it as a drive letter and copy data file after file. In this mode, I/O requests are served by the file system driver on the device that’s supposed to ‘know’ the encryption keys for all files. Essentially, this means that analyst receives file data that is already decrypted during the transfer. The ‘mounting’ in this case is achieved by using undocumented interfaces provided by Apple iTunes, which makes the researcher rely on something that’s a) undocumented, and b) involuntarily provided by the manufacturer. The amount of data available depends on whether the device is booted into a so-called "jailbroken" state or not. Devices that are not booted into a "jailbroken" state allow access to significantly less information. In "jailbroken" state, all information stored on the device may be available.

It is worth mentioning that booting a device into a "jailbroken" state does not necessarily require a permanent "jailbreak" modification of the device, and can be performed without modifying data stored on the device, i.e. without violating read-only principle so important in computer forensics.

While relatively simple, the file-based approach has numerous limitations that make it less than ideal for forensic purposes. Since the transfer is done file-by file, the case quickly becomes difficult to manage. Typical file system contains tens of thousands of files so it might be quite a challenge to even store them in forensically sound way (i.e. making sure that no files are added, deleted, or modified after acquisition is complete). Another problem is that some files may be locked by running processes, may require additional privileges, symbolic links may interfere with the host system, etc.

2. The second option would be to decrypt file system as a part of acquisition process so that its result is a decrypted file system.

3. Finally, one can do a physical acquisition of the encrypted file system and decrypt the data off-line. This would require an additional step of extracting required keys off the device.

The last two options are indeed very similar. In both cases, I/O requests are served by storage driver (as opposed to file system driver in the first case), effectively bypassing proprietary file system drivers and avoiding all types of file locks and access permission problems. Both methods require the device to be in "jailbroken" state.

Although those last two acquisition approaches are similar and first one might seem more attractive on the first sight, we decided to go with the last one. In our eyes, there are numerous important benefits to doing the physical acquisition in a ‘raw’ way.

1. We believe that physical acquisition should be as close to the original device data as possible. The first method (mounting the device) relies on the file system driver to deliver decrypted file data. If we wanted to implement similar on-the-fly decryption during the physical acquisition process, the resulting image won’t be a bit-to-bit physical copy at all. Instead, we can do those actions off-line, and produce a decrypted image out of a precise bit copy.

2. Some device secrets such as the passcode or escrow keys might not be known at acquisition time. Without knowing those secrets, some files can not be decrypted. Off-line processing allows capturing and storing the original encrypted image while postponing the decryption to a later moment. An analyst can return to the original image if more secrets become available (e.g. escrow keys are discovered on suspects’ desktop computer) without having to re-acquire data from the physical device.

3. Analysts may have a backlog of cases. Re-doing the acquisition with a new tool might not be what they’re looking for. With off-line approach, one can obtain the keys from the device, which takes much less time than re-imaging it.

4. Forensics often already have a favorite (or the only approved) tool to do device imaging. For those who don’t, ElcomSoft can provide a basic one that just works. As long as the tool is capable of producing raw (dd-style) images, the analysts can continue using it.

5. Finally, the tools are not bug-free. The acquisition must be as simple and as straightforward as possible. Having to re-acquire the contents of a 64 Gb iPad because of a glitch in the imaging tool could be extremely frustrating and time-consuming. By performing the decryption as a separate process, one can reduce the risk of this happening.

The Toolkit

Elcomsoft Phone Password Breaker is available to general public. We will also provide eligible parties with additional acquisition Toolkit to use on devices running iOS 4.x. We’ll also provide detailed instructions. The Toolkit will allow the following:

• Extract hardware-dependent keys, file system keys and escrow keys from the device;
• Recover the passcode (subject to passcode length and complexity);
• Obtain bit-to-bit copy of device storage.

After obtaining an image of the device storage area accompanied by device-specific keys, analysts will be able to run Elcomsoft Phone Password Breaker to decrypt the acquired image and then analyze the decrypted image with the forensic tool of their choice.

The many different security policies and government regulations make standard practices of choosing passwords inadequate (passwords are too easy to break) or unfeasible (passwords are impossible to memorize, get written on yellow stickers, and get easily hijacked).  To facilitate the needs of its customers, ElcomSoft Co. Ltd. employed its extensive expertise in the areas of information security and password recovery, and offers a service to provide the perfect balance between password strength and memorability. After breaking millions of passwords, the company has inside information on what’s strong, what’s weak, and what’s adequate for every task.

Offering three strength levels and several additional options, ElcomSoft offers an economical way to create passwords perfect for the type of information they protect. Customers can choose passwords that are short and strong, long and extremely strong, or very long and guaranteed unbreakable. For a small extra fee, Password Store customers can choose passwords that are easy to pronounce or quick to memorize, without sacrificing a single bit of security. In addition, ElcomSoft offer a “gift-wrap” option that accompanies every password with a digital authenticity certificate.

As a value-added service, ElcomSoft offers exclusive password recovery service to all customers of its Password Store. For a nominal fee, forgotten passwords can be recovered in an instant. Under no circumstances will the company sell passwords to any third-parties or upload the lists to the three-letter agencies, government or law enforcement officials unless they become our clients and buy their own passwords.

More info at http://www.elcomsoft.com/password_store.html

Now if your partner gets a compromising anonymous image where you are enjoying yourself with nice blond with blue eyes or charming young man, don’t panic and don’t get upset, you can easily prove it is just a fake (even if it’s not ).  Seriously, how can we trust photographic evidence in the era of Photoshop and other designer tools? The genuineness of a digital image can only be proven by special digital tools…like OSK-E3?

Unfortunately or maybe fortunately, it turned out that OSK-E3 (Canon Original Data Security Kit) cannot guarantee image authenticity, because now it can recognize even fake images as true and genuine. However, the problem is not in OSK-E3, it is in Canon Original Data Security system implemented in most modern Canon DSLR (Digital Single-Lens Reflex) cameras.

Now it’s possible (well, Dmitry did it recently and who knows if somebody could do it earlier ) to dump camera’s memory, extract secret keys from the camera, and calculate ODD (= Original Decision Data) which answer for any changes done to the image. And thus name the modified image as original one.

What Canon can do? It seems like Canon can nothing do with their models right now, because the fundamental problem lies not in the software. Changing the software could possibly solve the question, until someone again finds its vulnerability. But adding cryptoprocessors that won’t expose the secret key and thus will prevent from any penetrations from outside would close the loophole.

Have a look at some of our fake images that pass verification test by OSK-E3: http://www.elcomsoft.com/canon.html

So, can you now trust Canon’s OSK decision if an image is original or not?

Yesterday, we recovered login and password information to Internet Explorer only, but it was yesterday… Now, Mozilla Firefox, Apple Safari, Google Chrome and Opera Web browsers are at your disposal.

Let’s plunge into some figures…

Imagine, just a couple of years ago there was no Chrome at all and now it captivates more than 19% of users and is the third most popular Web browser. Safari appeared first in 2003 under Mac OS and in 2007 under Windows, now it’s the fourth popular Web browser.

A curious scene unfolds before us, IE is constantly losing its followers to the advantage of FireFox and rapidly spreading newcomers like Chrome. However, in spite of all these browser wars, any statistical data can only be relatively true and I’m sure we all use more than one Web browser (I use three at least).

Some of them are at hand because they are default browsers like Safari on iPhones and iPads, some of them are more convenient for Web designing, and some run under Linux and Mac OS X as well.

That’s why we decided to crack other browsers as well. BTW, our CTO Andy Malyshev claims that compared to IE 8 protection all the other browsers were just “a piece of cake”.

Just if you’re curious, different Web browsers store their data (including logins and passwords to web sites) in different formats. In Apple Safari, it is Property List (plist), in versions up to 3.x (incl.), that was just a plain XML which is easy to parse. In Safari 4 and 5, it is in binary form (though organized very similar internally). Encryption is done with DPAPI.

Mozilla Firefox: up to version 3.5, they stored everything in plain text; starting with version 3.5 – in SQLite databases. Everything is encrypted there (yes, in old text files, too) using their own API called Network Security Services (NSS).

In Google Chrome SQLite is used as a storage and DPAPI for encryption.

Opera: proprietary (binary) file format whereas encryption is done with DES.

Now it’s easy to get back account information, logins, passwords and cached forms in all browsers like IE, Apple Safari, Google Chrome, Opera, and Mozilla Firefox, as well as Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail.

However, there is a trick with Mozilla Firefox…if it has a master password, your only prey will be URLs, unless you know the required master password…OR have Elcomsoft Distributed Password Recovery which deals with such passwords.

One more trick with Firefox (quite a tricky browser, isn’t it?) is that unlike the others it should be installed itself, because EINPB refers to some of its dll-files.

As we’ve seen, the tendency is to use several browsers, or better said switching from IE to other ones, which implies some problems with switching some details (such as name, address, or whatever else) cached in your previous Web browser and happily forgotten. This is a frequent scenario – I personally found myself in similar situation a couple of days ago, when I had to reach an online account (which login and password are cached) from another browser and couldn’t…but my situation was even worse because I used different computers. Anyway, this won’t bother you anymore, because EINPB can pull all data from your old browser and gather it in one file. 

So, let us not dampen our joy over browser wars as they are not finished yet and appease our hunger for new browsers (?) We also get influenced by popular opinion, so tell us your browser preferences and maybe we’ll crack them too.