What’s special about EINPB? Let’s have a quick jog through some of its features. Our new tool instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox & identity passwords in lots of Microsoft versions. It as well supports the new security model employed by Microsoft Internet Explorer 7 and 8.

Think it can be of any interest for you, please visit our site http://www.elcomsoft.com & learn more about EINPB at http://einpb.elcomsoft.com.

iOS 4 comes packed with a lot of nice features (long-awaited multitasking, background location services, iBooks and much improved Mail app  just to name a few) and we are very pleased to announce today the release of the new version of Elcomsoft iPhone Password Breaker with support for iTunes 9.2 and iOS 4.

Elcomsoft iPhone Password Breaker (or EPPB for short) is a utility to recover passwords for encrypted and password-protected iPhone/iPod/iPad backups created with iTunes (please note that it’s not meant to recover or remove passcode lock on the device).

With iOS 4 Apple has completely changed the way backups are encrypted and stored. Backup and restore processes are way much faster now. Apple have also improved protection against password recovery attacks, thus making our job harder (password recovery is about 5x slower for new backups than for older ones).

We at Elcomsoft try our best to keep up with the times, so most of our tools & programs are adjusted to the latest technologically advanced features. The EPPB is not an exception, new version of EPPB fully supports both old and new backup formats. It also supports hardware acceleration using NVIDIA and ATI GPUs and Tableau TACC1441.

However, there is no order that users have to change their Wi-Fi passwords regularly, the only requirement being to set up a password on the initial stage of wireless access installation and configuration.

I’ve conducted a mini-research here in Russia. There are 5 wireless networks in range that my computer finds when at home. Although all of the networks have rather bizarre names, they are all WPA- or WPA2-protected. My guess is that people do not install wireless access at home by themselves or browse the Internet for instructions and find some on protection and passwords. At the same time, I often come across unprotected networks in Moscow and I do use them to check my Twitter account. It is obvious that to make any conclusions, one has to dive into this topic much more deeply.

What I learnt working for ElcomSoft – the company that recovers passwords and does it very well – is the following: sometimes a password is not enough. You need a good password to make sure your data is protected. WPA requires using passwords that are at least 8 characters long. Such length guarantees quite good protection. The problem as usual is the human factor. We still use admin123 and the like to protect our networks.

Fortunately, there are tools that can help you check how strong your WPA/WPA2-password is. One of such tools is Wireless Security Auditor. It makes use of various hardware for password recovery acceleration and a set of customizable dictionary attacks. The idea is simple: if this monster does not find your WPA/WPA2-password, then it is secure 

Nice weekend to all.

The last, but not the least, we have found that EPPB can handle encrypted backups from Apple's newest tablet, iPad (thanks to Apple for using the same underlying technologies for iPhone, iPod Touch and iPad).

P.S. If anyone's interested, we think that iPad is really cool gadget. It's not a substitute for a laptop, but it's great for catching on emails, surfing web, watching photos or videos or movies and for reading books. And multitouch on 10'' screen is awesome .

P.P.S. Yes, this blog post was originally created on iPad.

From developer's point of view NVIDIA has always been superior. Ease of use, quality of SDK and drivers, thorough documentation. Apparently, they have invested a lot in developing, promoting and supporting CUDA.

Developing software for ATI cards is (okay — was) a nightmare. In 2009 ATI quietly introduced two changes in their drivers which made previously perfectly functional and compatible applications to crash (if you are curious: with Catalyst 9.2 or 9.3 they've changed names of supporting DLLs bundled with drivers; with Catalyst 9.9 or 9.10 they've probably changed format of underlying binary so that anything compiled and linked in with earlier versions caused a driver to crash). And there was almost no documentation with 1.x ATI SDKs.

But when it comes to pure mathematical performance (that is, not counting memory transactions) ATI cards are faster than NVIDIA counterparts, usually by far. Sometimes by very far. That's why we've been supporting them for more than a year already.

Next week we're going to update two of our applications — Elcomsoft Wireless Security Auditor and Elcomsoft iPhone Password Breaker. Among other things, they will support the use of both NVIDIA and ATI cards at the same time. Although I don't think this is a very common scenario, we've had some questions regarding possibility of such configurations.

Well, the answer is — it works! To verify this we've put GeForce GTX 295 and Radeon HD5970 into the same PC and tried to make this configuration work. This is how it looks before connecting power cables:

And this is how it looks after:

With Windows 7, there were no problems installing drivers for both cards, everything went smooth. We have used Catalyst 10.2 and Forceware 196.75 (it has been removed from website due to problems with fan control; I believe 196.21 will also work just fine).

If you will try to do this yourself, beware of one catch. After you have installed drivers you will see both ATI and NVIDIA cards in Windows Device Manager, but EWSA or EPPB will show only cards from one vendor. To overcome this you'll need to connect monitors to both cards and extend your Windows Desktop onto both of them. If you'll do this, our programs will be able to recognize all cards and you end up with something like this:

In fact, you can use both cards even with Windows XP! This is, however, not so smooth as with Windows 7. Performance for ATI cards is worse in XP, too. The funny thing is that XP seems to be unable to boot with two display drivers installed, so you have to uninstall one driver first, reboot, and then install it again (do not reboot!). Connect second monitor, and our programs will recognize cards from both vendors. If you will try to reboot, you will end up with BSoD and will need to boot in Safe Mode, uninstall one of drivers, and start over. Here's screenshot of EWSA running under XP x64:

EDIT: Some discussion on performance and architecture of next-generation GPUs have been removed in accordance with NVIDIA request.

In case you do not know, iTunes routinely makes backups of iPhones and iPods being synced to it. Such backups contain a plethora of information, essentially all user-generated data from the device in question. Contacts, calendar entries, call history, SMS, photos, emails, application data, notes and probably much more. Not surprisingly, such information manifests significant value for investigators. To make their job easier there are tools to read information out of iTunes backups, one example of such tool being Oxygen Forensic Suite (http://www.oxygen-forensic.com/). Such tools can not deal with encrypted backups, though.

Starting with iTunes 8.2 and iPhoneOS 3.0 (that is, June 2009) it became possible to protect iTunes backups with a password. After you specify protection password, no backup data leaves or enters device unencrypted. That is, contacts, emails, photos, etc. are encrypted on the device, transmitted encrypted over USB cable, and saved encrypted on hard disk. Apparently, such backups exhibit much less value for investigators.

This is where our tool comes into play. Given a password-protected backup, it can run various password recovery attacks, trying thousands passwords per second. Unquestionably, it supports multi-core CPUs, extended CPU instructions, and acceleration using GPU cards (only NVIDIA for the moment, ATI and friends coming in a month or two). Technologically, the product is pretty cool (and it’s going to become better).

However, this is an early beta and it obviously lacks some functionality. You cannot pause/resume recovery. You are limited to wordlist-based attacks only. It is no way bug-free and it will expire on March, 15 after all. Still, you are invited to give it a try. You can download it at http://www.elcomsoft.com/eppb-beta.html.

Please submit your feedback to iphone at elcomsoft.com or use "Help ➯ Send feedback…" menu command from within program itself. Bug reports are welcome, so are suggestions and feature requests. Top contributors will receive iTunes gift certificates, free software licenses and discounts.

"[Host Extender Info]" string is replaced to "[Host Extender 1nfo]".

There were some additional similar changes and finally I found that the macro has damaged digital signature record. It’s ignored when macro is running but when we try to open the macro to view — Excel shows the error.

Microsoft has very weak VBA macro protection. That’s why developers are searching for non-standard protection methods. It’s not simple to reconstruct a damaged macro and it may require a lot of time.

If your macro cannot be opened by our password recovery programs — the most probable reason is custom protection that damages some technical records. I cannot say that it’s a good protection. New versions of MS Office may not work correctly with damaged files.

Our it-friends from Ukraine (KARPOLAN and Dmitry) highly optimized our developing processes and helped us finalize long-awaited Password Recovery KIT. We won’t go deep into technical details, just have a look at rough visualization.

The brute-force attack consists of two parts:

1. Trying digits and latin letters
2. Trying national characters depending on code page set in Windows.

Before this time these parts were hardcoded in the program. The new version of Advanced Office Password Recovery has an option to customize the preliminary brute-force attack. 

Look to the directory where AOPR is installed. There is "attacks.xml" file inside. The first section of this file is the language map:

The codes are Windows language identifiers. You can link any LID to your custom name.

The next section contains predefined charsets:

All charsets are in unicode so you can define any national characters here.

And the final section is "documents". All parts of this section has comments about document types. You can define the "common" charsets and charsets that are related to system language. Each "attack" record defines password length and charset.

In this XML file you can simply change the standard preliminary attack and define the custom charsets for your language. I hope this will help to recover your Office passwords faster.

Starting from Office 2007, Microsoft used password protection system called ECMA-376, developed by ECMA International. This standard is open and everyone can write ECMA-376 based protection which will be accepted by Microsoft Office. The standard allows to select hash and encryption algorithms as well as the number of hash rounds (up to 10 millions is allowed).

In Office 2007, ECMA-376 with SHA-1 hash and AES-128 encryption is implemented. The number of hash rounds is 50000 that makes password recovery really difficult and slow. Office 2010 also uses SHA-1 and AES-128, but the number of hash rounds is now 100000. Therefore password recovery for new Office files will be two times slower.

Here is a diagram of password recovery speed for Office 2007:

To get a speed for Office 2010, simply divide these values to 2. We’ll get about 175 pps on Core2 6600 and about 8750 pps on Tesla S1070.

Why don’t increase the number of hash rounds to 10 millions ? Security is really important but it always affects usability. The hash is calculating to verify a password and when each document block is decrypted. If we add hash rounds – the document decryption time is increased. If a document is opening in MS Office during one hour – its unacceptable despite of high security.

Anyway – Office 2010 documents will be more secure than Office 2007 ones. And the new encryption has backward compatibility – all Office 2010 documents can be opened in Office 2007.