Archive for the ‘Software’ Category

Hacking For Dummies, 3rd Edition by Kevin Beaver

Tuesday, November 2nd, 2010

Although this new book is on sale from January this year, we are happy to officially say our words of gratitude to Kevin Beaver and advise it to you.

In his book Kevin insists that the best way to really understand how to protect your systems and assess their security is to think from a hacker’s viewpoint, get involved, learn how systems can be attacked, find and eliminate their vulnerabilities.  It all practically amounts to being inquisitive and focusing on real problems as in contrast to blindly following common security requirements without understanding what it’s all about.

Kevin extensively writes on the questions of cracking passwords and weak encryption implementations in widely used operating systems, applications and networks. He also suggests Elcomsoft software, in particular Advanced Archive Password Recovery, Elcomsoft Distributed Password Recovery, Elcomsoft System Recovery, Proactive Password Auditor, and Elcomsoft Wireless Security Auditor, as effective tools to regularly audit system security and close detected holes.

In this guide Kevin communicates the gravity of ethical hacking in very plain and clear words and gives step –by- step instructions to follow. He easily combines theory and praxis providing valuable tips and recommendations to assess and then improve security weaknesses in your systems.

We want to thank Kevin for testing and including our software in his very “digestible” beginner guide to hacking and recommend our readers this book as a helpful tool to get all facts in order. :)

Peeking Inside Keychain Secrets

Thursday, August 5th, 2010

Today we have released Elcomsoft iPhone Password Breaker 1.20 which introduces two new features and fixes few minor issues.

Keychain Explorer

This feature allows to view contents of keychain included with encrypted device backup.

Mac users are probably familiar with concept of keychain — it is a centralized, system-wide storage where application can store information they consider sensitive. Typically, such information includes passwords, encryption keys and certificates, but in principle it can be anything. Data in keychain is cryptographically protected by OS and user password is required to access it. The closest Windows equivalent for keychain is probably Data Protection API.

iOS-based devices also have a keychain, but instead of user password, embedded cryptographic key is used to protect its contents. This key is unique to each device and so far there are no way to reliably extract it from the device.

Apple recommends iOS application developers to use keychain for storing passwords and other sensitive information, and one reason for this is that it never leaves device unencrypted. Here’s an excerpt from Keychain Service Programming Guide:

In iOS, an application always has access to its own keychain items and does not have access to any other application’s items. The system generates its own password for the keychain, and stores the key on the device in such a way that it is not accessible to any application. When a user backs up iPhone data, the keychain data is backed up but the secrets in the keychain remain encrypted in the backup. The keychain password is not included in the backup. Therefore, passwords and other secrets stored in the keychain on the iPhone cannot be used by someone who gains access to an iPhone backup. For this reason, it is important to use the keychain on iPhone to store passwords and other data (such as cookies) that can be used to log into secure web sites.

Prior to iOS 4 keychain was also included in the backup ‘”as is”, i.e. all data inside was encrypted using unique device key. This meant that it was not possible to restore keychain onto another device — it will try to decrypt data with key which is different from one used to encrypt data. Naturally, this will fail and all data in keychain will be lost.

To address this issue, Apple changed the way keychain backup works in iOS 4. Now, if you’re creating encrypted backup (i.e. you’ve set up a password to protect backup) then keychain data will be re-encrypted using encryption key derived from backup password and thus ca be restored on another device (provided backup password, of course). If you haven’t set backup password, then everything works like before iOS 4 — keychain encrypted on device key is included in the backup.

Elcomsoft iPhone Password Breaker now allows you to view contents of keychain from encrypted backup of devices running iOS 4. You will need to provide password, of course. Here’s screenshot of Keychain Explorer showing (some) contents of my iPhone’s keychain:

Keychain Explorer 

There are passwords for all Wi-Fi hotspots I have ever joined (and haven’t pushed “Forget this Network” button), for my email, Twitter, and WordPress accounts, as well as Safari saved passwords and even my Lufthansa frequent flyer number and password! :) And I don’t use Facebook/LinkedIn/anything else on my phone — otherwise I guess credentials for those will be also included in the keychain.

Keychain Explorer will work only against backup which is encrypted. If you happen to have an iOS 4 device and want to get password from it — set a backup password in iTunes, backup device, use Keychain Explorer to view and/or export keychain passwords, and, finally, remove backup password in iTunes.

Password Cache

This feature is far less exciting than Keychain Explorer, but we believe it should improve user experience with Elcomsoft iPhone Password Breaker.

The idea is simple: all passwords which are found by EPPB or which are used to open backup in Keychain Explorer are stored in password cache. When you later try to open backup in Keychain Explorer or recover a backup password, program first checks password cache for correct password.

Passwords in cache are stored using secure encryption.

 

Also, there is a new EPPB FAQ online. Worth reading if you’re thinking of purchasing EPPB or want to learn more about it.

There is at least one really big update for EPPB coming in September or October, so stay tuned!

Something new….

Thursday, July 15th, 2010

According to the preliminary results of our latest questionnaire (ElcomSoft Customer Reference program Questionnaire) the majority of people forget their passwords when returned from holidays, thus being blocked out from the precious information they have on the PC.
I bet that lots of people found themselves or those around in a similar situation at least once. Let me share my personal experience with you. One of my friends, having returned from the vacation in a tropical paradise, was pleased to see a new computer at her desk (while she was away the company renewed some of the machines) and at the same time very much discouraged and upset to find out that many of her passwords remained in her old pc and she didn't bother herself to save them anywhere else. So the access to the mail account from her new modern PC was forbidden, as well as access to several password-protected websites (from social networks to online banking).  Nothing to be happy with, isn’t it?!! But such a story no longer has a sad ending due to the release of Elcom’s new recovery tool, namely ElcomSoft Internet Password Breaker. In the above described situation EINPB revealed necessary passwords stored in the old computer, thus letting a person replace the password-protected data from one machine to another.  One more important remark in this respect is that my friend didn’t have to seek help of the “user-unfriendly sysadmin” :)

What’s special about EINPB? Let’s have a quick jog through some of its features. Our new tool instantly reveals cached passwords to Web sites in Microsoft Internet Explorer, mailbox & identity passwords in lots of Microsoft versions. It as well supports the new security model employed by Microsoft Internet Explorer 7 and 8.

Think it can be of any interest for you, please visit our site http://www.elcomsoft.com & learn more about EINPB at http://einpb.elcomsoft.com.

0-day

Monday, June 21st, 2010

It’s been two weeks since Steve Jobs has announced release of new iPhone 4 and iOS 4 operating system during his keynote on WWDC’2010. New iPhone will begin shipping on Thursday, 24th of June, and new iOS will become available for download today, just few hours are left.

iOS 4 comes packed with a lot of nice features (long-awaited multitasking, background location services, iBooks and much improved Mail app  just to name a few) and we are very pleased to announce today the release of the new version of Elcomsoft iPhone Password Breaker with support for iTunes 9.2 and iOS 4.

Elcomsoft iPhone Password Breaker (or EPPB for short) is a utility to recover passwords for encrypted and password-protected iPhone/iPod/iPad backups created with iTunes (please note that it’s not meant to recover or remove passcode lock on the device).

With iOS 4 Apple has completely changed the way backups are encrypted and stored. Backup and restore processes are way much faster now. Apple have also improved protection against password recovery attacks, thus making our job harder (password recovery is about 5x slower for new backups than for older ones).

We at Elcomsoft try our best to keep up with the times, so most of our tools & programs are adjusted to the latest technologically advanced features. The EPPB is not an exception, new version of EPPB fully supports both old and new backup formats. It also supports hardware acceleration using NVIDIA and ATI GPUs and Tableau TACC1441.

‘Casual and Secure’ Friday Post

Friday, May 14th, 2010

German law has always been strict about any possible security breaches. This week German court ordered that anyone using wireless networks should protect them with a password so the third party could not download data illegally.  

However, there is no order that users have to change their Wi-Fi passwords regularly, the only requirement being to set up a password on the initial stage of wireless access installation and configuration.

I’ve conducted a mini-research here in Russia. There are 5 wireless networks in range that my computer finds when at home. Although all of the networks have rather bizarre names, they are all WPA- or WPA2-protected. My guess is that people do not install wireless access at home by themselves or browse the Internet for instructions and find some on protection and passwords. At the same time, I often come across unprotected networks in Moscow and I do use them to check my Twitter account. It is obvious that to make any conclusions, one has to dive into this topic much more deeply.

What I learnt working for ElcomSoft – the company that recovers passwords and does it very well – is the following: sometimes a password is not enough. You need a good password to make sure your data is protected. WPA requires using passwords that are at least 8 characters long. Such length guarantees quite good protection. The problem as usual is the human factor. We still use admin123 and the like to protect our networks.

Fortunately, there are tools that can help you check how strong your WPA/WPA2-password is. One of such tools is Wireless Security Auditor. It makes use of various hardware for password recovery acceleration and a set of customizable dictionary attacks. The idea is simple: if this monster does not find your WPA/WPA2-password, then it is secure :)

Nice weekend to all.

Elcomsoft iPhone Password Breaker

Friday, May 7th, 2010

Last week we have released our new product, EPPB, out of beta. We have fixed some bugs, polished GPU acceleration support, added support for Tableau TACC1441 hardware accelerator, making this program the world's first program capable of utilizing computing power of GPUs both from ATI and NVIDIA as well as dedicated hardware accelerators aimed primarily on computer forensics specialists. We have also included ability to run brute-force attacks and not only wordlist-based attacks. Latter were improved with ability to enable/disable individual types of password mutations and set customized level to any of them.

The last, but not the least, we have found that EPPB can handle encrypted backups from Apple's newest tablet, iPad (thanks to Apple for using the same underlying technologies for iPhone, iPod Touch and iPad).

Apple iPad

P.S. If anyone's interested, we think that iPad is really cool gadget. It's not a substitute for a laptop, but it's great for catching on emails, surfing web, watching photos or videos or movies and for reading books. And multitouch on 10'' screen is awesome :) .

P.P.S. Yes, this blog post was originally created on iPad.

ATI and NVIDIA: Making Friends out of Enemies

Friday, March 12th, 2010

There had been a long standing competition between NVIDIA and ATI which has lasted for years now. And there is no winner so far — just like with Windows vs. Linux or PC vs. Mac debate there are ones who prefer the former and others who prefer the latter. Kind of «religious» issue.

(more…)

iPhone/iPod Backup Password Recovery

Thursday, February 4th, 2010

ElcomSoft iPhone Password BreakerToday we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.

In case you do not know, iTunes routinely makes backups of iPhones and iPods being synced to it. Such backups contain a plethora of information, essentially all user-generated data from the device in question. Contacts, calendar entries, call history, SMS, photos, emails, application data, notes and probably much more. Not surprisingly, such information manifests significant value for investigators. To make their job easier there are tools to read information out of iTunes backups, one example of such tool being Oxygen Forensic Suite (http://www.oxygen-forensic.com/). Such tools can not deal with encrypted backups, though.

(more…)

Need to protect your VBA macro ? Simply damage the file !

Thursday, October 8th, 2009

One of our customers sent me two Excel XLA add-ins. When I tried to open that file in the VBA Editor — the "Project is locked" message appeared. Add-in has been already unlocked by our VBA password recovery tool. According to Microsoft article this message may appear in two cases: when the macro is protected by password or when it is digitally signed. I analysed the macro password record and found that the password is empty. MS Excel also showed me that macro have no any digital signatures. Then I looked into protection record with more attention and for example found that:

"[Host Extender Info]" string is replaced to "[Host Extender 1nfo]".

There were some additional similar changes and finally I found that the macro has damaged digital signature record. It’s ignored when macro is running but when we try to open the macro to view — Excel shows the error.

Microsoft has very weak VBA macro protection. That’s why developers are searching for non-standard protection methods. It’s not simple to reconstruct a damaged macro and it may require a lot of time.

If your macro cannot be opened by our password recovery programs — the most probable reason is custom protection that damages some technical records. I cannot say that it’s a good protection. New versions of MS Office may not work correctly with damaged files.

Now: long-awaited ElcomSoft Password Recovery KIT

Tuesday, October 6th, 2009

Click to see this fat and full of cholesterol image in details

Our it-friends from Ukraine (KARPOLAN and Dmitry) highly optimized our developing processes and helped us finalize long-awaited Password Recovery KIT. We won’t go deep into technical details, just have a look at rough visualization.