Data Decryption & Password Recovery
How Special Tools Facilitate Investigations
!"#$%&'()"*
+,-.&/0,1%"23$3"(3,4",5/667%$&6,8,5!96
:3(3;<3$,=.>?,-@A@
BC3,D3E;3$,13"#3$?,F")G3$6)#0,%2,H3$*3"?,9%$7/0
I
J3,(/"K#,$3/EE0,#C)"L,%2,/"0<%&0,73,L"%7,7C%,&%36"K#,'63,M/667%$&6,%$,5!9,(%&36,2$3N'3"#E0O,
+E;%6#,3G3$0,&/0,)",2/(#O,5/667%$&6,8,5!96,/$3,3G3$07C3$3O,P/"0,03/$6,C/G3,M/663&,6)"(3,<3##3$,
/'#C3"#)(/#)%",#3(C"%E%*)36,73$3,;/&3,/G/)E/<E3?,6'(C,/6,-.2/(#%$,/'#C3"#)(/#)%",/"&,<)%;3#$)(6O,
D#)EE,73,C/G3,;%$3,/"&,;%$3,M/667%$&6,/"&,5!96,#%,$3;3;<3$O,JC0Q
BC/#,N'36#)%",M$%</<E0,7%"K#,<3,/"673$3&,C3$3O
JC/#,73,7)EE,&%,)6,#%,M$363"#,%"*%)"*,$363/$(C?,#3(C"%E%*)36,/"&,#3(C")N'36,#C/#,/)&6,)",#C3,
$3(%G3$0,%2,M/667%$&6O,B3(C"%E%*)36,#C/#,(/",<3,'63&,2%$,*%%&,.,/"&,2%$,3G)EO,J)#C,#3(C"%E%*)36,
6'(C,/6,R$/MC)(6,5$%(366)"*,F")#6,/"&,S/)"<%7,B/<E36,<3)"*,'#)E)T3&,#%,*$3/#E0,);M$%G3,$3(%G3$0,
6M33&6,%2,M/667%$&6?,$363/$(C3$6,/$3,"%7,#/EL)"*,/<%'#,A-.(C/$/(#3$,E3"*#C,M/667%$&6,/6,#C3,
;)");';,2%$,<3)"*,U63('$3VO
BC/#K6,/,<)*,6#3M,2$%;,7C/#,M3%ME3,/$3,'6)"*,#%&/0O,!"#$%&,W'6#,7%"K#,&%,/"0;%$3,/6,0%'$,M/667%$&O
BC3,'6/<)E)#0,/6M3(#,%2,M/667%$&6,/"&,5!96,/$3,<3(%;)"*,)"($3/6)"*E0,);M%$#/"#O,P/"0,03/$6,/*%,
#C3,!"#3$"3#,7/6,/,6/23,ME/(3,#%,<3O,J3,&)&"K#,$3/EE0,&%,;'(C,<'6)"366,%$,63($3#,6#'22,#C3$3O,
9%7/&/06,73,M/0,%'$,<)EE6?,M'$(C/63,"37,*/&*3#6,/"&,#/EL,#%,%'$,2/;)E0?,(%EE3/*'36,/"&,63($3#,
E%G3$6,I,$)*C#,#C3$3,%",#C3,!"#3$"3#O,D#)EE?,63('$)#0,/#,;/"0,6)#36,)6,/E;%6#,3"#)$3E0,E32#,)",#C3,C/"&6,%2,
#C3,3"&.'63$,I,"%,*'/$/"#336,/##/(C3&O,DM3/L)"*,%2,7C)(CX,7C3",&)&,0%',E/6#,(C/"*3,0%'$,5!96Q
I
J3,7%'E&,E)L3,#%,73E(%;3,0%',#%,'())*+,-).!/O,
1%G3$)"*,/##/(L6?,&323"636,/"&,'6/<)E)#0,%2,5/667%$&6,/"&,5!96O
I
!"#$%&'(#)#'%#$*+$+,&'+&)#-$./$0120#34'&
0*1223,45()52(67489())*+,-)!/
Who are we?
• Founded in 1990
• In password recovery since 1998
• Privately owned
• HQ and Dev in Moscow, Russia
• Four US patents issued, more to come
ProductsOverview
Stored Passwords
Browsers IMsMail
Protected Files
Office PDF Archives
Protected Files
PGP WordPerfect Accounting
Distributed Recovery
Many file types
Works over LANs and WANs
Up to 10’000 nodes
Hardware acceleration
Audit
Windows Domains Wireless Networks
Technology
Thunder Tables®
• Recovers encryption key
• Password remains unknown
• Works only with 40-bit encryption
‣ MS Word 97-2003, Adobe PDF
‣ Word 2007/2010 when saving in .doc
• Can be applied to passwords
• Based on Rainbow Tables
• TT = RT + Keys not in RT
• Provides guaranteed decryption
(except for MS Excel files)
• Data fits on DVD or 4 Gb USB stick
• Average key search time is 25 seconds
0%
25%
50%
75%
100%
1 sec. 2 sec. 5 sec. 10 sec. 20 sec. 30 sec. 1 min. 2 min. 5 min. 10 min. 15 min.
17.4%
25.3%
40.2%
54.7%
69.7%
77.6%
89.4%
95.7%99.4% 99.9% 100%
Key
s re
cove
red
Attack duration
This is dual-core CPU with tables on HDD
Quad-core with tables on SSD will be way faster!
Demo
GPU Acceleration
• Order of magnitude faster than CPU
• Competing vendors: NVIDIA and ATI
• Hardware readily available
‣ Consumer- and enterprise-grade solutions
‣ Very competitive hardware pricing
Core i7-920
GeForce 295
GeForce 480
Radeon 5970
0 10,000 20,000 30,000 40,000
39,000
11,300
8,200
1,000
Office 2007, Passwords per Second
TACC Acceleration
• Times faster than CPU
• Very easy to use
‣ No drivers
‣ Portable
• Low power consumption (⇒no overheating)
• Scales easily
Core i7-920
TACC1441
Tesla C1060
0 1,250 2,500 3,750 5,000
$1,500
$4,000
$250
5,000
2,500
1,000
Office 2007, Passwords per Second
Technology letsdo more in less time!
New Products & Features
Elcomsoft Phone Password Breaker
Elcomsoft Phone Password Breaker
• Recovers passwords for mobile devices backups
• Works offline (device is not needed)
• Decrypts backups (you can use favorite mobile forensics tools)
• Recovers passwords stored in Keychain
• GPU & TACC acceleration
iOS 4.x Backup Security
• Password verification is done on the device‣ PBKDF2-SHA1 with 10’000 iterations‣ Was 2000 iterations in iPhoneOS 3.x
• No data leaves device unencrypted‣ AES-256, per-file key and IV
Backup password
Backup master key
FEK encryption keyEncrypted FEK and IV
Backup keybag
AES-256 key and IV to decrypt file
iOS 4.x Keychain Security
• Keychain is system-wide storage for secrets‣ Sort of Protected Storage for iOS
• Encrypted with device-specific key
• Plain backups include keychain “as-is”
• Encrypted backups include keychain re-encrypted on key derived from password‣ The only reliable way to get stored secrets
Blackberry Backup Security
• Password verification is done on the PC‣ PBKDF2-SHA1 with 1 (one) iteration‣ Generating 256 bytes of key data, using
256 bits
• Data encryption done on PC‣ AES-256, single file
Still think Blackberry is more secure?
Demo
Questions?
Thank you
Data Decryption & Password Recovery
How Special Tools Facilitate Investigations
!"#$%&'()"*
+,-.&/0,1%"23$3"(3,4",5/667%$&6,8,5!96
:3(3;<3$,=.>?,-@A@
BC3,D3E;3$,13"#3$?,F")G3$6)#0,%2,H3$*3"?,9%$7/0
I
J3,(/"K#,$3/EE0,#C)"L,%2,/"0<%&0,73,L"%7,7C%,&%36"K#,'63,M/667%$&6,%$,5!9,(%&36,2$3N'3"#E0O,
+E;%6#,3G3$0,&/0,)",2/(#O,5/667%$&6,8,5!96,/$3,3G3$07C3$3O,P/"0,03/$6,C/G3,M/663&,6)"(3,<3##3$,
/'#C3"#)(/#)%",#3(C"%E%*)36,73$3,;/&3,/G/)E/<E3?,6'(C,/6,-.2/(#%$,/'#C3"#)(/#)%",/"&,<)%;3#$)(6O,
D#)EE,73,C/G3,;%$3,/"&,;%$3,M/667%$&6,/"&,5!96,#%,$3;3;<3$O,JC0Q
BC/#,N'36#)%",M$%</<E0,7%"K#,<3,/"673$3&,C3$3O
JC/#,73,7)EE,&%,)6,#%,M$363"#,%"*%)"*,$363/$(C?,#3(C"%E%*)36,/"&,#3(C")N'36,#C/#,/)&6,)",#C3,
$3(%G3$0,%2,M/667%$&6O,B3(C"%E%*)36,#C/#,(/",<3,'63&,2%$,*%%&,.,/"&,2%$,3G)EO,J)#C,#3(C"%E%*)36,
6'(C,/6,R$/MC)(6,5$%(366)"*,F")#6,/"&,S/)"<%7,B/<E36,<3)"*,'#)E)T3&,#%,*$3/#E0,);M$%G3,$3(%G3$0,
6M33&6,%2,M/667%$&6?,$363/$(C3$6,/$3,"%7,#/EL)"*,/<%'#,A-.(C/$/(#3$,E3"*#C,M/667%$&6,/6,#C3,
;)");';,2%$,<3)"*,U63('$3VO
BC/#K6,/,<)*,6#3M,2$%;,7C/#,M3%ME3,/$3,'6)"*,#%&/0O,!"#$%&,W'6#,7%"K#,&%,/"0;%$3,/6,0%'$,M/667%$&O
BC3,'6/<)E)#0,/6M3(#,%2,M/667%$&6,/"&,5!96,/$3,<3(%;)"*,)"($3/6)"*E0,);M%$#/"#O,P/"0,03/$6,/*%,
#C3,!"#3$"3#,7/6,/,6/23,ME/(3,#%,<3O,J3,&)&"K#,$3/EE0,&%,;'(C,<'6)"366,%$,63($3#,6#'22,#C3$3O,
9%7/&/06,73,M/0,%'$,<)EE6?,M'$(C/63,"37,*/&*3#6,/"&,#/EL,#%,%'$,2/;)E0?,(%EE3/*'36,/"&,63($3#,
E%G3$6,I,$)*C#,#C3$3,%",#C3,!"#3$"3#O,D#)EE?,63('$)#0,/#,;/"0,6)#36,)6,/E;%6#,3"#)$3E0,E32#,)",#C3,C/"&6,%2,
#C3,3"&.'63$,I,"%,*'/$/"#336,/##/(C3&O,DM3/L)"*,%2,7C)(CX,7C3",&)&,0%',E/6#,(C/"*3,0%'$,5!96Q
I
J3,7%'E&,E)L3,#%,73E(%;3,0%',#%,'())*+,-).!/O,
1%G3$)"*,/##/(L6?,&323"636,/"&,'6/<)E)#0,%2,5/667%$&6,/"&,5!96O
I
!"#$%&'(#)#'%#$*+$+,&'+&)#-$./$0120#34'&
0*1223,45()52(67489())*+,-)!/