Make sure you are using Physical Analyzer v5.3.5.10 or later (assuming you have tested and validated the latest versions). As long as Physical Analyzer had the password, the data was decrypted and parsed. I was able to successfully parse all of the iOS10 backup files that I created over the last two days, containing various backup passwords, as well as the ones that were created for my previous blog post. So, we have the password, what about the encrypted databases? When I changed to dictionary attack, this password was crack in less than 1 second! As a side note, I relied on the English dictionary and did not create anything custom for this test. What should you do here? Try a dictionary attack! It’s much more effective with passwords such as “Heather1” when compared to Brute Force. Elcomsoft is saying that there is 87 years remaining for a brute force attack, so I am not going to wait. I then set a more difficult password “Heather1” and backed up my data using iTunes. Researchers say iOS 10 backups can be cracked 2,500 times faster Maybe their claims are true that they will crack a passcode the fastest due to a vulnerability they found in the hashing of the passcode. ![]() I then updated iTunes and changed my password to “ hank” – this password didn’t even take a full second to crack. The first was 0000 and Elcomsoft laughed at this and provided the password before I could even sit back in my chair to watch. I bet you are now wondering how I cracked the encrypted iOS 10 backup files? I used Elcomsoft Phone Breaker v 6.10. If you can crack the password, Cellebrite’s UFED Physical Analyzer will properly decrypt this data. Even if the password was known, the tools were choking on the data). I used Cellebrite Physical Analyzer v 5.3.5.10 (soon to be released), Elcomsoft v6.10 and iTunes 12.5.1 as well as the previous iTunes version to be thorough.įirst, if an iOS10 backup file was encrypted with iTunes, you do not need to assume you cannot get into that data. I tested these tools over the last two days and want to share my results. ![]() Since then, two vendors (Cellebrite and Elcomsoft) reached out with an updated solution. After my post last week, I was in touch with several vendors about what was occurring, my thoughts and how they intended to fix the problem when it comes to accessing the backup file data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |