Elcomsoft Phone Breaker

Perform logical and over-the-air acquisition of iOS, Windows Phone 8/8.1, Windows 10 Mobile and BlackBerry 10 devices, break into encrypted backups, obtain and analyze information from Apple iCloud.

  • Break passwords and decrypt iOS backups with GPU acceleration
  • Decrypt BlackBerry 10 backups
  • Acquire data from Microsoft accounts
  • Download iCloud backups and synced data with or without Apple ID password

Supports: local iOS backups (iTunes); iCloud and iCloud Drive backups; iCloud synced data (call logs, photos, browsing history etc.); BlackBerry 10 backups; Microsoft Account (with valid authentication credentials); Windows Phone 8, 8.1, Windows 10 Mobile backups; iCloud authentication tokens.

Home Edition $ 79
Professional Edition $ 199
Forensic Edition $ 799
Buy now

Logical Acquisition of Mobile Devices

Elcomsoft Phone Breaker enables forensic access to information stored in a wide range of mobile devices. The tool delivers logical acquisition for Apple iOS devices, BlackBerry OS and BlackBerry 10 smartphones, as well as devices powered by Windows 10, Windows Phone and Windows 10 Mobile operating systems. Acquisition of local and cloud backups as well as cloud extraction of synchronized data are available.

Decrypting iOS Backups

Decrypt password-protected local backups produced by Apple iPhone, iPad and iPod Touch devices. Hardware-accelerated attacks make use of existing AMD and NVIDIA video cards to speed up the recovery.

Cloud Acquisition via Apple iCloud and Microsoft Account

Cloud acquisition is a highly effective way of retrieving up-to-date information backed up or synced by modern smartphones with their respective cloud services. Elcomsoft Phone Breaker supports the extraction of cloud backups and synced data from Apple iCloud and Microsoft Account, enabling remote acquisition of iPhone and iPad devices as well as smartphones running Windows Phone and Windows 10 Mobile.

Online backups can be acquired by forensic specialists without having the original iOS or Windows Phone device in hands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID or Live ID accompanied with the corresponding password.

Accessing iCloud without Login and Password

If the user’s Apple ID and password are not available, Elcomsoft Phone Breaker can use a binary authentication token created by Apple iCloud Control Panel in order to login to iCloud and retrieve information. The use of authentication tokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is available.

Acquiring iCloud Keychain

Elcomsoft Phone Breaker is the only tool on the market to access, extract and decrypt iCloud Keychain, Apple's cloud-based system for storing and syncing passwords, credit card data and other highly sensitive information across devices. As opposed to authorizing a new Apple device, Elcomsoft Phone Breaker does
not become part of the circle of trust and does not require a middleware device, thus offering truly forensic extraction of protected records.

FileVault 2 Decrypting

Elcomsoft Phone Breaker can extract escrow decryption keys from the user’s Apple account, and make use of those keys to decrypt macOS FileVault 2 volumes even if user account password is not known.


All Features and Benefits

Recover Password-Protected BlackBerry and Apple Backups

Elcomsoft Phone Breaker enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms. The password recovery tool supports all Blackberry smartphones as well as Apple devices running iOS including iPhone, iPad and iPod Touch devices of all generations released to date, including the iPhone 8/Plus, iPhone X and iOS 11.


Retrieve Cloud Data: Apple iCloud and Microsoft Account

Cloud acquisition is a great way of retrieving information stored in mobile backups produced by Apple iOS, and a handy alternative when exploring Windows Phone, Windows 10 Mobile and desktop Windows 10 devices. Elcomsoft Phone Breaker can retrieve information from Apple iCloud and Microsoft Account provided that original user credentials for that account are known.

Online backups can be acquired by forensic specialists without having the original iOS or Windows device in hands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials including Apple ID or Microsoft Account accompanied with the corresponding password.


Two-Step Verification and Two-Factor Authentication

Elcomsoft Phone Breaker supports accounts with Apple's two-step verification as well as the new two-factor authentication. Access to the second authentication factor such as a trusted device or recovery key is required. You will only need to use it once as Elcomsoft Phone Breaker can save authentication credentials for future sessions.


Accessing iCloud without Login and Password

If the user’s Apple ID and password are not available, Elcomsoft Phone Breaker can use a binary authentication token created by Apple iCloud Control Panel in order to login to iCloud and retrieve information. The use of authentication tokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is available.

The Forensic edition of Elcomsoft Phone Breaker comes with the ability to acquire and use authentication tokens from Windows and Mac OS X computers, hard drives or forensic disk images. Authentication tokens for all users of that computer can be extracted, including domain users (providing that their system logon passwords are known). The tools are available in both Windows and Mac versions of the tool.

Authentication tokens are obtained from the suspect’s computer on which iCloud Control Panel is installed. In order for the token to be created, the user must have been logged in to iCloud Control Panel on that PC at the time of acquisition. Authentication tokens can be extracted from live systems (a running Mac OS or Windows PC) or retrieved from users’ hard drives or forensic disk images.

Note: this functionality is only available in Forensic edition


Decrypt FileVault 2 Volumes

FileVault 2 is a whole-disk encryption scheme used in Apple’s Mac OS X. FileVault 2 protects the entire startup partition with secure 256-bit XTS-AES encryption.

If the user forgets their account password, or if the encrypted volume is moved to a different computer, a FileVault 2 can be unlocked with a special Recovery Key. If the user logs in with their Apple ID credentials, the Recovery Key can be saved into the user’s iCloud account. Should the user forget their password, the system can automatically use the Recovery Key to unlock the encrypted volume. It is important to note that Apple does not allow the end user to view or extract FileVault 2 recovery keys from iCloud.

Elcomsoft Phone Breaker can extract FileVault 2 recovery keys from the user’s iCloud account, and use these keys to decrypt encrypted disk images. Valid authentication credentials (Apple ID/password or iCloud authentication token) as well as volume identification information extracted from the FileVault-encrypted disk image are required.

Note: this functionality is only available in Forensic edition


Synced Data

Starting with iOS 9, iPhones automatically sync certain types of data with iCloud in real time. Elcomsoft Phone Breaker automatically downloads synced data including call logs, contacts, notes (included deleted notes and attachments), calendars as well as Web browsing activities including Safari history (including deleted records), bookmarks and open tabs. Unlike iCloud backups that may or may not be created on daily basis, synced information is pushed to Apple servers just minutes after the corresponding activity has taken place. Once uploaded, synced data can be retained for months with no option for the end user to clear the data or disable the syncing.


iCloud Files

In addition to iCloud backups, Elcomsoft Phone Breaker can download files stored in the user’s iCloud account such as documents or spreadsheets, third-party application data (such as WhatsApp own backups, 1Password database, Passbook/Wallet data etc.), and more. Files from a synced Mac such as Desktop, Documents, and Trash can be extracted. Some of this data (mostly documents) is available using the iCloud feature on Windows and macOS systems, but most files are only accessible using Elcomsoft Phone Breaker. The exact set of data available may depend on the version of iOS installed, iCloud synchronization settings, the list of applications installed on the devices connected to the given account, and the options set in these applications. Note that there is no email notification sent by Apple when downloading files from iCloud.

Note: this functionality is only available in Forensic edition


iCloud Photo Library

Apple’s iCloud Photo Library is designed to help users store and synchronize media files between multiple devices. If iCloud Photo Library is enabled, media files are no longer saved to iOS iCloud backups. As a result, acquiring iCloud backups or downloading files stored in iCloud Drive does not automatically provide access to media files stored in the iCloud Photo Library.

Elcomsoft Phone Breaker can extract photos and videos stored in the user’s iCloud Photo Library. In addition to existing files, Elcomsoft Phone Breaker can extract media files that have been deleted from the Library during the past 30 days. Selective downloads are possible by specifying which user-created albums to download.


Unlock Apple and BlackBerry Backups

The new tool recovers the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices (running BlackBerry 7 OS or earlier). The backups contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.

Note: this feature is available in Windows version only.


Decrypt BlackBerry 10 Backups

Local backups produced by BlackBerry Link are always encrypted with a highly secure hardware-specific encryption key, effectively preventing forensic analytic tools from processing BlackBerry 10 data. As even the original use has no control over the password protecting these backups, the only possible way of using these backups was restoring them onto a BlackBerry device with the same BlackBerry ID, making forensic analysis of these backups extremely cumbersome.

Elcomsoft Phone Breaker can effectively decrypt BlackBerry 10 backups produced with BlackBerry Link if the user’s BlackBerry ID and password are known.

Note: this functionality is only available in Forensic edition


Selective Access to iCloud Backups

Downloading a large backup for the very first time can potentially take hours. Subsequent updates are incremental, and occur much faster. If speed is essential, Elcomsoft Phone Breaker offers the ability to quickly acquire select information and skip data that’s taking the longest to download (such as music and videos). Information such as messages, attachments, phone settings, call logs, address books, notes, calendars, email account settings, camera roll, and many other pieces of information can be pre-selected and downloaded in just minutes, providing investigators with near real-time access to essential information.


GPU Acceleration

ElcomSoft offers a highly efficient, cost-effective solution to lengthy attacks by dramatically increasing the speed of password recovery when one or more supported video cards are present. The company’s patented GPU acceleration reduces the time required to recover iPhone/iPad/iPod and BlackBerry backup passwords by orders of magnitude. The latest generation of ElcomSoft GPU acceleration technology supports unlimited numbers of AMD or NVIDIA boards.

To make GPU acceleration cost-effective, ElcomSoft implemented support for multiple diverse GPU acceleration units running at the same time. Effectively, this budget-friendly solution allows mixing multiple generations of compatible video cards, extending existing systems by adding new acceleration hardware instead of replacing.

Note: not applicable to MacOS X edition


Advanced Attacks

Elcomsoft Phone Breaker supports an advanced dictionary attack with customizable permutations. According to multiple security researches, the majority of users choose meaningful, dictionary-based passwords that are easier for them to remember. Elcomsoft Phone Breaker is able to recover such passwords and their variations quickly and efficiently no matter which language they are. Elcomsoft Phone Breaker supports a variety of permutations of dictionary words, trying hundreds of variants for each dictionary word to ensure the best possible chance to recover the password.

Note: not applicable to MacOS X version


Extract, Decrypt and View Passwords Stored in iOS Keychain

iOS offers a highly secure, encrypted storage for many types of data. Stored Web forms and browser passwords, email accounts, application passwords and authentication tokens (including Apple ID account token) are stored securely in keychains that are encrypted with hardware keys unique to each individual device.

Elcomsoft Phone Breaker can extract and decrypt iOS keychain from local (iTunes-style) password-protected backups. The built-in Keychain Explorer tool allows browsing and exploring keychain items on the spot.

Note: for local non-encrypted backups and backups downloaded from iCloud, decrypting the keychain is only possible for jailbroken 32-bit devices, and only if you have physical access to the device and can obtain the encryption key (0x835, securityd) using Elcomsoft iOS Forensic Toolkit.


Password Managers

Elcomsoft Phone Breaker can decrypt encrypted containers created by popular password managers including BlackBerry Password Keeper and Wallet for BlackBerry, as well as 1Password, allowing investigators accessing all of the suspect’s stored passwords.

Instant Decryption of BlackBerry Password Keeper (BlackBerry 10)

Previous versions of BlackBerry Password Keeper used a user-specified master password to protect the password container. Recent versions of BlackBerry Password Keeper employ an escrow key to achieve the same. Elcomsoft Phone Breaker can extract the escrow key and instantly decrypt BlackBerry Password Keeper containers extracted from BlackBerry 10 backups.

Note: BlackBerry 10 backups themselves are also protected and must be decrypted with Elcomsoft Phone Breaker prior to targeting BlackBerry Password Keeper.

1Password

1Password is a popular cross-platform password manager available for Mac OS X, Windows, Android and iOS. 1Password containers are protected with a user-defined master password. Elcomsoft Phone Breaker can attack master passwords and decrypt 1Password containers retrieved from Dropbox, iTunes of iCloud backups.


Recover BlackBerry Device Password

The recovery of BlackBerry (prior to verison 10) password is possible if the user-selectable Device Password security option is enabled to encrypt media card data. By analyzing information stored on encrypted media cards, Elcomsoft Phone Password Breaker can try millions password combinations per second, recovering a fairly long 7-character password in a matter of hours. With the ability to recover the device password, ElcomSoft does what's been long considered impossible, once again making Elcomsoft Phone Password Breaker the world's first.

Note: this feature is available in Windows version only.


Compatibility Chart

Home
(Win)
Pro
(Win/Mac)
Forensic
(Win/Mac)
General compatibility
Support for iOS from 3 to 11.x
Support for all iPhone models
Support for iPod Touch and iPad
Support for all BlackBerry phones
Recover password to iTunes backup ✓/- ✓/-
Number of CPUs supported 2 32/- 32/-
Number of GPUs supported[1] 1 8/- 8/-
Apple iCloud
Support for 2SV and 2FA accounts -
Download iCloud backups -
Download synced data -
Download iCloud Photo Library -
Download and explore iCloud Keychain - -
Download extra data from iCloud Drive - -
Access iCloud with authentication tokens - -
Get FileVault recovery key - -
Blackberry, Windows Phone & Windows Mobile
Recover BlackBerry (<10) backup passwords ✓/- ✓/-
Decrypt BlackBerry (<10) backups -
Decrypt BlackBerry (<10) SD card -
Recover BlackBerry Password Keeper passwords - ✓/- ✓/-
Recover BlackBerry Wallet passwords - ✓/- ✓/-
Recover BlackBerry Device Password[2] - ✓/- ✓/-
Decrypt BlackBerry 10 backups - -
Download data from Microsoft accounts -
Other features
Decrypt iOS backups with known password -
Explore iOS keychain data -

Note: password recovery features are available in Windows version only.

Elcomsoft Phone Breaker supports Windows Vista, Windows 7, Windows 8/8.1/10 and Windows Server 2003/2008/2012 with x32 and x64 architectures. Password-protected backups to iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6S, iPhone 6S Plus, iPhone 7, iPhone 7 Plus, iPhone 8 and 8 Plus, iPhone X, iPad (all generations including iPad Pro), iPad Mini and iPod Touch (all generations) devices are supported.

Please note that Elcomsoft Phone Password Breaker is NOT able to remove the iOS activation lock or iPhone passcode lock, unlock iPhone from the carrier, jailbreak the iPhone or remove SIM card PIN code. It is intended for recovery of backup passwords only. For more information, read the EPB manual and Phone Password Breaker FAQ.


  1. Installing latest display driver is recommended when using GPU acceleration on NVIDIA or AMD cards. 

  2. If an option to encrypt the media card (with password) is enabled (Blackberry 6/7 only) 

System requirements

Windows

  • Windows Vista (32 and 64 bit)
  • Windows Server 2003/2012
  • Windows 7 (32 bit)
  • Windows 7 (64 bit)
  • Windows 8
  • Windows 8.1

Apple OS X

  • OS X 10.8
  • OS X 10.9
  • OS X 10.10
  • OS X 10.11. 10.12

Elcomsoft Phone Breaker supports password-protected backups to iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6S, iPhone 6S Plus, iPhone 7, iPhone 7 Plus, iPhone 8 and 8 Plus, iPhone X, iPad (all generations including iPad Pro), iPad Mini and iPod Touch (all generations) devices are supported.

Additional Requirements

  • manifest.plist file from iTunes backup (for iTunes backup password recovery)
  • Complete iTunes backup (to read keychain data)
  • Apple ID and password or authentication token (to downoad iCloud backup or files from iCloud)
  • Windows Live! ID and password (to download Windows Phone backup)
  • BlackBerry ID and password (to decrypt BB 10 backup)
  • One or more of supported NVIDIA or AMD cards(recommended for hardware acceleration of password recovery)

Trial Limitations

Free trial version (Windows) uses all available CPUs and GPUs, but shows only first two characters of backup passwords (hiding the rest under the asterisks), and does not allow dictionary mutations (Windows version only; Mac version does not have password recovery features at all). Also, trial version (Windows and MacOS X) does not show passwords extracted from the keychain, and allows to download only a few specific categories from iCloud backup.


Release notes

Elcomsoft Phone Breaker v.8.0.21404

21 September, 2017

  • Fixed. Some application's data is not displayed in the EPB for some accounts
  • Fixed. Deleted photos are not downloading using EPB 8.0
  • Added. Alerts are downloaded for iOS 11 events, which don't have alerts in the event settings

Uninstallation procedure: in order to uninstall the product, follow the standard procedure via Control Panel - Programs and features or use the corresponding Unistall link from the product's folder in the Windows Start menu.

System requirements

Windows

  • Windows Vista (32 and 64 bit)
  • Windows Server 2003/2012
  • Windows 7 (32 bit)
  • Windows 7 (64 bit)
  • Windows 8
  • Windows 8.1

Apple OS X

  • OS X 10.8
  • OS X 10.9
  • OS X 10.10
  • OS X 10.11. 10.12

Elcomsoft Phone Breaker supports password-protected backups to iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, iPhone 5C, iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6S, iPhone 6S Plus, iPhone 7, iPhone 7 Plus, iPhone 8 and 8 Plus, iPhone X, iPad (all generations including iPad Pro), iPad Mini and iPod Touch (all generations) devices are supported.

Additional Requirements

  • manifest.plist file from iTunes backup (for iTunes backup password recovery)
  • Complete iTunes backup (to read keychain data)
  • Apple ID and password or authentication token (to downoad iCloud backup or files from iCloud)
  • Windows Live! ID and password (to download Windows Phone backup)
  • BlackBerry ID and password (to decrypt BB 10 backup)
  • One or more of supported NVIDIA or AMD cards(recommended for hardware acceleration of password recovery)

Trial Limitations

Free trial version (Windows) uses all available CPUs and GPUs, but shows only first two characters of backup passwords (hiding the rest under the asterisks), and does not allow dictionary mutations (Windows version only; Mac version does not have password recovery features at all). Also, trial version (Windows and MacOS X) does not show passwords extracted from the keychain, and allows to download only a few specific categories from iCloud backup.


Release notes

Elcomsoft Phone Breaker v.8.0.21404

21 September, 2017

  • Fixed. Some application's data is not displayed in the EPB for some accounts
  • Fixed. Deleted photos are not downloading using EPB 8.0
  • Added. Alerts are downloaded for iOS 11 events, which don't have alerts in the event settings

Uninstallation procedure: in order to uninstall the product, follow the standard procedure via Control Panel - Programs and features or use the corresponding Unistall link from the product's folder in the Windows Start menu.

Buy Elcomsoft Phone Breaker

Home Edition
$ 79
Professional Edition
$ 199
Forensic Edition
$ 799
Buy now