BlackBerry backups

Summary

  • Hash algorithms used: SHA-1
  • Encryption algorithms used: AES
  • Complexity of attack (BBB 5.x): Medium
  • Complexity of attack (BBB 6.x): High
  • Password recovery speed (BBB 5.x): millions (CPUs and GPUs)
  • Password recovery speed (BBB 6.x): hundreds (CPUs), tens of thousands (GPUs)
  • CPU optimizations: MMX, SSE2, AVX, XOP, AES-NI
  • NVIDIA GPUs support: G80+ (GT8600 and higher)
  • AMD GPUs support: not yet implemented

General information

BlackBerry backups using PBKDF2 (RFC 2898) with 1 (version 5.x) or 20000 (version 6.x) iterations for key derivation. Backup file encrypted with AES algorithm using 256-bit key. Backups by default placed at:

(Documents Folder)\BlackBerry\Backup\
or
%APPDATA%\Research In Motion\BlackBerry\
directories. For Windows 7 this means:
\Users\(username)\Documents\BlackBerry\Backup\
For Windows XP:
\Documents and Settings\(username)\Application Data\Research In Motion\BlackBerry\
Backup files having *.ipd extensions.

Attack settings

Standard attacks (brute-force with optional mask, dictionary based) are applicable, no specific settings required.

Additional information

As 5.x backups using very weird iteration count for PBKDF2 function (it's 1 — one) password recovery rate mainly limited by AES key setup function not SHA-1 function as it usually happens with PBKDF2-based password protection schemes. With hardware AES-NI support within modern CPUs they become very competitive comparing with GPUs. Though top end GPUs are still faster than CPUs with AES-NI the difference in password recovery speed is not that significant as for other algorithms (1.5-2x).

Note that the current version of Passcovery Suite doesn't support recovery of BB 5.x backup passwords on AMD (ATI) video cards.

 
© Passcovery Co. Ltd., 2016
.