Perform logical and over-the-air acquisition of iOS devices, break into encrypted backups, obtain and analyze backups, synchronized data and passwords from Apple iCloud.
- Break passwords and decrypt iOS backups with GPU acceleration
- Decrypt iCloud Keychain and Messages with media files and documents from iCloud
- Obtain synchronized data from Apple and Microsoft accounts
- Download iCloud backups and synced data with or without Apple ID password
Supports: local iOS backups (iTunes); iCloud and iCloud Drive backups; iCloud synced data (call logs, photos, browsing history etc.) Microsoft Account (with valid authentication credentials); iCloud authentication tokens.
Extract Skype Conversations, Messages, Files and Metadata
The latest update enables the downloading of Skype conversation histories, files, contact lists and metadata directly from the user's Microsoft account. Individual and group chats, text messages and attachments are extracted. The downloading of the entire conversation of an average Skype history only takes minutes!
For deleted chats and messages as well as for files purged from Skype servers after the 30-day retention period, Elcomsoft Phone Breaker can obtain metadata such as the date and time the file was deleted, the file's name and size, sender's Skype ID and the name of the chat.
New iCloud Engine, Low-Level Access to iCloud Drive
The new and improved iCloud download engine is faster and significantly more robust than ever. Thanks to the new iCloud engine, Elcomsoft Phone Breaker becomes the first and only tool on the market that can download iCloud backups produced by Apple devices running all versions of iOS up to the latest versions.
Advanced iCloud Drive structure analysis is an optional feature allowing users to enable deep, low-level analysis of iCloud Drive secure containers. While high-level file and folder access is all you need in most circumstances, the more comprehensive low-level extraction will return the missing bits and pieces scattered around in legacy containers.
Cloud Acquisition via Apple iCloud and Microsoft Account
Cloud acquisition is a highly effective way of retrieving up-to-date information backed up or synced by modern smartphones with their respective cloud services. Elcomsoft Phone Breaker supports the extraction of cloud backups and synced data from Apple iCloud and Microsoft Account, enabling remote acquisition of iPhone and iPad devices as well as Windows devices, Skype and other Microsoft software.
Online backups and synchronized data can be acquired by forensic specialists without having the original iOS device in hands. All thatï¿½??s needed to access online data stored in the cloud service are the original userï¿½??s authentication credentials including the second authentication factor.
End-to-End Encryption in iCloud
Elcomsoft Phone Breaker enables access to iCloud data with end-to-end encryption. Protected categories include iCloud Keychain, iCloud Messages, Health, Screen Time and Maps data. Accessing end-to-end encrypted data requires the user's full authentication credentials including second authentication factor, as well as a system password or screen lock password to one of the user's devices.
Elcomsoft Phone Breaker is the only tool on the market to access, extract and decrypt iCloud Keychain, Apple's cloud-based system for storing and syncing passwords, credit card data and other highly sensitive information across devices. As opposed to authorizing a new Apple device, Elcomsoft Phone Breaker does not become part of the circle of trust and does not require a middleware device, thus offering truly forensic extraction of protected records.
Screen Time Passcode
The Screen Time passcode is an optional feature in iOS 12/13/14 and newer versions that can be used to secure the Content & Privacy Restrictions. Once the password is set, iOS will prompt for the Screen Time passcode if an expert attempts to reset the device backup password (iTunes backup password) in addition to the screen lock passcode. As a result, experts will require two passcodes in order to reset the backup password: the device screen lock passcode and the Screen Time passcode. Since the 4-digit Screen Time passcode is separate to the device lock passcode (the one that is used when locking and unlocking the device), it becomes an extra security layer effectively blocking logical acquisition attempts.
By extracting and analyzing Screen Time information, experts can extract Screen Time passwords,
thus gaining the ability to remove Screen Time protection and/or to reset the password protecting local (iTunes) backups. This in turn makes logical acquisition easily possible.
iCloud Messages and Health Data
Apple supports Health and Messages sync through iCloud. Elcomsoft Phone Breaker is the first tool on the market to extract and decrypt messages from iCloud complete with attachments, extract and decrypt Health data. To access Health and Messages, the login and password to the user's Apple Account, one-time code to pass Two-Factor Authentication and a screen lock password or system password for one of the already enrolled devices are required.
Access iCloud without Login and Password
If the userï¿½??s Apple ID and password are not available, Elcomsoft Phone Breaker may be able to use a binary authentication token to access limited sets of synchronized data. The use of authentication tokens allows bypassing two-factor authentication even if no access to the second authentication factor is available.
Elcomsoft Phone Breaker v.9.61.37005
- fixed the problem downloading iCloud backups (incl. the latest iOS 13.6)
- added preliminary support for iOS 14 (beta) iCloud backups downloading
- added support for macOS Catalina 10.15.6
- bug fixes and performance improvements