Summary

• Hash algorithms used: SHA-1
• Encryption algorithms used: AES
• Complexity of attack (BBB 5.x): Medium
• Complexity of attack (BBB 6.x): High
• Password recovery speed (BBB 5.x): millions (CPUs and GPUs)
• Password recovery speed (BBB 6.x): hundreds (CPUs), tens of thousands (GPUs)
• CPU optimizations: MMX, SSE2, AVX, XOP, AES-NI
• NVIDIA GPUs support: G80+ (GT8600 and higher)
• AMD GPUs support: not yet implemented

General information

BlackBerry backups using PBKDF2 (RFC 2898) with 1 (version 5.x) or 20000 (version 6.x) iterations for key derivation. Backup file encrypted with AES algorithm using 256-bit key. Backups by default placed at:

(Documents Folder)\BlackBerry\Backup\

or

%APPDATA%\Research In Motion\BlackBerry\

directories. For Windows 7 this means:

\Users\(username)\Documents\BlackBerry\Backup\

For Windows XP:

\Documents and Settings\(username)\Application Data\Research In Motion\BlackBerry\

Backup files having *.ipd extensions.

Attack settings

Standard attacks (brute-force with optional mask, dictionary based) are applicable, no specific settings required.

Additional information

As 5.x backups using very weird iteration count for PBKDF2 function (it's 1 — one) password recovery rate mainly limited by AES key setup function not SHA-1 function as it usually happens with PBKDF2-based password protection schemes. With hardware AES-NI support within modern CPUs they become very competitive comparing with GPUs. Though top end GPUs are still faster than CPUs with AES-NI the difference in password recovery speed is not that significant as for other algorithms (1.5-2x).

Note that the current version of Passcovery Suite doesn't support recovery of BB 5.x backup passwords on AMD (ATI) video cards.