Join Us!

Blackberry Z10 Anal...
 
Notifications
Clear all

Blackberry Z10 Analysis  

  RSS
topsirloin
(@topsirloin)
Junior Member

Hi everyone,

just wanted to know if anyone has had success extracting data from the new Blackberry Z10. I performed a backup with BB Link, but the data within the BBB file appears encrypted so I haven't had much success.

Quote
Posted : 10/04/2013 9:18 pm
Bulldawg
(@bulldawg)
Active Member

My guess is you won't have any luck. Early builds of the PlayBook OS allowed unencrypted backups, but that lead to piracy of paid apps as you could backup and restore the apps. Later PlayBooks and the new BB10 phones encrypt the backups.

I asked Cellebrite a few weeks ago about PlayBook extraction, and the answer was it is not possible. The same is probably true for the Z10 as they both run the same basic OS (QNX). I know Cellebrite is working on it.

If all you need is the media files, you should be able to get those through Link, but since you're here asking the question, I assume you need more than just the user accessible media files. Let me know if I can help, I've got a Z10 and could do some (non-destructive) testing with it.

ReplyQuote
Posted : 11/04/2013 11:42 pm
uriel98
(@uriel98)
New Member

Bad luck, still have the same problem on August 16th 2013
Impossible to retrieve any data from Blackberry Z10 with Cellebrite, XRY, MobilEdit, Oxygen or any other software.
Has anyone alread heard about a beginning of solution ?

Jean=Philippe NOAT

ReplyQuote
Posted : 16/08/2013 8:34 pm
Bulldawg
(@bulldawg)
Active Member

Have you asked Cellebrite for an update on this? Maybe they've got something working in the past 4 months. They often have beta builds they are willing to share if a customer needs device support before the official release.

That said, don't get your hopes up. Blackberrys have always been a pain.

ReplyQuote
Posted : 16/08/2013 9:03 pm
uriel98
(@uriel98)
New Member

Thanks for your answer. Cellebrite has got an excellent support and I've asked them many times but on this particular case…. No solutions yet… (Let's dream)

ReplyQuote
Posted : 16/08/2013 10:33 pm
jaclaz
(@jaclaz)
Community Legend

Stupid question probably oops , but the elcomsoft thingy
http//blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/
http//www.elcomsoft.com/eppb.html
is not for the Z10 and similar? ?

jaclaz

ReplyQuote
Posted : 16/08/2013 11:54 pm
Bulldawg
(@bulldawg)
Active Member

I do not have the Elcomsoft BlackBerry password cracking thingy, but here is what I know.

To crack a BlackBerry device password, you need the SD card used with the phone, and the SD card has to be encrypted with the "password only" option. Legacy BlackBerry devices allow you three options for encrypting the SD card 1) password only, 2) device key, 3) device key + password. The weakest option is password only, and that's the only option when using the Elcomsoft BlackBerry password cracking thingy.

The Z10 (and Q10 and Q5) all run BlackBerry 10. BB10 is a complete, ground-up re-write of the operating system using QNX as the starting point. Legacy BlackBerry devices (BBOS 7.1 and earlier) used a combination of C++ and Java for the operating system. Because of this fundamental difference, I very much doubt Elcomsoft supports BB10 yet. In fact, their pages, while they claim to support all BlackBerry devices, only reference legacy backup methods and encryption methods.

BB10 SD card encryption has no options, but there is a warning that if the device is wiped (or presumably lost) you will be unable to recover the encrypted contents of the SD card. This indicates to me that the encryption incorporates a device key, which eliminates the attack vector Elcomsoft exploits on legacy BlackBerry devices.

BlackBerry 10 backups are encypted by default. I'm not sure of the encryption key, but part of the reason they are encrypted is as an anti-piracy measure, so it is definitely not a key the user knows. BB10 backups also no longer use .ipd files. BB10 uses .bbb files, which are actually PKZIP files with .tar files inside. When they first started encrypting PlayBook backups, I make a cursory attempt to decrypt it as a standard PKZIP file, but I was unsuccessful.

ReplyQuote
Posted : 17/08/2013 1:13 am
jaclaz
(@jaclaz)
Community Legend

BlackBerry 10 backups are encypted by default. I'm not sure of the encryption key, but part of the reason they are encrypted is as an anti-piracy measure, so it is definitely not a key the user knows. BB10 backups also no longer use .ipd files. BB10 uses .bbb files, which are actually PKZIP files with .tar files inside. When they first started encrypting PlayBook backups, I make a cursory attempt to decrypt it as a standard PKZIP file, but I was unsuccessful.

Yes, but the .bbb format is mentioned in the docs
http//www.elcomsoft.com/help/eppb/index.html?decrypt_iphone_blackberry_backup.html

Please note that there are two types of BlackBerry backups *.ipd and *.bbb files. In fact, *.bbb file is a plain ZIP archive with *.ipb file inside. EPPB can work with both of them, but when you decrypt the *.bbb file, decrypted file can be saved only as *.ipd. However, only BlackBerry smartphones backups can be decrypted; backups made from PlayBook devices have different format and are not supported yet, so EPPB can only recover the passwords for such files, but cannot decrypt them.

It seems to me like the information (if any) is scattered on their site "here and there" and it is in no way "clear" (or "not vague") and there are confusing references to EPPB and EBBE.
A simple list of devices supported (and not supported) would do miracles to make that thingy understandable IMHO.
Unless there is line drawn *somewhere* between "smartphones" and "Playbook devices" and I cannot understand (call me tough as much as you want) how it can "only recover the passwords for such files, but cannot decrypt them." ?

jaclaz

ReplyQuote
Posted : 17/08/2013 1:39 am
Bulldawg
(@bulldawg)
Active Member

Yes, but the .bbb format is mentioned in the docs
http//www.elcomsoft.com/help/eppb/index.html?decrypt_iphone_blackberry_backup.html

.bbb was used for Mac backups also, but those .bbb files contained .ipd files. The new method .bbb files contain a series of .tar files (yes, the standard UNIX tape archive file). The Elcomsoft documentation is referring to legacy Mac .bbb files, not the new method.

It seems to me like the information (if any) is scattered on their site "here and there" and it is in no way "clear" (or "not vague") and there are confusing references to EPPB and EBBE.
A simple list of devices supported (and not supported) would do miracles to make that thingy understandable IMHO.
Unless there is line drawn *somewhere* between "smartphones" and "Playbook devices" and I cannot understand (call me tough as much as you want) how it can "only recover the passwords for such files, but cannot decrypt them." ?

I find their site equally frustrating. If they could break into a BlackBerry 10 phone, I would think they would announce it to the world. For instance, they announced this month that they had enabled iPhone 5 and iPad 4 physical acquisition. I, honestly, got excited for a minute. Big press release (http//www.elcomsoft.com/news/551.html). In fact, all they did was automate the process of acquiring a physical image of an already jailbroken device with SSH enabled and with default SSH password. They didn't enable anything that wasn't already possible, just made it easier.

They want you to buy EPPB (Elcomsoft Phone Password Breaker) and EBBE (Elcomsoft BlackBerry Backup Explorer). That's why EPPB will only recover the password and EBBE will only extract the data from the .ipd files. .ipd files cannot normally be parsed on a computer without special tools like EBBE or ABC Amber BlackBerry Converter.

ReplyQuote
Posted : 17/08/2013 2:01 am
v.katalov
(@v-katalov)
Junior Member

We (ElcomSoft) are still working on BB 10 backup decryption – in fact, almost completed. Backups generated by BlackBerry Link are encrypted using the key generated by BlackBerry servers, provided the BlackBerry ID, password, and device ID. The first and third components can be obtained from the backup itself, and if you have the the password, then we are able to get the encryption key and decrypt the backup.

About physical acquisition of iPhone 5 and iPad 4 devices in fact, we have not just "automated" the process that was already possible. Yes, you can create an image of the jailbroken A5+ device yourself (with no additional software). But it is encrypted; and to get the encryption key (from the keybag) one need to patch the iOS kernel and perform a few other specific tasks. As far as I know, there is no other software that can do that – but please correct me if I am wrong.

About EPPB and EBBE in fact, EBBE is the project that we have acquired from the author of "ABC Amber BlackBerry Converter" (re-branded it). We will be more than happy to merge those two programs into the single one, but unfortunately, EBBE is written in Delphi (while EPPB, as well as all other software we have, is in C++), besides – very old version. It is going to take to much time to port all the code to C++. Probably, we will just add BB 10 support to EPPB (and even thinking of discontinuing EBBE completely).

Let me know if you need any further information! 😉

ReplyQuote
Posted : 24/12/2013 8:18 pm
Astro
(@astro)
Junior Member

We (ElcomSoft) are still working on BB 10 backup decryption – in fact, almost completed. Backups generated by BlackBerry Link are encrypted using the key generated by BlackBerry servers, provided the BlackBerry ID, password, and device ID. The first and third components can be obtained from the backup itself, and if you have the the password, then we are able to get the encryption key and decrypt the backup …

I'm on BlackBerry's legacy OS (BlackBerry 6 to be specific). On BlackBerry 6, backups are saved to my laptop. Though I haven't done any research on how Link works, as a BlackBerry user this concerns me. It doesn't sound good for the BB10 user. It sounds a bit like it could somehow be used to implement a back door by BlackBerry. Is the key really generated by the servers or did you mean by the device? Please elaborate …

ReplyQuote
Posted : 28/12/2013 3:10 am
v.katalov
(@v-katalov)
Junior Member

I'm on BlackBerry's legacy OS (BlackBerry 6 to be specific). On BlackBerry 6, backups are saved to my laptop. Though I haven't done any research on how Link works, as a BlackBerry user this concerns me. It doesn't sound good for the BB10 user. It sounds a bit like it could somehow be used to implement a back door by BlackBerry. Is the key really generated by the servers or did you mean by the device? Please elaborate …

The key is generated by BB servers, but as I already noted – using the following information

- BlackBerry ID
- password (for BB ID)
- device ID

There are some concerns there, right. First, there is no user-controllable encryption on backups. Second, backup cannot be restored to the other device (neither even viewed). And finally, BlackBerry (I mean the company) can always decrypt your backup (assuming, of course, that they get physical access to it).

ReplyQuote
Posted : 05/01/2014 4:49 pm
Share: