Passware Kit 2023 v2 – Steganos Decryption And Mac EFI Firmware Password Bypass

Passware Kit 2023 v2 extends full disk encryption support by introducing an option to detect and decrypt containers created by Steganos. Additionally, it allows brute-force attacks on the PIM parameter of VeraCrypt, which increases the chances of successful password recovery.

Passware T2 Add-on has been updated to support instant reset or recovery of Mac EFI firmware passwords.

The new version of Passware Kit also recovers passwords for Ethereum crypto wallets and NTLMv2 hashes, and it extracts passwords saved in Opera GX/Crypto browsers.

What’s New in Passware Kit 2023 v2:

  • Password recovery for Steganos containers
  • Brute-force recovery of VeraCrypt PIM parameters
  • Mac EFI firmware password recovery and reset
  • Support for mounted physical drives for FDE decryption
  • Password recovery for Ethereum wallets
  • Support for Windows NTLMv2 hash
  • Instant password recovery for Opera GX and Crypto browsers
  • New dictionary: Ukrainian

For your convenience, we have included a video of all the newest features of Passware Kit 2023 v2. Take a look!

Password recovery for Steganos containers

Passware introduces brute-force password recovery for Steganos Data Safe encrypted containers (*.SLE files), including hidden partitions. It supports both regular passwords and picture protectors.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


The average recovery speed on an Intel Core i7-9700 is up to 2,000 passwords per second.

Brute-force recovery of VeraCrypt PIM parameters

For VeraCrypt disk decryption, Passware Kit now allows users to specify possible Personal Iterations Multiplier (PIM) parameters to increase the chances of successful password recovery. There is an option to select a range or set of PIM values to check. Passware Kit then brute-forces the PIMs alongside with the VeraCrypt password.

If the PIM is unknown, Passware Kit uses the default value.

Mac EFI firmware password recovery and reset

To decrypt Macs protected with T2 security chip using Passware Kit Forensic T2 Add-on, it is necessary to acquire the disk image. An EFI firmware password, which is different from the macOS user password, prevents Mac from loading in Target Disk Mode, thus preventing image acquisition.

Passware Kit T2 Add-on now includes an option to recover or to instantly remove the Mac EFI firmware password. A restore option is also available, which allows users to set back the previously removed password.

Support for mounted physical drives for FDE decryption

For full-disk decryption, Passware Kit now supports mounted physical drives in addition to disk images. The drives should be specified as “\\.\PhysicalDriveN”, where N is the disk number.

This option is added to the Windows version of Passware Kit running as Administrator for the following FDE types: APFS/FileVault, BitLocker, LUKS and LUKS2, McAfee, PGP, Symantec, TrueCrypt, and VeraCrypt.

Password recovery for Ethereum wallets

In addition to Bitcoin, Dashcoin, Dogecoin, and Litecoin wallets, Passware Kit 2023 v2 recovers passwords for Ethereum wallets in Keystore v3 format.

Support for Windows NTLMv2 hash

Passware Kit is now capable of recovering passwords from NTLMv2 hashes, which normally store network credentials. The average speed is 650,000 passwords per second.

Instant password recovery for Opera GX and Crypto browsers

Passware Kit 2023 v2 instantly recovers website passwords saved in two additional browsers: Opera GX and Opera Crypto.

New dictionary: Ukrainian

A Ukrainian dictionary consisting of over a million words has been added to the built-in list of dictionaries in all editions of Passware Kit. The Ukrainian language preset is now also available for Xieve and Brute-force attacks.

Leave a Comment