Passware Kit 2023 v2 – Steganos Decryption And Mac EFI Firmware Password Bypass

by

Passware Kit 2023 v2 extends full disk encryption support by introducing an option to detect and decrypt containers created by Steganos. Additionally, it allows brute-force attacks on the PIM parameter of VeraCrypt, which increases the chances of successful password recovery.

Passware T2 Add-on has been updated to support instant reset or recovery of Mac EFI firmware passwords.

The new version of Passware Kit also recovers passwords for Ethereum crypto wallets and NTLMv2 hashes, and it extracts passwords saved in Opera GX/Crypto browsers.

What’s New in Passware Kit 2023 v2:

  • Password recovery for Steganos containers
  • Brute-force recovery of VeraCrypt PIM parameters
  • Mac EFI firmware password recovery and reset
  • Support for mounted physical drives for FDE decryption
  • Password recovery for Ethereum wallets
  • Support for Windows NTLMv2 hash
  • Instant password recovery for Opera GX and Crypto browsers
  • New dictionary: Ukrainian

For your convenience, we have included a video of all the newest features of Passware Kit 2023 v2. Take a look!

Password recovery for Steganos containers

Passware introduces brute-force password recovery for Steganos Data Safe encrypted containers (*.SLE files), including hidden partitions. It supports both regular passwords and picture protectors.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The average recovery speed on an Intel Core i7-9700 is up to 2,000 passwords per second.

Brute-force recovery of VeraCrypt PIM parameters

For VeraCrypt disk decryption, Passware Kit now allows users to specify possible Personal Iterations Multiplier (PIM) parameters to increase the chances of successful password recovery. There is an option to select a range or set of PIM values to check. Passware Kit then brute-forces the PIMs alongside with the VeraCrypt password.

If the PIM is unknown, Passware Kit uses the default value.

Mac EFI firmware password recovery and reset

To decrypt Macs protected with T2 security chip using Passware Kit Forensic T2 Add-on, it is necessary to acquire the disk image. An EFI firmware password, which is different from the macOS user password, prevents Mac from loading in Target Disk Mode, thus preventing image acquisition.

Passware Kit T2 Add-on now includes an option to recover or to instantly remove the Mac EFI firmware password. A restore option is also available, which allows users to set back the previously removed password.

Support for mounted physical drives for FDE decryption

For full-disk decryption, Passware Kit now supports mounted physical drives in addition to disk images. The drives should be specified as “\\.\PhysicalDriveN”, where N is the disk number.

This option is added to the Windows version of Passware Kit running as Administrator for the following FDE types: APFS/FileVault, BitLocker, LUKS and LUKS2, McAfee, PGP, Symantec, TrueCrypt, and VeraCrypt.

Password recovery for Ethereum wallets

In addition to Bitcoin, Dashcoin, Dogecoin, and Litecoin wallets, Passware Kit 2023 v2 recovers passwords for Ethereum wallets in Keystore v3 format.

Support for Windows NTLMv2 hash

Passware Kit is now capable of recovering passwords from NTLMv2 hashes, which normally store network credentials. The average speed is 650,000 passwords per second.

Instant password recovery for Opera GX and Crypto browsers

Passware Kit 2023 v2 instantly recovers website passwords saved in two additional browsers: Opera GX and Opera Crypto.

New dictionary: Ukrainian

A Ukrainian dictionary consisting of over a million words has been added to the built-in list of dictionaries in all editions of Passware Kit. The Ukrainian language preset is now also available for Xieve and Brute-force attacks.

Learn more about this release on the Passware blog.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
In this Oxycast webinar, Ryan, from the Oxygen Forensic Training team, discusses the evolution and impact of dating apps, with a focus on forensic analysis. Ryan also demonstrates how you can analyze popular dating applications using the Oxygen Forensic Detective software.

In this Oxycast webinar, Ryan, from the Oxygen Forensic Training team, discusses the evolution and impact of dating apps, with a focus on forensic analysis. Ryan also demonstrates how you can analyze popular dating applications using the Oxygen Forensic Detective software.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_90k-LHOjmcE

Dating Application Analysis

Forensic Focus 60 views 30th May 2023 12:07 pm

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices. Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity. Show Notes: 100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/ Domestika - https://www.domestika.org/en MIT OpenCourseWare - https://www.youtube.com/@mitocw MasterClass - https://www.masterclass.com/ Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html Flipper Discord - https://discord.com/invite/flipper Flipper Zero - https://flipperzero.one/ This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/ Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/ Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069 GoldenEra - https://www.imdb.com/title/tt11753760/ Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series) Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/ The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders Logical fallacies - https://yourlogicalfallacyis.com/

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_5f72B6DD5wk

Programming Languages, Flipper And Gaming

Forensic Focus 66 views 24th May 2023 11:43 am

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian. Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git. He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git. Show Notes: Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/ GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/ Conpago - https://www.conpago.com.au/ Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/ Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283 Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/ trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks Git (Wikipedia) - https://en.wikipedia.org/wiki/Git awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian.

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git.

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git.

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BX15Z_xF8mA

Preventing Data Leaks With Git Guardian

Forensic Focus 72 views 3rd May 2023 11:07 am

Load More... Subscribe

Latest Articles

Magnet Forensics Now Offering Training In New Online Self-Paced Microlearning Format!
News

Magnet Forensics Now Offering Training In New Online Self-Paced Microlearning Format!

ByMagnetForensicsJun 2, 2023
Digital Forensics Round-Up, June 01 2023
News

Digital Forensics Round-Up, June 01 2023

ByForensic FocusJun 1, 2023
Analysing Dating Apps Using Oxygen Forensic Detective
Articles

Analysing Dating Apps Using Oxygen Forensic Detective

ByOxygenForensicsMay 31, 2023
Event Recap: Forensics Europe Expo (FEE) 2023
Event Info & Recaps

Event Recap: Forensics Europe Expo (FEE) 2023

ByForensic FocusMay 30, 2023
Digital Forensics Round-Up, May 25 2023
News

Digital Forensics Round-Up, May 25 2023

ByForensic FocusMay 25, 2023
Programming Languages, Flipper And Gaming
Podcast

Programming Languages, Flipper And Gaming

ByForensic FocusMay 24, 2023
Share to...
BufferCopyFlipboardHacker NewsLineLinkedInMessengerMixPinterestPocketPrintRedditSMSTelegramTumblrVKWhatsAppXingYummly