Passware Kit 2023 v2 – Steganos Decryption And Mac EFI Firmware Password Bypass

Passware Kit 2023 v2 extends full disk encryption support by introducing an option to detect and decrypt containers created by Steganos. Additionally, it allows brute-force attacks on the PIM parameter of VeraCrypt, which increases the chances of successful password recovery.

Passware T2 Add-on has been updated to support instant reset or recovery of Mac EFI firmware passwords.

The new version of Passware Kit also recovers passwords for Ethereum crypto wallets and NTLMv2 hashes, and it extracts passwords saved in Opera GX/Crypto browsers.

What’s New in Passware Kit 2023 v2:

  • Password recovery for Steganos containers
  • Brute-force recovery of VeraCrypt PIM parameters
  • Mac EFI firmware password recovery and reset
  • Support for mounted physical drives for FDE decryption
  • Password recovery for Ethereum wallets
  • Support for Windows NTLMv2 hash
  • Instant password recovery for Opera GX and Crypto browsers
  • New dictionary: Ukrainian

For your convenience, we have included a video of all the newest features of Passware Kit 2023 v2. Take a look!

Password recovery for Steganos containers

Passware introduces brute-force password recovery for Steganos Data Safe encrypted containers (*.SLE files), including hidden partitions. It supports both regular passwords and picture protectors.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The average recovery speed on an Intel Core i7-9700 is up to 2,000 passwords per second.

Brute-force recovery of VeraCrypt PIM parameters

For VeraCrypt disk decryption, Passware Kit now allows users to specify possible Personal Iterations Multiplier (PIM) parameters to increase the chances of successful password recovery. There is an option to select a range or set of PIM values to check. Passware Kit then brute-forces the PIMs alongside with the VeraCrypt password.

If the PIM is unknown, Passware Kit uses the default value.

Mac EFI firmware password recovery and reset

To decrypt Macs protected with T2 security chip using Passware Kit Forensic T2 Add-on, it is necessary to acquire the disk image. An EFI firmware password, which is different from the macOS user password, prevents Mac from loading in Target Disk Mode, thus preventing image acquisition.

Passware Kit T2 Add-on now includes an option to recover or to instantly remove the Mac EFI firmware password. A restore option is also available, which allows users to set back the previously removed password.

Support for mounted physical drives for FDE decryption

For full-disk decryption, Passware Kit now supports mounted physical drives in addition to disk images. The drives should be specified as “\\.\PhysicalDriveN”, where N is the disk number.

This option is added to the Windows version of Passware Kit running as Administrator for the following FDE types: APFS/FileVault, BitLocker, LUKS and LUKS2, McAfee, PGP, Symantec, TrueCrypt, and VeraCrypt.

Password recovery for Ethereum wallets

In addition to Bitcoin, Dashcoin, Dogecoin, and Litecoin wallets, Passware Kit 2023 v2 recovers passwords for Ethereum wallets in Keystore v3 format.

Support for Windows NTLMv2 hash

Passware Kit is now capable of recovering passwords from NTLMv2 hashes, which normally store network credentials. The average speed is 650,000 passwords per second.

Instant password recovery for Opera GX and Crypto browsers

Passware Kit 2023 v2 instantly recovers website passwords saved in two additional browsers: Opera GX and Opera Crypto.

New dictionary: Ukrainian

A Ukrainian dictionary consisting of over a million words has been added to the built-in list of dictionaries in all editions of Passware Kit. The Ukrainian language preset is now also available for Xieve and Brute-force attacks.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles