The following is an excerpt from MSAB’s new blog on modern brute-forcing, by Magnus Johansson – Professional Services at MSAB. Visit the MSAB website to continue reading.
When a mobile device is locked and access is required for a lawful forensic examination, brute-forcing, systematically testing passcodes, can be the last, and sometimes only, viable method. In those situations, speed is crucial: the faster a valid passcode can be recovered, the sooner investigators can continue their work, cases can progress, and backlogs can shrink. Over the years the landscape around brute-forcing has changed dramatically. Mobile operating systems and key-derivation algorithms have shaped how we approach the challenge.
At MSAB we have followed and contributed to this evolution closely. Our journey with brute-forcing technology reflects how mobile forensics itself has matured, from early GPU-based solutions, through distributed CPU cracking, and now a return to GPU acceleration with the release of BruteStorm Surge.
Back around 2016-2017, when I moved from IT into Professional Services at MSAB, I led many Access Services operations and supported customers of the Advanced Acquisition Lab (AAL), the predecessor to XRY Pro. Most devices arriving then were Huawei and other Android-based phones, typically running versions up to Android 8.0. For those devices we relied heavily on GPU acceleration using the open-source Hashcat software. GPUs are extremely efficient at the parallel mathematical operations used in many key-derivation and hashing functions, and with well-configured GPU rigs we could achieve blazing-fast passcode recovery times.
