{
	"id": "5ed1586f-8342-4bae-93dd-2cc398a81a3b",
	"created_at": "2026-04-06T00:10:01.062033Z",
	"updated_at": "2026-04-10T13:13:03.237488Z",
	"deleted_at": null,
	"sha1_hash": "2c0c7f19ab5456e7a34ab57401eb15e8e6abdd33",
	"title": "Elcomsoft Phone Breaker | Elcomsoft Co.Ltd.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51416,
	"plain_text": "Elcomsoft Phone Breaker | Elcomsoft Co.Ltd.\r\nBy Elcomsoft Co.Ltd.\r\nArchived: 2026-04-05 14:34:40 UTC\r\nAll Features and Benefits\r\nDownload iCloud Backups with Selective Access\r\niCloud backups are enabled by default, and are created automatically on a daily basis when users charge their\r\ndevices while connected to a Wi-Fi network. Cloud backups contain a large amount of evidence including third-party app data. Unlike local (iTunes) backups, cloud backups cannot be encrypted with a password. Apple does\r\nnot provide a way to download iCloud backups other than restoring to a new device. Cloud backups can only be\r\ndownloaded from the user's Apple account with a third-party tool such as Elcomsoft Phone Breaker.\r\nDownloading a large backup for the very first time can potentially take hours. Subsequent updates are\r\nincremental, and occur much faster. If speed is essential, Elcomsoft Phone Breaker offers the ability to quickly\r\nacquire select information and skip data that’s taking the longest to download (such as music and videos).\r\nInformation such as messages, attachments, phone settings, call logs, address books, notes, calendars, email\r\naccount settings, camera roll, and many other pieces of information can be pre-selected and downloaded in just\r\nminutes, providing investigators with near real-time access to essential information.\r\nNote: this functionality is only available in Forensic edition\r\nRecover Password-Protected Apple iTunes Backups\r\nElcomsoft Phone Breaker enables forensic access to password-protected backups for smartphones and portable\r\ndevices based on the Apple iOS platform. The password recovery tool supports all Apple devices running all\r\nversions of iOS including the iPhone, iPad and iPod Touch devices of all generations released to date.\r\nRetrieve Cloud Data: Apple iCloud and Microsoft Account\r\nCloud acquisition is a great way of retrieving information stored in mobile backups produced by Apple iOS, and a\r\nhandy alternative when exploring Windows Phone, Windows 10 Mobile and desktop Windows 10 devices.\r\nElcomsoft Phone Breaker can retrieve information from Apple iCloud and Microsoft Account provided that\r\noriginal user credentials for that account are known.\r\nOnline backups can be acquired by forensic specialists without having the original iOS or Windows device in\r\nhands. All that’s needed to access online backups stored in the cloud service are the original user’s credentials\r\nincluding Apple ID or Microsoft Account accompanied with the corresponding password. Accounts with two-factor authentication are fully supported.\r\nAccess iCloud without Login and Password\r\nhttps://www.elcomsoft.com/eppb.html\r\nPage 1 of 4\n\nIf the user’s Apple ID and password are not available, Elcomsoft Phone Breaker may be able to use an alternative\r\nauthentication method.\r\nFirst, one can use a binary authentication token to access a limited set of iCloud data. The use of authentication\r\ntokens allows bypassing two-factor authentication even if no access to the secondary authentication factor is\r\navailable. Authentication tokens can be extracted from Windows and macOS computers, hard drives or forensic\r\ndisk images with a built-in tool.\r\nThe second method offers unrestricted access to everything stored in the user's iCloud account including end-to-end encrypted data. Instead of using the login and password, you can authenticate to iCloud with the user’s trusted\r\niOS device. By using a trusted device, experts benefit from unrestricted access to all kinds of information stored in\r\nthe user’s iCloud account including the iPhone backups and end-to-end encrypted data. The trusted device must be\r\nunlocked and compatible with a jailbreak or the included agent app.\r\nExtract Synced Data\r\niPhones automatically sync certain types of data with iCloud in real time. Elcomsoft Phone Breaker automatically\r\ndownloads synced data including call logs, contacts, notes (included deleted notes and attachments), calendars as\r\nwell as Web browsing activities including Safari history (including deleted records), bookmarks and open tabs.\r\nUnlike iCloud backups that may or may not be created on daily basis, synced information is pushed to Apple\r\nservers just minutes after the corresponding activity has taken place. Once uploaded, synced data can be retained\r\nfor months with no option for the end user to clear the data or disable the syncing.\r\nElcomsoft Phone Breaker supports the following types of synced data:\r\nMessages in iCloud: complete with media and file attachments\r\nHealth data (iOS 11+)\r\niCloud Keychain\r\nScreen Time passwords (iOS 12+)\r\nSafari (browsing history, bookmarks, tabs opened on user's devices)\r\nCalendars, notes, contacts and Voice Memos\r\nCall logs (information about calls made and received) (iOS 12 and older)\r\nApple Maps (routes, places, searches)\r\nWi-Fi (wireless access points, MAC addresses, date and device added)\r\nWallet (everything except payment data)\r\nAccount info (comprehensive information about the user and devices registered on the Apple ID account)\r\niBooks (documents including PDF files that were added by the user)\r\nIn addition, Elcomsoft Phone Breaker can extract FileVault 2 recovery keys from the user’s iCloud account, and\r\nuse these keys to decrypt encrypted HFS+ disk images without a password.\r\niCloud Files\r\nIn addition to iCloud backups, Elcomsoft Phone Breaker can download files stored in the user’s iCloud account\r\nsuch as documents or spreadsheets, third-party application data (such as WhatsApp own backups, Passbook/Wallet\r\ndata etc.), and more. Files from a synced Mac such as Desktop, Documents, and Trash can be extracted. Some of\r\nhttps://www.elcomsoft.com/eppb.html\r\nPage 2 of 4\n\nthis data (mostly documents) is available using the iCloud feature on Windows and macOS systems, but most files\r\nare only accessible using Elcomsoft Phone Breaker. The exact set of data available may depend on the version of\r\niOS installed, iCloud synchronization settings, the list of applications installed on the devices connected to the\r\ngiven account, and the options set in these applications. Note that there is no email notification sent by Apple\r\nwhen downloading files from iCloud.\r\nNote: this functionality is only available in Forensic edition\r\nAccess Photos in iCloud Photo Library\r\nApple’s iCloud Photo Library is designed to help users store and synchronize media files between multiple\r\ndevices. If iCloud Photo Library is enabled, media files are no longer saved to iOS iCloud backups. As a result,\r\nacquiring iCloud backups or downloading files stored in iCloud Drive does not automatically provide access to\r\nmedia files stored in the iCloud Photo Library.\r\nElcomsoft Phone Breaker can extract photos and videos stored in the user’s iCloud Photo Library. In addition to\r\nexisting files, Elcomsoft Phone Breaker can extract media files that have been deleted from the Library during the\r\npast 30 days. Selective downloads are possible by specifying which user-created albums to download.\r\nDevice-based iCloud Authentication\r\nUse a trusted iPhone or iPad to perform iCloud extraction without the need to input a password or solve the two-factor authentication challenge. This new authentication method makes every type of data extractable including\r\ncloud backups, iCloud photos, and synchronized data including the end-to-end encrypted types.\r\nGPU Acceleration and Advanced Attacks\r\nElcomSoft offers a highly efficient, cost-effective solution to lengthy attacks by dramatically increasing the speed\r\nof password recovery when one or more supported video cards are present. GPU acceleration reduces the time\r\nrequired to recover iPhone/iPad/iPod backup passwords by orders of magnitude. The latest generation of\r\nElcomSoft GPU acceleration technology supports unlimited numbers of AMD or NVIDIA boards.\r\nMultiple diverse GPU acceleration units can be used at the same time, allowing mixing multiple generations of\r\ncompatible video cards to extend existing systems by adding new acceleration hardware instead of replacing.\r\nAdvanced dictionary attack with customizable mutations target the human factor and password reuse. The tool\r\nsupports a variety of mutations, trying hundreds of variants for each dictionary word to ensure the best possible\r\nchance to recover the password.\r\nNote: not applicable to MacOS X edition\r\nExtract, Decrypt and View Passwords Stored in iOS Keychain\r\niOS offers a highly secure, encrypted storage for many types of data. Stored Web forms and browser passwords,\r\nemail accounts, application passwords and authentication tokens (including Apple ID account token) are stored\r\nsecurely in keychains that are encrypted with hardware keys unique to each individual device.\r\nhttps://www.elcomsoft.com/eppb.html\r\nPage 3 of 4\n\nElcomsoft Phone Breaker can extract and decrypt iOS keychain from local (iTunes-style) password-protected\r\nbackups. The built-in Keychain Explorer tool allows browsing and exploring keychain items on the spot. Note: the\r\nkeychain can be only decrypted when extracted from local password-protected backups.\r\nSource: https://www.elcomsoft.com/eppb.html\r\nhttps://www.elcomsoft.com/eppb.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.elcomsoft.com/eppb.html"
	],
	"report_names": [
		"eppb.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434201,
	"ts_updated_at": 1775826783,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2c0c7f19ab5456e7a34ab57401eb15e8e6abdd33.pdf",
		"text": "https://archive.orkl.eu/2c0c7f19ab5456e7a34ab57401eb15e8e6abdd33.txt",
		"img": "https://archive.orkl.eu/2c0c7f19ab5456e7a34ab57401eb15e8e6abdd33.jpg"
	}
}