Input data
If you use EPPB on the computer where iTunes or BlackBerry Desktop Software is installed and properly configured, it detects the location of backups available here. Select [File] | [Open Backup...] menu item or press [Open] button in main window; the list of available backups will be shown:
Select the one to get more information about it (for Apple devices: the hame of the device, its type, phone number, and whether backup is encrypted or not; for BlackBerry devices: just the device name, taken from the file name) and press OK to load it into the program for further recovery (only encrypted/password-protected backups can be opened, of course).
If your backup is not listed there (or it is stored in non-default location, or copied from another computer, or iTunes or BlackBerry Desktop Software is not installed), you can select manually. For Apple devices, only manifest.plist file is needed for recovery; for BlackBerry, it is the backup file itself (*.ipd or *.bbb). Simply press [Open another...] here, or hold CTRL when pressing [Open] button in main program window. If selected file is an Apple device backup, you can see more detailed information about the device (this backup has been created from) at the right - name, phone number, ICCID, IMEI, serial number, backup date and product type:
Program options
Select [Recovery] | [Options] menu item; here you can set the number of CPU(s) or cores to run the attack on, as well as GPUs and Tableau TACC1441 accelerators. You can select any combinations or devices to run the program on. Please note that hardware acceleration is currently available to recover passwords to Apple devices only.
Attacks
The 'Attack' is actually a set of tasks that are intended to find the correct password. Every task is based either on particular wordlists (the wordlist is just a text file, one word per line), or checking all passwords in a given range (brute force). Press [+] button at the right to add a new task and select Bruteforce attack or Wordlist attack; to modify an existing task, simply double-click on it.
With a bruteforce attack, select the character set (the symbols the password may contain) and password length range (minimum and maximum).
With a wordlist attack, you can setup a path to a wordlist file; for every file (if multiple wordlists are being used in the attack, you can change their order by clicking "up" and "down" buttons at the right), Mutations option is available, which allows to try the words (from the wordlist file) not only "as is", but also with some modifications; you can also choose between Minimal, Average and Maximal, or select Custom and fine-tune individual mutations. All mutations are divided into a several 'classes' (described below). The program can set the mutation 'level' for every type, that allows to select between speed and efficiency. With the minimum level, the program checks only lowercase passwords, and performs basic mutations only: e.g. Border mutation uses not all special characters, but only digits, and only at the end of the password. For an intermediate level, more special characters are being used (both as prefix and as a suffix); and uppercase characters are also tested. At the maximum level, even more advanced prefixes and suffixes are added, but of course, it runs much slower (as far as more variations are checked).
Case mutation: the program checks all variations of uppercase/lowercase characters.
Digit mutation: adding several digits to the work (from the dictionary) as prefix and suffix.
Border mutation: similar to the above, but adding not only digits, but also most commonly used combinations like 123, $$$, 666, qwerty, 007, ххх etc.; in addition, adding some chars at both end of the word, e.g. #password#, $password$ and more.
Freak mutation: replacing some characters (one or more); for example, the word password will also generate p@ssword, p@$$word and p@$$w0rd.
Abbreviation mutation: some commonly-used abbreviations like ihateyou - ih8you, loveyou - loveu, foryou - 4u etc.
Order mutation: reversing the order (password - drowssap), repeating the word (password - passwordpassword), adding the reversed word (password - passworddrowssap).
Vowels mutation: playing with vowels, e.g. psswrd, PaSSWoRD, pAsswOrd etc.
Strip mutation: removing one char, e.g. assword, pssword, pasword...
Swap mutation: replacing some characters, e.g. apssword, psasword, password...
Duplicate mutation: duplicating the characters, e.g. ppassword, paassword, passsword, passwword etc.
Delimiter mutation: adding delimters between characters: p.a.s.s.w.o.r.d, p+a+s+s+w+o+r+d, p-a-s-s-w-o-r-d.
Year mutation: adding the year (four digits) at the end of the word: password1973, password2002.
You can also save and load the configured attacks by pressing "Open" and "Save" buttons at a top of "Attacks" window.
Once the attack is configured, select [Start] | [Recovery] menu item, or [Start] button at the right of the progress bar (that will reflect current status of the attack, i.e. percentage done); estimated time left, attack rate (passwords per second) and current password are also being shown.
Please note that if you stop an attack, it cannot be resumed later (in the current version), i.e. you will have to start from the beginning.
The bottom window (Log) reflects some of the operations: when the attack (recovery process) starts, CPUs/GPUs used, and the result.