1. selra_k's Avatar
    Hi everyone,

    TLDR : is there any way to backup and restore a BB Leap encrypted partition without the master password, using tools ranging from dedicated software to byte per byte copy using linux ?

    Sorry if against forum rules. See details below

    Context
    My sister was given a few years ago a BB Leap by her company (no BB ID or company enrollment program to help unlock the phone). She used it as her only device, taking pictures from her trips.
    One day she broke the glass from the screen (still usable with touch) and was given a new one. She forgot a bit about the old one, but a few month later wanted to retrieve her pictures. And she didn't succeed to unlock it.

    I suspect she didn't notice that you had to type blackberry after the 5th attempt (she's not that tech-friendly) so in reality she only tried 5 old passwords.

    Fast forward a few years, and she'd like me (family tech wizard) to help her retrieve the pictures.

    What I'd like to do
    I see 2 options :
    either use an exploit on the older version of the BB 10 OS -but I don't know how to begin and I'm not an expert on hacking devices (and I know this is against the rules)-
    or extend a bit the last 5 password opportunities (to give a chance to my sister to have more than 5 tries, knowing roughly the kind of passwords she used to have) using backups and restore.

    I know how to do it on Android phones using ADB through usb (depending of the configuration of course), however I do not regarding BB.

    Do you know if it's possible to do so and where I could find materials that would help me ? I already looked it up, but not knowing the right keywords didn't help me.

    Thanks for your help !
    05-06-20 06:34 AM
  2. conite's Avatar
    Hi everyone,

    TLDR : is there any way to backup and restore a BB Leap encrypted partition without the master password, using tools ranging from dedicated software to byte per byte copy using linux ?

    Sorry if against forum rules. See details below

    Context
    My sister was given a few years ago a BB Leap by her company (no BB ID or company enrollment program to help unlock the phone). She used it as her only device, taking pictures from her trips.
    One day she broke the glass from the screen (still usable with touch) and was given a new one. She forgot a bit about the old one, but a few month later wanted to retrieve her pictures. And she didn't succeed to unlock it.

    I suspect she didn't notice that you had to type blackberry after the 5th attempt (she's not that tech-friendly) so in reality she only tried 5 old passwords.

    Fast forward a few years, and she'd like me (family tech wizard) to help her retrieve the pictures.

    What I'd like to do
    I see 2 options :
    either use an exploit on the older version of the BB 10 OS -but I don't know how to begin and I'm not an expert on hacking devices (and I know this is against the rules)-
    or extend a bit the last 5 password opportunities (to give a chance to my sister to have more than 5 tries, knowing roughly the kind of passwords she used to have) using backups and restore.

    I know how to do it on Android phones using ADB through usb (depending of the configuration of course), however I do not regarding BB.

    Do you know if it's possible to do so and where I could find materials that would help me ? I already looked it up, but not knowing the right keywords didn't help me.

    Thanks for your help !
    The short answer is no.

    Even if you put the storage memory on a bench in a lab, the contents are fully encrypted.

    There is nothing else to do but remember the password.
    05-06-20 07:55 AM
  3. selra_k's Avatar
    The short answer is no.

    Even if you put the storage memory on a bench in a lab, the contents are fully encrypted.

    There is nothing else to do but remember the password.
    Thanks conite for your answer. I think it doesn't exactly answers what I had in mind (though the answer may not change in the end).

    I know we'll have to find the password eventually, what I'd like to do is to give my sister more than 5 guess to find it. So it doesn't matter that the content is encrypted, what matters is that I would be able at some point to restore the image to kinda "reset" the count to the 5 already failed passwords.

    I am asking because backup and restore of fully encrypted partitions (without accessing underlying data) is something that you can do as long as you can read each byte, for example using commands like dd in Linux system. Other systems manage the encrypted part as a file (e.g. tools like Veracrypt), making it possible to copy directly the encrypted file.

    Now that's the limit of my knowledge about BB: if there is some kind of hardware limitation that prevents me to at least read directly the encrypted memory, unless teared up in a bench lab that I don't have access to, I would agree with you that I am screwed But if it can be accessed and copied through a dd-like command, then I may be able to setup something that would work.

    I know in the end this looks like a way to bruteforce a BB - and in a way it is, with a small dictionary made from my sister's habits ! So please also do not hesitate to tell if (as already said) this post goes against forum rules.

    Have a good day !
    05-06-20 08:56 AM
  4. conite's Avatar
    Thanks conite for your answer. I think it doesn't exactly answers what I had in mind (though the answer may not change in the end).

    I know we'll have to find the password eventually, what I'd like to do is to give my sister more than 5 guess to find it. So it doesn't matter that the content is encrypted, what matters is that I would be able at some point to restore the image to kinda "reset" the count to the 5 already failed passwords.

    I am asking because backup and restore of fully encrypted partitions (without accessing underlying data) is something that you can do as long as you can read each byte, for example using commands like dd in Linux system. Other systems manage the encrypted part as a file (e.g. tools like Veracrypt), making it possible to copy directly the encrypted file.

    Now that's the limit of my knowledge about BB: if there is some kind of hardware limitation that prevents me to at least read directly the encrypted memory, unless teared up in a bench lab that I don't have access to, I would agree with you that I am screwed But if it can be accessed and copied through a dd-like command, then I may be able to setup something that would work.

    I know in the end this looks like a way to bruteforce a BB - and in a way it is, with a small dictionary made from my sister's habits ! So please also do not hesitate to tell if (as already said) this post goes against forum rules.

    Have a good day !
    There is no access to the data no matter what you try.

    There is no way to reset the countdown either AFAIK.
    05-06-20 11:29 AM
  5. joeldf's Avatar
    Thanks conite for your answer. I think it doesn't exactly answers what I had in mind (though the answer may not change in the end).

    I know we'll have to find the password eventually, what I'd like to do is to give my sister more than 5 guess to find it. So it doesn't matter that the content is encrypted, what matters is that I would be able at some point to restore the image to kinda "reset" the count to the 5 already failed passwords.

    I am asking because backup and restore of fully encrypted partitions (without accessing underlying data) is something that you can do as long as you can read each byte, for example using commands like dd in Linux system. Other systems manage the encrypted part as a file (e.g. tools like Veracrypt), making it possible to copy directly the encrypted file.

    Now that's the limit of my knowledge about BB: if there is some kind of hardware limitation that prevents me to at least read directly the encrypted memory, unless teared up in a bench lab that I don't have access to, I would agree with you that I am screwed But if it can be accessed and copied through a dd-like command, then I may be able to setup something that would work.

    I know in the end this looks like a way to bruteforce a BB - and in a way it is, with a small dictionary made from my sister's habits ! So please also do not hesitate to tell if (as already said) this post goes against forum rules.

    Have a good day !
    You are dealing with a BlackBerry 10 OS and device - the two are secured together with BlackBerry's own signature protocols.

    This is not plain ol' Linux, so any thoughts of how Linux works just does not apply. Period. And Android is just a runtime layer sitting in a sandbox inside BB10. It's not an OS unto itself - just an emulator.

    There is that Chimera Tool that will reset the BBID, but it also wipes the phone as part of the process, so again all existing data is gone.
    05-06-20 12:04 PM
  6. Dunt Dunt Dunt's Avatar
    Lot's of folks have ran into the same issue....

    Best option would be if she can access her BBID account and from BlackBerry Protect change the password on the device. As long as she still has access to the email used for that account and the phone is still in BlackBerry Protect, she should be able to recover her BBID password.

    But if she used a work email, that she no longer has access too... then that won't work either.
    05-06-20 12:10 PM
  7. conite's Avatar
    Lot's of folks have ran into the same issue....

    Best option would be if she can access her BBID account and from BlackBerry Protect change the password on the device. As long as she still has access to the email used for that account and the phone is still in BlackBerry Protect, she should be able to recover her BBID password.

    But if she used a work email, that she no longer has access too... then that won't work either.
    That's certainly a possibility.

    For the OP, you would have to have BlackBerry Protect enabled on the device, and a working data connection.
    05-06-20 12:13 PM
  8. selra_k's Avatar
    You are dealing with a BlackBerry 10 OS and device - the two are secured together with BlackBerry's own signature protocols.

    This is not plain ol' Linux, so any thoughts of how Linux works just does not apply. Period. And Android is just a runtime layer sitting in a sandbox inside BB10. It's not an OS unto itself - just an emulator.

    There is that Chimera Tool that will reset the BBID, but it also wipes the phone as part of the process, so again all existing data is gone.
    Thanks joeldf (and conite of course), cristal clear

    Have a nice day !
    05-06-20 12:20 PM
  9. Dunt Dunt Dunt's Avatar
    That's certainly a possibility.

    For the OP, you would have to have BlackBerry Protect enabled on the device, and a working data connection.
    Yeah I just checked and my Z10 isn't on BlackBerry Protect anymore... It's been off for a few months now, maybe they removed it?

    Did turn it on, and I'm connected to BBID and Protect is toggled on. But it's got a spinning circle....

    Is BB Protect still working for you?

    I've rebooted, and tried toggling Protect off and on.

    Anyway it's something the OP could try...
    05-06-20 12:43 PM
  10. conite's Avatar
    Yeah I just checked and my Z10 isn't on BlackBerry Protect anymore... It's been off for a few months now, maybe they removed it?

    Did turn it on, and I'm connected to BBID and Protect is toggled on. But it's got a spinning circle....

    Is BB Protect still working for you?

    I've rebooted, and tried toggling Protect off and on.

    Anyway it's something the OP could try...
    It still works, but it can be temperamental.
    05-06-20 12:47 PM
  11. selra_k's Avatar
    Yeah I just checked and my Z10 isn't on BlackBerry Protect anymore... It's been off for a few months now, maybe they removed it?

    Did turn it on, and I'm connected to BBID and Protect is toggled on. But it's got a spinning circle....

    Is BB Protect still working for you?

    I've rebooted, and tried toggling Protect off and on.

    Anyway it's something the OP could try...
    Thanks for the idea Dunt Dunt Dunt.

    I gave it a try using the second leap that she had to test it out., see capture (sorry wasn't able to change the language).
    In the end, using the change password option also increases the count of failed attempts on the phone (which makes sense from a security perspective). So for my purpose it is the same as directly trying to guess the password on it.

    Back to square one I guess
    Attached Thumbnails Is there a way to backup and restore a BB Leap encrypted partition without the master password ?-capture.png  
    05-07-20 02:54 AM

Similar Threads

  1. My Classic is network locked! Contact your service provider?
    By drtiendiep in forum BlackBerry Classic
    Replies: 17
    Last Post: 08-25-20, 06:05 PM
  2. My Keyone is Working just fine!
    By archdenn in forum BlackBerry KEYone
    Replies: 24
    Last Post: 05-17-20, 08:34 AM
  3. Password Manager
    By nevilleadaniels in forum BlackBerry KEY2
    Replies: 2
    Last Post: 05-07-20, 07:50 PM
  4. Replies: 10
    Last Post: 05-07-20, 04:35 AM
  5. Replies: 1
    Last Post: 05-05-20, 07:51 PM
LINK TO POST COPIED TO CLIPBOARD