All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post subject: About Bitlocker decryption without password/recovery key
PostPosted: February 8th, 2020, 5:22 
Offline

Joined: September 7th, 2012, 16:37
Posts: 152
Hello,

I came through a blog post https://pulsesecurity.co.nz/articles/TPM-sniffing saying that it's possible to extract a Bitlocker key from a Trusted Platform Module (TPM) and decrypt it.

This needs some electronic knowledge.

@fzabkar: you are THE expert in electronics in this forum (my opinion), could you please confirm if it's true what this security expert is saying?

Did anyone test this method before and could decrypt the Bitlocker key?

Please share your knowledge.

Kind regards


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 3:35 
Offline

Joined: September 7th, 2012, 16:37
Posts: 152
No one interested in this topic? :roll: :roll: :roll:


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 4:25 
Offline
User avatar

Joined: June 17th, 2018, 11:43
Posts: 439
Location: spain
Thanks for sharing the link.
Surely I can learn a lot from the post.

_________________
Is Earth an intelligent being?


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 7:27 
Offline

Joined: March 7th, 2009, 12:43
Posts: 940
Location: Angel Data Recovery
sosrecup wrote:
Hello,

I came through a blog post https://pulsesecurity.co.nz/articles/TPM-sniffing saying that it's possible to extract a Bitlocker key from a Trusted Platform Module (TPM) and decrypt it.

This needs some electronic knowledge.

@fzabkar: you are THE expert in electronics in this forum (my opinion), could you please confirm if it's true what this security expert is saying?

Did anyone test this method before and could decrypt the Bitlocker key?

Please share your knowledge.

Kind regards


What is the point of this actions? Getting access to the data from stolen laptops?
Users who are willing to recovery their files in 99% cases provide us with pass/key .

_________________
Angel Data Recovery


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 8:46 
Offline

Joined: September 7th, 2012, 16:37
Posts: 152
Quote:
What is the point of this actions? Getting access to the data from stolen laptops?
Users who are willing to recovery their files in 99% cases provide us with pass/key .


Not necessary. some clients encrypt their hard drives and forget the password and forget to save the recovery key or forget where they put it.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 11:56 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3347
Location: Chicago
Why would anybody need to extract a key from TPM when they have access to TPM?

_________________
https://www.linkedin.com/in/artemrubtsov/


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 12:01 
Offline

Joined: September 7th, 2012, 16:37
Posts: 152
Quote:
Why would anybody need to extract a key from TPM when they have access to TPM?


What if you forget the password and you don't remember where you put your recovery key (I had some clients in this situation), are you able to recover data from that drive?


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 12:10 
Offline

Joined: November 7th, 2015, 13:04
Posts: 142
Location: Austin metro area TX USA
"What if you forget the password and you don't remember where you put your recovery key (I had some clients in this situation), are you able to recover data from that drive?"
Billable hours, correct? Reading other discussion boards, I see a few threads about clients not having at the ready passwords or recovery keys.

_________________
"Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 12:10 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3347
Location: Chicago
sosrecup wrote:
Quote:
Why would anybody need to extract a key from TPM when they have access to TPM?


What if you forget the password and you don't remember where you put your recovery key (I had some clients in this situation), are you able to recover data from that drive?

Per my understanding TPM holds a key that unlocks Bitlocker
Should be able to unlock Bitlocker, using TPM with a boot CD on the original laptop

_________________
https://www.linkedin.com/in/artemrubtsov/


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 13:09 
Offline

Joined: November 7th, 2015, 13:04
Posts: 142
Location: Austin metro area TX USA
Doomer wrote:
Why would anybody need to extract a key from TPM when they have access to TPM?
Doomer, I'm a beginner, what has been your experience with TPM? I never knew that one could use just TPM to unlock BitLocker. I'd like to learn more!

_________________
"Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 13:18 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3347
Location: Chicago
RolandJS wrote:
Doomer wrote:
Why would anybody need to extract a key from TPM when they have access to TPM?
Doomer, I'm a beginner, what has been your experience with TPM? I never knew that one could use just TPM to unlock BitLocker. I'd like to learn more!

There are several types of protectors that can be used with Bitlocker, one of them is TPM only protector, which is old but sometimes can still be found on Bitlocker protected volumes

_________________
https://www.linkedin.com/in/artemrubtsov/


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 12th, 2020, 3:36 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 110
Location: brisbane
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 12th, 2020, 11:22 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3347
Location: Chicago
terminator2 wrote:
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks

Sometimes Bitlocker stores metadata called "clear key". Clear key can decrypt Bitlocker without a password
It has nothing to do with AES "crackability"

_________________
https://www.linkedin.com/in/artemrubtsov/


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 13th, 2020, 9:42 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 110
Location: brisbane
Thanks Doomer :good: :-D


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 14th, 2020, 2:08 
Offline
User avatar

Joined: August 15th, 2006, 3:01
Posts: 2791
Location: CDRLabs @ Chandigarh [ India ]
terminator2 wrote:
Thanks Doomer :good: :-D


Hi,
Many Dell Laptops Use Bitlocker and TPM i have recovered a few of these combos in india for my clients and i have also done that magic were key is not required as explained by doomer [ Were key is stored and the app finds it ]

_________________
Regards
Amarbir S Dhillon , Chandigarh Data Recovery Labs
Logical,Semi Physical And Physical Data Recovery
Website-> http://www.chandigarhdatarecovery.com


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group