Bitlocker Decryption query

[higgsboson]

I have got a nvme SSD which was upgraded to windows 11 automatically. Bitlocker has suddenly started appearing and customer says he was not aware of bitlocker.
I have checked protectors which are not "clear key" type so I am unable to decrypt them in pc3000 .
Is there anything I can try before giving up. Data on ssd is very important research data collected over time.
protectors are TPM and Numerical password.
Raw recovery in udma gives bitlocker headers. Are they of any use ? Attached are the same ------
download link - https://drive.google.com/file/d/1RIhD3d ... sp=sharing

Attachments

[terminator2]

I think full decryption not possible in this case as TPM is involved.
User might not be aware of Bitlocker but when he signs into microsoft account ( with administrative privilege ) automatically Clearkey password is converted in TPM type when key is backed up in microsoft account.
regarding those 2 files I am not aware of , opening in notepad shows something but it is least likely of any use.

[chipsang]

Recovery seems to be impossible.

[higgsboson]

I think full decryption not possible in this case as TPM is involved.
User might not be aware of Bitlocker but when he signs into microsoft account ( with administrative privilege ) automatically Clearkey password is converted in TPM type when key is backed up in microsoft account.
regarding those 2 files I am not aware of , opening in notepad shows something but it is least likely of any use.

Thanks , I have given up & informed customer that recovery not possible.

[arvika]

We have some success at such cases. If client is still interested, we need laptop + drive at lab.

[terminator2]

We have some success at such cases. If client is still interested, we need laptop + drive at lab.

Wo , that means even Bitlocker TPM and numerical password can be cracked ?

[DRUG]

We have some success at such cases. If client is still interested, we need laptop + drive at lab.

Wo , that means even Bitlocker TPM and numerical password can be cracked ?

Yes it can.

[terminator2]

We have some success at such cases. If client is still interested, we need laptop + drive at lab.

Wo , that means even Bitlocker TPM and numerical password can be cracked ?

Yes it can.

That is incredible .Lots of clients are ready to pay hugh costs involved in this type of work. I will refer all such clients to you.

[DRUG]

We have some success at such cases. If client is still interested, we need laptop + drive at lab.

Wo , that means even Bitlocker TPM and numerical password can be cracked ?

Yes it can.

That is incredible .Lots of clients are ready to pay hugh costs involved in this type of work. I will refer all such clients to you.

I don't know how arvika deals with his cases, but here in our lab we can only deal with that issue if the device doesn't display the typical recovery blue screen. In that case we have no solution to offer.

[DR-Kiev]

Wo , that means even Bitlocker TPM and numerical password can be cracked ?

Yes it can.

That is incredible .Lots of clients are ready to pay hugh costs involved in this type of work. I will refer all such clients to you.

I don't know how arvika deals with his cases, but here in our lab we can only deal with that issue if the device doesn't display the typical recovery blue screen. In that case we have no solution to offer.

So, you deal with laptops when something prevent windows to boot (system corruption or bad sectors) and you simply intercept key on bus of tpm ? For the blue screen with requesting bitlocker key if you understand what triggered laptop to that condition, you can roll back situation. For example for dell XPS 13 models, bios update (along with windows update) triggers to request bitlocker key, and you can roll back bios to previous.
And about my own experience, in 8 out of 10 cases, when user doesn't know about active bitlocker, we found keys under his microsoft account (one of 3 : original microsoft, onedrive, azure account) , which he also doesn't know does exist, even if he "think" never created the one.

[digisupport]

Dammed, here only 7 out of 10 whoa has recovery key in MS account client never created

[higgsboson]

Dammed, here only 7 out of 10 whoa has recovery key in MS account client never created

Exactly this has happened last week. I have got a laptop from a student whose laptop was updated to windows 11 and was asking Bitlocker key.
She searched her hotmail account where she found keys of her another old laptop alongwith many entries which she was not aware of .
But required key was missing.

[DR-Kiev]

Dammed, here only 7 out of 10 whoa has recovery key in MS account client never created

Exactly this has happened last week. I have got a laptop from a student whose laptop was updated to windows 11 and was asking Bitlocker key.
She searched her hotmail account where she found keys of her another old laptop alongwith many entries which she was not aware of .
But required key was missing.

Did she check all 3 accounts under that email? Student's accounts MS usually put keys to Azure location. Check that email in there.

[terminator2]

Dammed, here only 7 out of 10 whoa has recovery key in MS account client never created

Exactly this has happened last week. I have got a laptop from a student whose laptop was updated to windows 11 and was asking Bitlocker key.
She searched her hotmail account where she found keys of her another old laptop alongwith many entries which she was not aware of .
But required key was missing.

Did she check all 3 accounts under that email? Student's accounts MS usually put keys to Azure location. Check that email in there.

Oh , I suggested them to keep M.2 NvMe SSD aside for future work ,but they decided to go ahead with format as student who was having her project and 4 years research was lost without her mistake was frustated . I was not aware of Azure location.
Thank you I will note down this for future.