All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 29 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: About Bitlocker decryption without password/recovery key
PostPosted: February 8th, 2020, 5:22 
Offline

Joined: September 7th, 2012, 16:37
Posts: 178
Hello,

I came through a blog post https://pulsesecurity.co.nz/articles/TPM-sniffing saying that it's possible to extract a Bitlocker key from a Trusted Platform Module (TPM) and decrypt it.

This needs some electronic knowledge.

@fzabkar: you are THE expert in electronics in this forum (my opinion), could you please confirm if it's true what this security expert is saying?

Did anyone test this method before and could decrypt the Bitlocker key?

Please share your knowledge.

Kind regards


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 3:35 
Offline

Joined: September 7th, 2012, 16:37
Posts: 178
No one interested in this topic? :roll: :roll: :roll:


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 4:25 
Offline
User avatar

Joined: June 17th, 2018, 11:43
Posts: 470
Location: spain
Thanks for sharing the link.
Surely I can learn a lot from the post.

_________________
Is Earth an intelligent being?


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 7:27 
Offline

Joined: March 7th, 2009, 12:43
Posts: 1080
Location: Angel Data Recovery
sosrecup wrote:
Hello,

I came through a blog post https://pulsesecurity.co.nz/articles/TPM-sniffing saying that it's possible to extract a Bitlocker key from a Trusted Platform Module (TPM) and decrypt it.

This needs some electronic knowledge.

@fzabkar: you are THE expert in electronics in this forum (my opinion), could you please confirm if it's true what this security expert is saying?

Did anyone test this method before and could decrypt the Bitlocker key?

Please share your knowledge.

Kind regards


What is the point of this actions? Getting access to the data from stolen laptops?
Users who are willing to recovery their files in 99% cases provide us with pass/key .

_________________
Angel Data Recovery


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 8:46 
Offline

Joined: September 7th, 2012, 16:37
Posts: 178
Quote:
What is the point of this actions? Getting access to the data from stolen laptops?
Users who are willing to recovery their files in 99% cases provide us with pass/key .


Not necessary. some clients encrypt their hard drives and forget the password and forget to save the recovery key or forget where they put it.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 11:56 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
Why would anybody need to extract a key from TPM when they have access to TPM?

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 12:01 
Offline

Joined: September 7th, 2012, 16:37
Posts: 178
Quote:
Why would anybody need to extract a key from TPM when they have access to TPM?


What if you forget the password and you don't remember where you put your recovery key (I had some clients in this situation), are you able to recover data from that drive?


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 12:10 
Offline

Joined: November 7th, 2015, 13:04
Posts: 170
Location: Austin metro area TX USA
"What if you forget the password and you don't remember where you put your recovery key (I had some clients in this situation), are you able to recover data from that drive?"
Billable hours, correct? Reading other discussion boards, I see a few threads about clients not having at the ready passwords or recovery keys.

_________________
"Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 12:10 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
sosrecup wrote:
Quote:
Why would anybody need to extract a key from TPM when they have access to TPM?


What if you forget the password and you don't remember where you put your recovery key (I had some clients in this situation), are you able to recover data from that drive?

Per my understanding TPM holds a key that unlocks Bitlocker
Should be able to unlock Bitlocker, using TPM with a boot CD on the original laptop

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 13:09 
Offline

Joined: November 7th, 2015, 13:04
Posts: 170
Location: Austin metro area TX USA
Doomer wrote:
Why would anybody need to extract a key from TPM when they have access to TPM?
Doomer, I'm a beginner, what has been your experience with TPM? I never knew that one could use just TPM to unlock BitLocker. I'd like to learn more!

_________________
"Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 10th, 2020, 13:18 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
RolandJS wrote:
Doomer wrote:
Why would anybody need to extract a key from TPM when they have access to TPM?
Doomer, I'm a beginner, what has been your experience with TPM? I never knew that one could use just TPM to unlock BitLocker. I'd like to learn more!

There are several types of protectors that can be used with Bitlocker, one of them is TPM only protector, which is old but sometimes can still be found on Bitlocker protected volumes

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 12th, 2020, 3:36 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 12th, 2020, 11:22 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
terminator2 wrote:
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks

Sometimes Bitlocker stores metadata called "clear key". Clear key can decrypt Bitlocker without a password
It has nothing to do with AES "crackability"

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 13th, 2020, 9:42 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
Thanks Doomer :good: :-D


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: February 14th, 2020, 2:08 
Offline
User avatar

Joined: August 15th, 2006, 3:01
Posts: 3464
Location: CDRLabs @ Chandigarh [ India ]
terminator2 wrote:
Thanks Doomer :good: :-D


Hi,
Many Dell Laptops Use Bitlocker and TPM i have recovered a few of these combos in india for my clients and i have also done that magic were key is not required as explained by doomer [ Were key is stored and the app finds it ]

_________________
Regards
Amarbir S Dhillon , Chandigarh Data Recovery Labs [India]
Logical,Semi Physical And Physical Data Recovery
Website-> http://www.chandigarhdatarecovery.com


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: October 2nd, 2021, 7:39 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
Doomer wrote:
terminator2 wrote:
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks

Sometimes Bitlocker stores metadata called "clear key". Clear key can decrypt Bitlocker without a password
It has nothing to do with AES "crackability"

hi Doomer
Is there any other software other than pc3000 DE which will sniff "clear key " password from Bitlocker metadata and decrypt it ?
My pc3000 is not updated and does not support this function.


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: October 2nd, 2021, 9:36 
Offline

Joined: March 7th, 2009, 12:43
Posts: 1080
Location: Angel Data Recovery
terminator2 wrote:
Doomer wrote:
terminator2 wrote:
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks

Sometimes Bitlocker stores metadata called "clear key". Clear key can decrypt Bitlocker without a password
It has nothing to do with AES "crackability"

hi Doomer
Is there any other software other than pc3000 DE which will sniff "clear key " password from Bitlocker metadata and decrypt it ?
My pc3000 is not updated and does not support this function.


UFS Explorer Pro, can do the same "trick" with "clear key" for Bitlocker encryption

_________________
Angel Data Recovery


Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: October 3rd, 2021, 4:22 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
DR-Kiev wrote:
terminator2 wrote:
Doomer wrote:
terminator2 wrote:
Hi Guys
Pls. refer my post in this regard which is still unanswered unfortunately .
Bitlocker in some cases can be decrypted without key /password in pc3000. I have raised concerns as how AES128 key can be decrypted.
Can someone pls.look at it particularly senior members like Doomer , Dr-Kiev ,fzabkar , pepe to name few.


here is the post -
https://forum.hddguru.com/viewtopic.php ... er#p278195

Thanks

Sometimes Bitlocker stores metadata called "clear key". Clear key can decrypt Bitlocker without a password
It has nothing to do with AES "crackability"

hi Doomer
Is there any other software other than pc3000 DE which will sniff "clear key " password from Bitlocker metadata and decrypt it ?
My pc3000 is not updated and does not support this function.


UFS Explorer Pro, can do the same "trick" with "clear key" for Bitlocker encryption


Thank you so much Dr-kiev :good:

I have got a case of 512GB M.2 SSD from Thinkpad laptop. After windows updates suddenly Bitlocker has started to appear and asking for key.
Customer has not enabled it earlier ( by default it was enabled ). In fact customer was not aware of what is Bitlocker.

manage-Bde shows numeric key +TPM protectors.
I will give it a try using UFS explorer.
Thanks again.


Attachments:
Screenshot 2021-10-02 164207.png
Screenshot 2021-10-02 164207.png [ 8.25 KiB | Viewed 9905 times ]
Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: October 3rd, 2021, 7:46 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
I tried UFS explorer but it failed to decrypt the volume. What should I do now ?


Attachments:
bitlocker.jpg
bitlocker.jpg [ 76.09 KiB | Viewed 9877 times ]
Top
 Profile  
 
 Post subject: Re: About Bitlocker decryption without password/recovery key
PostPosted: October 3rd, 2021, 23:23 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
Is there any way to read key from TPM directly ? I have asked customer to give his microsoft account details as well.
It seems protectors are not weak or "clear key" metadata is not present.
I am also sending it to one of my friend who is having updated DE.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 29 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 72 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group