OpenCL BitLocker

BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise.
BitLocker-OpenCL format attacks memory units encrypted with the password authentication mode of BitLocker (see the following picture).

Our attack has been tested on several memory devices encrypted with BitLocker on Windows 7, 8.1 and 10 (both compatible and not compatible mode).
You can find the standalone CUDA implementation here:

How To

In order to use the BitLocker-OpenCL format, you must produce a well-formatted hash of your encrypted image. Samples BitLocker images for testing are available at and here:

Method 1

Use the bitlocker2john tool (john repo) to extract the hash from the password protected BitLocker encrypted volumes.

$ ../run/bitlocker2john minimalistic.raw
Signature found at 0x00010003
Version: 8
Invalid version, looking for a signature with valid version...
Signature found at 0x02110000
Version: 2 (Windows 7 or later)
VMK entry found at 0x021100b6
Key protector with user password found

Method 2

First, build the “bitlocker2john” (external repo: project from source. See for help. Second, use the built bitlocker2john project to extract hash(es) from the encrypted BitLocker volume.

$ fdisk -l bitlocker-1.raw
Disk bitlocker-1.raw: 256 MiB, 268435456 bytes, 524288 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xfd0b8218

Device           Boot Start    End Sectors  Size Id Type
bitlocker-1.raw1        128 518271  518144  253M  7 HPFS/NTFS/exFAT

128 (Start) * 512 (Sector size) => 65536 => volume offset

$ ./bdetools/bdeinfo -o 65536 bitlocker-1.raw -p dummy
bdeinfo 20170204


For more help with bitlocker2john, see the following URLs,

Cracking Process

Use the BitLocker-OpenCL format specifying the previous hash:

./john --format=bitlocker-opencl --wordlist=wordlist target_hash 

Currently, this format is able to evaluate passwords having length between 8 (minimum password length) and 27 characters (implementation reasons). We will increase the max passwords size in the next release.


An output example is:

./john --format=bitlocker-opencl --wordlist=wordlist hash
Device 0: Tesla K80
Using default input encoding: UTF-8
Loaded 1 password hash (bitlocker-opencl [SHA-256 AES OpenCL])
Note: minimum length forced to 8
Press 'q' or Ctrl-C to abort, almost any other key for status
password@123 (?)

This OpenCL implementation has been tested on a GPU GeForce Titan X (Openwall), GPU AMD Radeon HD 7990 Malta and an Intel Core i7 Kaby Lake CPU.

References, license and contacts

BitCracker OpenCL version developed by Elenago <elena dot ago at gmail dot com> in 2015
Copyright © 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>
Licensed under GPLv2

You can find the standalone CUDA implementation here:
This is a research project; for any additional info or to report any bug please contact <elena dot ago at gmail dot com>

john/OpenCL-BitLocker.txt · Last modified: 2017/10/24 05:11 by elenago
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share