This is an old revision of the document!
John The Ripper BitLocker format. BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise.
We released the OpenCL version of our crack as a plugin for John The Ripper Jumbo version.
BitLocker-OpenCL format attacks memory units encrypted with the password authentication mode of BitLocker (see the following picture).
Our attack has been tested on several USB pendrives encrypted with BitLocker running on Windows 7, Window 8.1 and Windows 10 (both compatible and non-compatible mode).
In order to use the BitLocker-OpenCL format, you must follow two steps:
1- Use the bitlocker2john utility, which takes as input the target encrypted memory unit and returns a bitlocker-opencl hash format describing the unit. Using the -o <file_name> option, you can write this hash on a file:
./bitlocker2john [-o <output_file>] <BitLocker Encrypted Memory Image>
2- Start John BitLocker-OpenCL format, specifying the previous hash:
./john --format=bitlocker-opencl --wordlist=wordlist.txt target_hash.txt
For the moment, passwords will be evaluated only if their length is between 8 (that's the minimum password length) and 16 characters (for implementation reasons). We will increase the max passwords size in the next releases.
We tested our final OpenCL solution on a GeForce Titan X, Maxwell architecture (Openwall). An output example is:
Device 6: GeForce GTX TITAN X Using default input encoding: UTF-8 Loaded 1 password donaldduck (?) 1g 0:00:03:07 DONE (2017-02-15 19:47) 0.005324g/s 915.9p/s 915.9c/s 915.9C/s GPU:79°C aaaaaaaa..abdbedff Session completed
BitCracker OpenCL version developed by Elenago <elena dot ago at gmail dot com> in 2015
Copyright © 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>
Licensed under GPLv2
This is a research project, therefore please contact or cite if you want to use this source code or start any type of collaboration.
Please report any bug to <elena dot ago at gmail dot com>