Differences

This shows you the differences between two versions of the page.

Link to this comparison view

john:OpenCL-BitLocker [2017/04/20 23:44]
elenago
john:OpenCL-BitLocker [2017/04/22 08:53] (current)
dhiru Fix algorithm name
Line 1: Line 1:
 ===== OpenCL BitLocker ===== ===== OpenCL BitLocker =====
  
-John The Ripper BitLocker format. ​BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise.\\+BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise.\\
 We released the OpenCL version of our crack as a plugin for John The Ripper Jumbo version.\\ We released the OpenCL version of our crack as a plugin for John The Ripper Jumbo version.\\
 BitLocker-OpenCL format attacks memory units encrypted with the password authentication mode of BitLocker (see the following picture).\\ BitLocker-OpenCL format attacks memory units encrypted with the password authentication mode of BitLocker (see the following picture).\\
Line 11: Line 11:
 ===== How To ===== ===== How To =====
  
-In order to use the BitLocker-OpenCL format, you must follow two steps:+In order to use the BitLocker-OpenCL format, you must produce a well-formatted hash of your encrypted image.
  
-1Use the bitlocker2john ​utility, which takes as input the target ​encrypted ​memory unit and returns a bitlocker-opencl hash format describing the unitUsing the -o <​file_name>​ option, you can write this hash on a file: +==== Method ​==== 
-<​code ​C+ 
-./​bitlocker2john ​[-o <​output_file>​] <​BitLocker Encrypted Memory Image>+Use the included ​bitlocker2john ​tool to extract hashes from the password protected BitLocker ​encrypted ​volumes. 
 + 
 +<​code>​ 
 +$ ../run/​bitlocker2john ​minimalistic.raw 
 +Signature found at 0x00010003 
 +Version: 8 
 +Invalid version, looking for a signature with valid version... 
 +Signature found at 0x02110000 
 +Version: 2 (Windows 7 or later) 
 +VMK entry found at 0x021100b6 
 +Key protector with user password found 
 +minimalistic.raw:​$bitlocker$0$16$e221443f32c419b74504ed51b0d66dbf$1048576$12$704e12c6c319d00103000000$60$000000000000000000000000000000002d135e69646c157c15b4c273ad85b86513a1672ae3f531ce121889178c669d37f8e5e0100d331ce78484844c
 </​code>​ </​code>​
  
-2- Start John BitLocker-OpenCL format, specifying the previous hash: +==== Method ​==== 
-<​code ​C+ 
-./john --format=bitlocker-opencl --wordlist=wordlist.txt target_hash.txt +First, build the "​bitlocker2john"​ (https://​github.com/​kholia/​bitlocker2john) project from source. See https://​github.com/​libyal/​libbde/​wiki/​Building for help. 
 +Second, use the built bitlocker2john project to extract hash(es) from the encrypted BitLocker volume. 
 + 
 +<​code>​ 
 +$ fdisk -l bitlocker-1.raw 
 +Disk bitlocker-1.raw:​ 256 MiB, 268435456 bytes, 524288 sectors 
 +Units: sectors of 1 * 512 = 512 bytes 
 +Sector size (logical/​physical):​ 512 bytes / 512 bytes 
 +I/O size (minimum/​optimal):​ 512 bytes / 512 bytes 
 +Disklabel type: dos 
 +Disk identifier: 0xfd0b8218 
 + 
 +Device ​          Boot Start    End Sectors ​ Size Id Type 
 +bitlocker-1.raw1 ​       128 518271 ​ 518144 ​ 253M  7 HPFS/​NTFS/​exFAT 
 + 
 +128 (Start) * 512 (Sector size) => 65536 => volume offset 
 + 
 +$ ./​bdetools/​bdeinfo -o 65536 bitlocker-1.raw -p dummy 
 +bdeinfo 20170204 
 + 
 +$bitlocker$0$16$73926f843bbb41ea2a89a28b114a1a24$1048576$12$30a81ef90c9dd20103000000$60$942f852f2dc4ba8a589f35e750f33a5838d3bdc1ed77893e02ae1ac866f396f8635301f36010e0fcef0949078338f549ddb70e15c9a598e80c905baa 
 +</​code>​ 
 + 
 +For more help with bitlocker2john,​ see the following URLs, 
 + 
 +https://​github.com/​libyal/​libbde/​wiki 
 +https://​github.com/​libyal/​libbde/​wiki/​Troubleshooting 
 + 
 +==== Cracking Process ==== 
 + 
 +Start John BitLocker-OpenCL format, specifying the previous hash: 
 +<​code>​ 
 +./john --format=bitlocker-opencl --wordlist=wordlist target_hash ​
 </​code>​ </​code>​
  
 For the moment, passwords will be evaluated only if their length is between 8 (that'​s the minimum password length) and 16 characters (for implementation reasons). We will increase the max passwords size in the next releases. For the moment, passwords will be evaluated only if their length is between 8 (that'​s the minimum password length) and 16 characters (for implementation reasons). We will increase the max passwords size in the next releases.
 +
 +Samples BitLocker images for testing are available at https://​github.com/​kholia/​libbde/​tree/​bitlocker2john/​samples
 +
 ===== Output ===== ===== Output =====
  
Line 30: Line 76:
 <​code>​ <​code>​
  
-Device ​6GeForce GTX TITAN X+./john --format=bitlocker-opencl --wordlist=wordlist hash 
 +Device ​0Tesla K80
 Using default input encoding: UTF-8 Using default input encoding: UTF-8
-Loaded 1 password ​ +Loaded 1 password ​hash (bitlocker-opencl [SHA-256 AES OpenCL]
-donaldduck ​        (?+Noteminimum length forced to 8 
-1g 0:00:03:07 DONE (2017-02-15 19:470.005324g/s 915.9p/s 915.9c/s 915.9C/s GPU:79°C aaaaaaaa..abdbedff +Press '​q'​ or Ctrl-C to abort, almost any other key for status 
-Session completed+password@123 ​(?)
  
 </​code>​ </​code>​
- 
 ===== References, license and contacts ===== ===== References, license and contacts =====
  
Line 44: Line 90:
 Copyright (c) 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>\\ Copyright (c) 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>\\
 Licensed under GPLv2\\ Licensed under GPLv2\\
-This is a research project, therefore please contact ​or cite if you want to use this source code or start any type of collaboration.\\ +This is a research project; for any additional info or to report any bug please contact ​<elena dot ago at gmail dot com>
-Please ​report any bug to <elena dot ago at gmail dot com>+
john/OpenCL-BitLocker.1492757065.txt · Last modified: 2017/04/20 23:44 by elenago
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share