Differences

This shows you the differences between two versions of the page.

Link to this comparison view

john:OpenCL-BitLocker [2017/04/20 23:44]
elenago
john:OpenCL-BitLocker [2017/08/07 11:30] (current)
elenago [References, license and contacts]
Line 1: Line 1:
 ===== OpenCL BitLocker ===== ===== OpenCL BitLocker =====
  
-John The Ripper BitLocker format. ​BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise.\\+BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise.\\
 We released the OpenCL version of our crack as a plugin for John The Ripper Jumbo version.\\ We released the OpenCL version of our crack as a plugin for John The Ripper Jumbo version.\\
 BitLocker-OpenCL format attacks memory units encrypted with the password authentication mode of BitLocker (see the following picture).\\ BitLocker-OpenCL format attacks memory units encrypted with the password authentication mode of BitLocker (see the following picture).\\
Line 11: Line 11:
 ===== How To ===== ===== How To =====
  
-In order to use the BitLocker-OpenCL format, you must follow two steps:+In order to use the BitLocker-OpenCL format, you must produce a well-formatted hash of your encrypted image.
  
-1Use the bitlocker2john ​utility, which takes as input the target ​encrypted ​memory unit and returns a bitlocker-opencl hash format describing the unitUsing the -o <​file_name>​ option, you can write this hash on a file: +==== Method ​==== 
-<​code ​C+ 
-./​bitlocker2john ​[-o <​output_file>​] <​BitLocker Encrypted Memory Image>+Use the included ​bitlocker2john ​tool to extract hashes from the password protected BitLocker ​encrypted ​volumes. 
 + 
 +<​code>​ 
 +$ ../run/​bitlocker2john ​minimalistic.raw 
 +Signature found at 0x00010003 
 +Version: 8 
 +Invalid version, looking for a signature with valid version... 
 +Signature found at 0x02110000 
 +Version: 2 (Windows 7 or later) 
 +VMK entry found at 0x021100b6 
 +Key protector with user password found 
 +minimalistic.raw:​$bitlocker$0$16$e221443f32c419b74504ed51b0d66dbf$1048576$12$704e12c6c319d00103000000$60$000000000000000000000000000000002d135e69646c157c15b4c273ad85b86513a1672ae3f531ce121889178c669d37f8e5e0100d331ce78484844c
 </​code>​ </​code>​
  
-2- Start John BitLocker-OpenCL formatspecifying ​the previous hash+==== Method ​==== 
-<​code ​C+ 
-./​john ​--format=bitlocker-opencl ​--wordlist=wordlist.txt target_hash.txt ​+Firstbuild the "​bitlocker2john"​ (https://​github.com/​kholia/​bitlocker2john) project from source. See https://​github.com/​libyal/​libbde/​wiki/​Building for help. 
 +Second, use the built bitlocker2john project to extract hash(es) from the encrypted BitLocker volume. 
 + 
 +<​code>​ 
 +$ fdisk -l bitlocker-1.raw 
 +Disk bitlocker-1.raw:​ 256 MiB, 268435456 bytes, 524288 sectors 
 +Units: sectors of 1 * 512 512 bytes 
 +Sector size (logical/​physical):​ 512 bytes / 512 bytes 
 +I/O size (minimum/​optimal):​ 512 bytes / 512 bytes 
 +Disklabel type: dos 
 +Disk identifier: 0xfd0b8218 
 + 
 +Device ​          Boot Start    End Sectors ​ Size Id Type 
 +bitlocker-1.raw1 ​       128 518271 ​ 518144 ​ 253M  7 HPFS/​NTFS/​exFAT 
 + 
 +128 (Start) * 512 (Sector size) => 65536 => volume offset 
 + 
 +$ ./​bdetools/​bdeinfo ​-o 65536 bitlocker-1.raw -p dummy 
 +bdeinfo 20170204 
 + 
 +$bitlocker$0$16$73926f843bbb41ea2a89a28b114a1a24$1048576$12$30a81ef90c9dd20103000000$60$942f852f2dc4ba8a589f35e750f33a5838d3bdc1ed77893e02ae1ac866f396f8635301f36010e0fcef0949078338f549ddb70e15c9a598e80c905baa
 </​code>​ </​code>​
  
-For the moment, passwords ​will be evaluated only if their length ​is between 8 (that's the minimum password length) and 16 characters (for implementation reasons). We will increase the max passwords size in the next releases.+For more help with bitlocker2john,​ see the following URLs, 
 + 
 +https://​github.com/​libyal/​libbde/​wiki 
 +https://​github.com/​libyal/​libbde/​wiki/​Troubleshooting 
 + 
 +==== Cracking Process ==== 
 + 
 +Start John BitLocker-OpenCL format, specifying the previous hash: 
 +<​code>​ 
 +./john --format=bitlocker-opencl --wordlist=wordlist target_hash  
 +</​code>​ 
 + 
 +Currently, BitCracker is able to evaluate ​passwords ​having ​length ​ between 8 (minimum password length) and 16 characters (implementation reasons). We will increase the max passwords size in the next release. 
 + 
 +Samples BitLocker images for testing are available at https://​github.com/​kholia/​libbde/​tree/​bitlocker2john/​samples 
 ===== Output ===== ===== Output =====
  
Line 30: Line 76:
 <​code>​ <​code>​
  
-Device ​6GeForce GTX TITAN X+./john --format=bitlocker-opencl --wordlist=wordlist hash 
 +Device ​0Tesla K80
 Using default input encoding: UTF-8 Using default input encoding: UTF-8
-Loaded 1 password ​ +Loaded 1 password ​hash (bitlocker-opencl [SHA-256 AES OpenCL]
-donaldduck ​        (?+Noteminimum length forced to 8 
-1g 0:00:03:07 DONE (2017-02-15 19:470.005324g/s 915.9p/s 915.9c/s 915.9C/s GPU:79°C aaaaaaaa..abdbedff +Press '​q'​ or Ctrl-C to abort, almost any other key for status 
-Session completed+password@123 ​(?)
  
 </​code>​ </​code>​
- 
 ===== References, license and contacts ===== ===== References, license and contacts =====
  
Line 44: Line 90:
 Copyright (c) 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>\\ Copyright (c) 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>\\
 Licensed under GPLv2\\ Licensed under GPLv2\\
-This is a research project, therefore please contact ​or cite if you want to use this source code or start any type of collaboration.\\ + 
-Please ​report any bug to <elena dot ago at gmail dot com>+You can find the standalone CUDA version here: https://​github.com/​e-ago/​bitcracker\\ 
 +This is a research project; for any additional info or to report any bug please contact ​<elena dot ago at gmail dot com>
john/OpenCL-BitLocker.1492757065.txt · Last modified: 2017/04/20 23:44 by elenago
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share