BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Ultimate, Pro and Enterprise.
BitLocker-OpenCL format attacks memory units encrypted using the User Password (see the following picture) or the Recovery Password authentication methods.
Our attack has been tested on several memory devices encrypted with BitLocker on Windows 7, 8.1 and 10 (both compatible and not compatible mode).
You can find the standalone CUDA implementation here: https://github.com/e-ago/bitcracker
With this authentication method, the user can choose to encrypt a memory device by means of a password.
To find the password used during the encryption, see Step 2: Extract the hash
During the encryption of a memory device, (regardless the authentication method) BitLocker asks the user to store somewhere a Recovery Password that can be used to restore the access to the encrypted memory unit in the event that she/he can't unlock the drive normally. Thus the Recovery Password is a common factor for all the authentication methods and it consists of a 48-digit key like this:
236808-089419-192665-495704-618299-073414-538373-542366
To find the correct Recovery Password, see Step 2: Extract the hash. For further details, see also Microsoft docs.
In order to start the attack, you need to extract the image of your memory device encrypted with BitLocker. For example, you can use the dd command:
sudo dd if=/dev/disk2 of=/path/to/imageEncrypted conv=noerror,sync 4030464+0 records in 4030464+0 records out 2063597568 bytes transferred in 292.749849 secs (7049013 bytes/sec)
In order to use the BitLocker-OpenCL format, you must produce a well-formatted hash of your encrypted image. Use the bitlocker2john tool (john repo) to extract the hash from the password protected BitLocker encrypted volumes.
$ ../run/bitlocker2john -i /path/to/imageEncrypted Opening file /path/to/imageEncrypted Signature found at 0x00010003 Version: 8 Invalid version, looking for a signature with valid version... Signature found at 0x02110000 Version: 2 (Windows 7 or later) VMK entry found at 0x021100d2 VMK encrypted with user password found! VMK encrypted with AES-CCM VMK entry found at 0x021101b2 VMK encrypted with Recovery key found! VMK encrypted with AES-CCM $bitlocker$0$16$a149a1c91be871e9783f51b59fd9db88$1048576$12$b0adb333606cd30103000000$60$c1633c8f7eb721ff42e3c29c3daea6da0189198af15161975f8d00b8933681d93edc7e63f36b917cdb73285f889b9bb37462a40c1f8c7857eddf2f0e $bitlocker$1$16$a149a1c91be871e9783f51b59fd9db88$1048576$12$b0adb333606cd30103000000$60$c1633c8f7eb721ff42e3c29c3daea6da0189198af15161975f8d00b8933681d93edc7e63f36b917cdb73285f889b9bb37462a40c1f8c7857eddf2f0e $bitlocker$2$16$2f8c9fbd1ed2c1f4f034824f418f270b$1048576$12$b0adb333606cd30106000000$60$8323c561e4ef83609aa9aa409ec5af460d784ce3f836e06cec26eed1413667c94a2f6d4f93d860575498aa7ccdc43a964f47077239998feb0303105d $bitlocker$3$16$2f8c9fbd1ed2c1f4f034824f418f270b$1048576$12$b0adb333606cd30106000000$60$8323c561e4ef83609aa9aa409ec5af460d784ce3f836e06cec26eed1413667c94a2f6d4f93d860575498aa7ccdc43a964f47077239998feb0303105d
As shown in the example, it returns 4 output hashes with different prefix:
Samples BitLocker images for testing are available here:
Use the BitLocker-OpenCL format specifying the hash file:
./john --format=bitlocker-opencl --wordlist=wordlist target_hash
Currently, this format is able to evaluate passwords having length between 8 (minimum password length) and 55 characters (implementation reasons). We will increase the max passwords size in the next release.
The mask you can use to generate Recovery Password is:
-mask=?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d
Please note that the number of possible Recovery Passwords is way too large, so there's effectively no chance that this will find yours unless you recall almost all of it (except for just a handful of digits) and replace most of the ”?d” above with the known digits.
Samples of User Password/Recovery Passwords dictionaries you can user are available here: https://github.com/e-ago/bitcracker/tree/master/Dictionary
An output example is:
./john --format=bitlocker-opencl --wordlist=wordlist hash Device 0: Tesla K80 Using default input encoding: UTF-8 Loaded 1 password hash (bitlocker-opencl [SHA-256 AES OpenCL]) Note: minimum length forced to 8 Press 'q' or Ctrl-C to abort, almost any other key for status password@123 (?)
This OpenCL implementation has been tested on a GPU NVIDIA GeForce Titan X (Openwall), GPU AMD Radeon HD 7990 Malta and an Intel Core i7 CPU. For additional information about performance, see https://github.com/e-ago/bitcracker#performance
12/19/2017
Next Update:
BitCracker OpenCL version developed by Elenago <elena dot ago at gmail dot com> in 2015
Copyright © 2015-2017 Elenago and Massimo Bernaschi (National Research Council of Italy), <massimo dot bernaschi at gmail dot com>
Licensed under GPLv2
You can find the standalone CUDA implementation here: https://github.com/e-ago/bitcracker
This is a research project; for any additional info or to report any bug please contact <elena dot ago at gmail dot com>