This shows you the differences between two versions of the page.
|
john:OpenCL-BitLocker [2017/12/19 11:14] elenago [Step 3: Attack!] |
john:OpenCL-BitLocker [2024/11/09 04:35] (current) solar [Step 3: Attack!] Sync with today's README.BitLocker update |
||
|---|---|---|---|
| Line 22: | Line 22: | ||
| </code> | </code> | ||
| - | To find the correct Recovery Password, see [[#Step 2: Extract the hash|Step 2: Extract the hash]]). | + | To find the correct Recovery Password, see [[#Step 2: Extract the hash|Step 2: Extract the hash]]. |
| For further details, see also [[https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-recovery-guide-plan|Microsoft docs]]. | For further details, see also [[https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-recovery-guide-plan|Microsoft docs]]. | ||
| Line 69: | Line 69: | ||
| As shown in the example, it returns 4 output hashes with different prefix: | As shown in the example, it returns 4 output hashes with different prefix: | ||
| - | * If the device was encrypted using the User Password authentication methods, bitlocker2john prints those 2 hashes: | + | * If the device was encrypted using the User Password authentication method, bitlocker2john prints those 2 hashes: |
| * $bitlocker$0$... : it starts the User Password fast attack mode (see [[#User Password authentication method|User Password Section]]) | * $bitlocker$0$... : it starts the User Password fast attack mode (see [[#User Password authentication method|User Password Section]]) | ||
| * $bitlocker$1$... : it starts the User Password attack mode with MAC verification (slower execution, no false positives) | * $bitlocker$1$... : it starts the User Password attack mode with MAC verification (slower execution, no false positives) | ||
| Line 87: | Line 87: | ||
| </code> | </code> | ||
| - | Currently, this format is able to evaluate passwords having length between 8 (minimum password length) and 55 characters (implementation reasons). | + | Currently, this format is able to evaluate passwords having length between 8 (minimum password length) and 55 characters (implementation reasons). |
| - | We will increase the max passwords size in the next release. | + | |
| - | The mask you can use to generate Recovery Password is: | + | To avoid wasting compute resources, choose just one hash for this attack - either $bitlocker$0$... or $bitlocker$1$... |
| + | |||
| + | ===== Recovery Passwords (but you're out of luck cracking these, so just don't) ===== | ||
| + | |||
| + | The mask you can use to generate Recovery Passwords is: | ||
| <code> | <code> | ||
| - | -mask=?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d | + | --mask=?d?d?d?d?d?d-?d?d?d?d?d?d-?d?d?d?d?d?d-?d?d?d?d?d?d-?d?d?d?d?d?d-?d?d?d?d?d?d-?d?d?d?d?d?d-?d?d?d?d?d?d |
| </code> | </code> | ||
| + | |||
| + | Please note that the number of possible Recovery Passwords is **way** too large, so there's effectively **no chance** that this will find yours unless you recall almost all of it (except for just a handful of digits) and replace most of the "?d" above with the known digits. | ||
| + | |||
| + | Recovery Passwords are currently only supported by the BitLocker-OpenCL format (for use on GPUs), not by the corresponding BitLocker CPU format, but like the above paragraph says it's a controversial feature anyhow, which is unlikely to ever help. | ||
| + | |||
| + | To avoid wasting compute resources, choose just one hash for this attack - either $bitlocker$2$... or $bitlocker$3$... | ||
| Samples of User Password/Recovery Passwords dictionaries you can user are available here: https://github.com/e-ago/bitcracker/tree/master/Dictionary | Samples of User Password/Recovery Passwords dictionaries you can user are available here: https://github.com/e-ago/bitcracker/tree/master/Dictionary | ||