Breaking Bitlocker - Bypassing the Windows Disk Encryption

preview_player
Показать описание
In this video we will use a hardware attack to bypass TPM-based Bitlocker encryption as used on most Microsoft Windows devices.

Errata:
- PIN can also be enabled using manage-bde, not just using group policies

Questions:

Links:

Me:

Posts about sniffing bitlocker:
  1. stacksmashing
  2. Bitlocker
  3. encryption
  4. windows
  5. microsoft
  6. security
Рекомендации по теме
Breaking Bitlocker - 0:09:11

Breaking Bitlocker - Bypassing the Windows Disk Encryption

Unlock, Turn off 0:04:19

Unlock, Turn off BitLocker ENCRYPTED Drive WITHOUT a RECOVERY KEY in 1 Minute

Unlock, Turn off 0:04:34

Unlock, Turn off and Bypass the Windows BitLocker in ONE MINUTE | If You are WELL PREPARED

How to Bypass 0:05:14

How to Bypass BitLocker Blue Screen in Windows 10/11 (2 Methods) 2024

How to Bypass 0:04:25

How to Bypass BitLocker without Recovery Key and Password | Forgot BitLocker Password

[UPDATE] How to 0:06:12

[UPDATE] How to Bypass BitLocker to Reset Windows 10/11 Password - 2024

How To Bypass 0:02:17

How To Bypass The BitLocker Recovery Key On Windows 11 | Complete Tutorial Step by Step

How to HACK 0:10:04

How to HACK Windows Bitlocker - MUST SEE!

BitLocker Unlock Without 0:10:16

BitLocker Unlock Without Password and Recovery Key | How to Bypass BitLocker Without Recovery Key

How To Remove 0:02:23

How To Remove BITLOCKER ENCRYPTION In Windows 10

unlock bitlocker drive 0:01:23

unlock bitlocker drive from command prompt without recovery key

How to: Crack 0:09:54

How to: Crack Bitlocker encrypted drives

BitLocker Reset Password 0:03:02

BitLocker Reset Password Forgotten Using USB

Breaking Bitlocker - 0:05:15

Breaking Bitlocker - Bypassing Windows Disk Encryption

How to Bypass 0:08:15

How to Bypass BitLocker Recovery Blue Screen | Enter the Recovery Key for This Drive

Forgot bit locker 0:18:28

Forgot bit locker pin, forgot bit locker recovery key, how to Fix, 6 Easy Ways

How to Format 0:05:38

How to Format Bitlocker Encrypted Disk Without Key

How To Remove/Disable 0:03:17

How To Remove/Disable BITLOCKER ENCRYPTION In Windows 11

Fix Bitlocker Recovery 0:02:19

Fix Bitlocker Recovery Key😂 || bitlocker unlock without password and recovery key | bitlocker

Find the HIDDEN 0:04:32

Find the HIDDEN BitLocker Recovery Keys in 3 SECONDS. I regret not having learned this earlier...

how hackers bypass 0:07:36

how hackers bypass windows login screen!

How to Forgot 0:05:15

How to Forgot Password Bitlocker and Tum off Bitlocker Windows 10 and Lost Recovery Key Recover..

Bypass BitLocker Recovery 0:07:16

Bypass BitLocker Recovery BlueScreen in Windows 10/11 (REAL METHOD) 2023

unlock bitlocker drive 0:04:11

unlock bitlocker drive from command prompt

Комментарии
Автор

I work in data recovery... this could be really helpful for those who can't get their keys for whatever reason. If people can't get their keys, we have other avenues at times, but largely its just not worth it

TechX
Автор

I've always been under the impression that once someone has physical access to your machine, you've already lost. And this video once again confirms that.

sarkasaa
Автор

I love the clarity of your explanations. More folk in the industry need to speak and explain like you do. Great job.

JasonMayes
Автор

don't forget - a TPM module was a requirement for Windows 11 installs for "security" 🙃

clebbington
Автор

Congratulations! You found the FBI's backdoor.

Expect an agent to arrive at your destination in a couple of minutes for your prize!

Charles-ksht
Автор

transmitting the key in *plaintext* is such a bafflingly obvious vulnerability I'm amazed it's in the bloody security chip. I understand the increased hardware and execution time costs that would come with doing otherwise but you'd think security would be prioritized

mekafinchi
Автор

Your explanation is great! I really like the animations and visuals you show

matankabalo
Автор

I saw your great presentation on the Iphone USB-C stuff from 37C3 and now this popped up in my feed. Really amazing work stacksmashing!

simon
Автор

Really interesting video and great demonstration. Surprising how easy this is.

Of note, TPM only BitLocker configuration is documented as being one of the less secure. Definitely not recommended for a production deployment. As you have shown, it really only offers robust protection against access when the drive is removed and separated from the original system and TPM.

With TPM only there is only a single branch in the key chain. TPM Key Protector (KP) decrypts the Volume Master Key (VMK) decrypts the Full Volume Encryption Key (FVEK).

TPM + PIN is a more secure method which requires the pre-boot PIN in addition to the TPM stored key.

Actually the PIN doesn't protect the TPM as you suggested, it is really just another BitLocker KP needed to unlock decrypt the VMK. It is just designed to require both the TPM KP and the PIN KP to do so.

There's a whole lot more behind BitLocker in terms of default vs best practice for security. Why MS don't just them as default it is beyond me.

NoDissasemble
Автор

6:48 - "It did not need any super advanced skills or tools"
Depends on who you ask. To me there is a lot of knowledge already needed to perform this kind of attack and (optionally) even build a custom PCB 👍
Well done Sir.

jurgennicht
Автор

Oh, I love this. The combination of ingenuity, curiosity and a great amount of knowledge. Well done.

kobehighlander
Автор

There was a similar attack published a few years ago for a TPM that communicated unencrypted over SPI. I had assumed that something like this would have been addressed by now by using some kind of encryption using pre-shared keys. 🙈
Great work, BTW 👏🏼

netroy
Автор

super informative as always, thx for the video

HollyTroll
Автор

Great Video! Explained well. Thank you.

DigitalMetal
Автор

well, you are the only one i found in two days that really understands the bitlocker, thanks for the video

ysidrovasquez
Автор

You never cease to amaze Thomas. Incredible work my friend!

ipaterson
Автор

What you’ve pointed out is that providing *maximum* security is a moving point in time. What is maximum (and usually adequate) at one point in time becomes inadequate as attack techniques improve and shortcomings are identified. The protection is then improved to maximize it anew — again, for a time.

To remediate the defect you demonstrated, laptops now use integrated TPM or firmware TPM so there’s no more transmission of keys over motherboard traces to be sniffed.

Finally, your statement about preboot PIN is inaccurate. It does not require a Group Policy Object (GPO). This documented command for Windows Pro does it: Manage-BDE -Protectors -Add C: -TPMandPIN

briandeschene
Автор

Thanks for making this video. I thought bitlocker was enough to secure my computer. I still think it’s good enough to keep it safe from the majority of criminals but I’m going to look at editing the group policy to secure the TPM with a pin pre-boot for additional security. Thanks for making me aware of this issue

tpdblake
Автор

Killer work dude! This is super clean!

noflashbang
Автор

Prior to the video I was aware of this attack but I was shocked at how practical it actually is, it even looked like a magic stick. I thought it needed a somewhat sophisticated lab and days of work

eduardoandrescastilloperer