Passware, a software firm that provides password recovery, decryption, and evidence discovery software for computer forensics, has updated its flagship application this week to support breaking Microsoft's BitLocker hard drive encryption. Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption.
Passware claims that full disk encryption was a major problem for investigators and that its tool helps police, law enforcement, and private investigators bypass BitLocker encryption for seized computers. That may be, but since this is a commercially available product, anyone with $795 can now circumvent the encryption. Add to that the fact that previous versions of this software have been pirated (version 9.0 was released earlier this year), and it's only a matter of time before even the price point doesn't matter.
Passware Kit Forensic is a tool that can recover passwords from various file types, decrypt Microsoft Word and Excel files up to version 2003, and reset passwords for local and domain Windows administrators. It is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms at its disposal. There's also a portable version of the software that runs from a USB drive and finds encrypted files, plus recovers files and website passwords without making any changes to the target computer.
- In the event that you cannot access a BitLocker protected drive, you may be called upon to perform a BitLocker recovery. This can be done in a variety of ways. The user can type in the 48-digit recovery password. A domain administrator can recover the password from Active Directory Domain Services if that is where the password was stored.
- But some might just want to take that one in a theoretical 10^48 chance. This tools, script rather, would help you with trying to crack open a Bitlocker encrypted volume using recovery password options. First, you need python 3.X, preferably the newest version, installed.
- BitCracker is the first open source BitLocker password cracking tool. BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authentication mode of BitLocker (see picture below).
The BitLocker feature of Windows is supposed to offer a degree of peace of mind that files are going to be secure - but one expert points out that a simple key combo is all it takes to bypass the.
Bitlocker Password Id
AdvertisementBitLocker Drive Encryption is a full disk encryption feature available in the Ultimate and Enterprise editions of Windows Vista and Windows 7, as well as the Windows Server 2008 and Windows Server 2008 R2 operating systems. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in CBC mode with a 128 bit-key, combined with the Elephant diffuser for additional disk encryption security not provided by AES. It is meant to prevent a thief or thieves from using another operating system or hacking tool to get around file and system protections provided by Windows in order to view files stored on the drive.
Update
How To Crack Bitlocker Password
As pointed out in the comments, this isn't exactly a 'crack' for BitLocker. Like most similar digital forensics analysis software, Passware Kit Forensic requires access to a physical memory image file of the target computer before it can extract all the encryption keys for a BitLocker disk. If a forensics analyst or thief has physical access to a running system, it is possible to take advantage of the fact that the contents are in the computer's memory. Other drive encryption programs have similar issues.
The BitLocker feature of Windows is supposed to offer a degree of peace of mind that files are going to be secure -- but one expert points out that a simple key combo is all it takes to bypass the security feature.
A bug has been discovered in the way Windows 10 handles a Feature Update -- the installation of a new build of the operating system. By taking advantage of the bug, it is possible to access a Command Prompt and gain unrestricted access to the contents of the hard drive.
The reason for this is that BitLocker is disabled during the update process, as security expert Sami Laiho points out. He reveals that exploiting the bug takes nothing more than pressing Shift + F10 during the upgrade and you can then access the Command Prompt in the Windows PE (Preinstallation Environment) used during the upgrade.
Crack Bitlocker Drive
While exploiting the bug -- which, we are assured, Microsoft is 'working on' -- does require access to a computer, it is still a concern. Laiho says:
The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine. And of course that this doesn't require any external hardware or additional software.
So what can you do to keep your computer secure? Well, until a fix is released for the problem, there are limits to the protective steps you can take, but Laiho offers the following advice:
- Don't allow unattended upgrades
- Keep very tight watch on the Insiders
- Stick to LTSB version of Windows 10 for now
Photo Credit:Anton Watman / Shutterstock.com