add support for Bitlocker #1117

Open
roycewilliams opened this Issue Feb 20, 2017 · 13 comments

Comments

Projects
None yet
8 participants
@roycewilliams
Contributor

roycewilliams commented Feb 20, 2017

Placeholder for adding Bitlocker support.

Spec that might provide enough info: https://github.com/libyal/libbde/blob/master/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc

As requested in this older forums thread: https://hashcat.net/forum/thread-5474.html

@Manouchehri

This comment has been minimized.

Show comment
Hide comment
@Manouchehri

Manouchehri Feb 20, 2017

There's also dislocker to use as a reference.

https://github.com/Aorimn/dislocker

There's also dislocker to use as a reference.

https://github.com/Aorimn/dislocker

@jsteube

This comment has been minimized.

Show comment
Hide comment
@jsteube

jsteube Feb 20, 2017

Member

I think it needs an extraction utility first. After that, adding a mode is simple, since we already have GPU code for TrueCrypt and LUKS which ships all of the ciphers, hashes and modes we'd need.

Member

jsteube commented Feb 20, 2017

I think it needs an extraction utility first. After that, adding a mode is simple, since we already have GPU code for TrueCrypt and LUKS which ships all of the ciphers, hashes and modes we'd need.

@magnumripper

This comment has been minimized.

Show comment
Hide comment
@magnumripper

magnumripper Feb 20, 2017

Contributor

I believe @e-ago will commit a utility and establish a hash format in magnumripper/JohnTheRipper#2427 RSN. If you do so before her, I'll see to it that JtR uses the same hash format.

Contributor

magnumripper commented Feb 20, 2017

I believe @e-ago will commit a utility and establish a hash format in magnumripper/JohnTheRipper#2427 RSN. If you do so before her, I'll see to it that JtR uses the same hash format.

@e-ago

This comment has been minimized.

Show comment
Hide comment
@e-ago

e-ago Feb 20, 2017

Yes, I will release the final version of the code no later than 1 or 2 days

e-ago commented Feb 20, 2017

Yes, I will release the final version of the code no later than 1 or 2 days

@IncognitoEntity

This comment has been minimized.

Show comment
Hide comment
@IncognitoEntity

IncognitoEntity Feb 22, 2017

Just writing to add support a bitlocker feature within hashcat. I believe it uses AES-XTS. Will it be alike truecrypt striping out the first 512 bytes?

Just writing to add support a bitlocker feature within hashcat. I believe it uses AES-XTS. Will it be alike truecrypt striping out the first 512 bytes?

@jsteube

This comment has been minimized.

Show comment
Hide comment
@jsteube

jsteube Feb 22, 2017

Member
Member

jsteube commented Feb 22, 2017

@IncognitoEntity

This comment has been minimized.

Show comment
Hide comment
@IncognitoEntity

IncognitoEntity Feb 22, 2017

I've just looked at a bitlocker encrypted drive that i'm working on, and using a command prompt from a Windows 10 live cd within a VM of the bitlocker encrypted machine, the manage-bde -status command shows Encryption Method: AES-XTS 128. I'm not sure though if bitlocker lets you set up different options like Truecrypt etc. Something I can test if need be.

I've just looked at a bitlocker encrypted drive that i'm working on, and using a command prompt from a Windows 10 live cd within a VM of the bitlocker encrypted machine, the manage-bde -status command shows Encryption Method: AES-XTS 128. I'm not sure though if bitlocker lets you set up different options like Truecrypt etc. Something I can test if need be.

@Manouchehri

This comment has been minimized.

Show comment
Hide comment
@Manouchehri

Manouchehri Feb 22, 2017

@roycewilliams

This comment has been minimized.

Show comment
Hide comment
@roycewilliams

roycewilliams Apr 4, 2017

Contributor

The PR is still pending at this writing, but this may be enough fodder for an extraction utility:

https://github.com/e-ago/JohnTheRipper/blob/6fb90c306f420f179db3d143962dbc36daeebba2/src/bitlocker2john.c

Not sure if this is just a staged copy, or something that's actually functional yet.

Contributor

roycewilliams commented Apr 4, 2017

The PR is still pending at this writing, but this may be enough fodder for an extraction utility:

https://github.com/e-ago/JohnTheRipper/blob/6fb90c306f420f179db3d143962dbc36daeebba2/src/bitlocker2john.c

Not sure if this is just a staged copy, or something that's actually functional yet.

@kholia

This comment has been minimized.

Show comment
Hide comment
@kholia

kholia Apr 4, 2017

That version of bitlocker2john.c is unreliable at the moment and does not extract "non-hashes" properly.

https://github.com/kholia/bitlocker2john is super reliable but it is a big project. Ideas from this project can be used to improve the former standalone bitlocker2john.c utility. This task is already on e-ago's list I believe.

kholia commented Apr 4, 2017

That version of bitlocker2john.c is unreliable at the moment and does not extract "non-hashes" properly.

https://github.com/kholia/bitlocker2john is super reliable but it is a big project. Ideas from this project can be used to improve the former standalone bitlocker2john.c utility. This task is already on e-ago's list I believe.

@magnumripper

This comment has been minimized.

Show comment
Hide comment
@magnumripper

magnumripper May 1, 2017

Contributor

I think @e-ago mentioned somewhere AES-XTS is not needed for cracking, just normal AES.

Contributor

magnumripper commented May 1, 2017

I think @e-ago mentioned somewhere AES-XTS is not needed for cracking, just normal AES.

@QuelonaSec

This comment has been minimized.

Show comment
Hide comment
@QuelonaSec

QuelonaSec Jul 29, 2017

#2516 states: "New hash format supported". Since it seems to be implemented in JTR Jumbo, does this mean something for hashcat?

Is there any progress? Is there something to help for someone with limited coding skills?

QuelonaSec commented Jul 29, 2017

#2516 states: "New hash format supported". Since it seems to be implemented in JTR Jumbo, does this mean something for hashcat?

Is there any progress? Is there something to help for someone with limited coding skills?

@roycewilliams

This comment has been minimized.

Show comment
Hide comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment