Brute Forcing Bitlocker

jcoder · 2023-11-29T17:06:56.000Z

I recently had to enter a Bitlocker Recovery Key for an end users computer. While doing so, I noticed that Bitlocker will tell you when the pervious 6 digits you enter don’t match the recovery key. So in theory, you only need to guess a 6 digit combination at a time, because the PC will tell you if the recovery key so far is correct or incorrect. So that got me thinking, can you build a cracker, that guesses a 6 digit combination, and if windows says it matches, then it will move on to the next set of 6 digits, until it completes the entire recovery key? And given processing speeds of a GPU now adays, if its doing a six digit number code using only numbers 0-9 thats about 1million combinations according to my research which I feel like is not much for a modern GPU.

If this is true and or possible, would this make bitlocker not as secure as they say it is? My main question is why is Windows telling you if you entered part of the recovery key wrong, I feel like it takes the number of digits from 48 down to 8 sets of 6digits.

I might have to elaborate more or do some more research into this, I could be going totally off track. I did some quick browsing and couldnt find much, just an article from Microsoft saying Bitlocker isnt crackable, and then another article for HashCat / Jack the Ripper and Bitcracker. But I believe those tools function different from the theory I’m proposing.

ich-ni-san · 2023-11-29T17:19:00.000Z

10 years ago, this was discussed quite a bit here:

How Secure it bitlocker? Security

How secure is Bitlocker as in how hard would it be to brute force the bitlocker encryption key? I know that by default it uses a AES 128 BIT key, but because of the way it is implemented I have doubts about its security. The problem is that when windows asks you to enter the key it verifies it in 6 digit blocks and tells you if each block is correct or not before continuing to the next block. Because each block is verified in sets of 6 characters that means it is actually composed of multiple …

Rod-IT · 2023-11-29T17:29:30.000Z

It depends where you try to initiate the crack.
Pre-boot password, or with the recovery key, which will be unique based on the system ID of the device.
Everything is possible, however if this was crack able, someone would have already published how by now and that would then make the product useless.

Rod-IT · 2023-11-29T17:35:50.000Z

ich.ni.san:

10 years ago, this was discussed quite a bit here:

How Secure it bitlocker?

That was very good, but in-depth read.

@jcoder

jcoder · 2023-11-29T18:33:08.000Z

ich.ni.san:

10 years ago, this was discussed quite a bit here:

How Secure it bitlocker?

Thank you for your response! I will definitely check out the article, I love reads like that! (weird to think 10 years ago I was in Highschool)

PatrickFarrell · 2023-11-29T19:36:11.000Z

Starts to feel like part of the plot line for Olympus has Fallen if you interpret how it works incorrectly.

roger-knowbe4 · 2023-11-30T13:18:23.000Z

If you don’t have time to read the comments from 10 years ago, the best non-crypto, non-math explanation was that the 6-character chunk checks ARE NOT validating that they are entered in character-by-character correctly. BitLocker only does a very simple validation check that what was entered can be equally divided by 11 (which the real, valid set of characters can also be done). So the check is not validating that the user typed in the right number for the six-digit chunk until all chunks have been entered. Thus no easier cracking can be done.

deanmoncaster · 2023-11-30T14:32:58.000Z

There was a bug in netbios in the 90s that allow you to brute force share passwords 1 character at a time.

It took all of 10 minutes to break into anyone’s network share.

I think MS may have learnt from this.

Here is the MS security report on it

learn.microsoft.com

Microsoft Security Bulletin MS00-072 - Critical

Get the critical Microsoft Security Bulletin MS00-072 patch for Share Level Password vulnerability in Windows 95, 98, and Me. Protect your files now.

"3.2.3 Windows 95/98/ME Share Level Password Bypass (CIFS-win9x-onebyte-password)

A flaw in the Windows 95/98/ME File and Print Sharing service allows unauthorized users to access file and print shares by sending the first character of the password. Due to the limited number of attempts required to guess the password, brute force attacks can be performed in just a few seconds.

Established connection to share TEST with password P."

For example if the password is “Password” (without quotes) and the client sends the password “P” (without quotes) and the length of 1, the client is authenticated. To find the rest of the password, the attacker increments the length to 2 and starts guessing the second letter until he reaches “PA” and gets authenticated again. As share passwords in Windows 95 are not case sensitive, “Pa” and “PA” will also be accepted. The attacker can continue to increment the length and guessing the next letter one-by-one until he gets the full “PASSWORD” (as the maximum length is 8 characters).

I believe all characters between ALT+033 and ALT+255 can be used in the share password in Windows 95, but as it is case insensitive, we have 196 characters to use, and a maximum length of 8 characters. In worst case this means that we can guess the full password in 1568 requests. The funny thing is that the share password is not connected to (by default) any username/account, and it cannot be locked via brute force."

Ethan6123 · 2023-11-30T15:18:18.000Z

Roger (KnowBe4):

…BitLocker only does a very simple validation check that what was entered can be equally divided by 11 (which the real, valid set of characters can also be done)…

This exactly.

Bitlocker takes a code which would take current tech millennia to crack and then multiplies it by 11 so it can be easily validated. It’s only making it easier to enter the super long key.