Unlock bitlocker?

TravelMore · 2025-04-10T15:28:31.538Z

Is there way to unlock bitlocker w/out the 48-digit recovery key?

Friends relatives had a laptop that they wanted me to get data off of (they dont know the windows passwords or email acct). I turned it on after looking a bit more I found out the whole hard drive was encyrpted. Since they dont know the windows login password/pin nor the email account that was associated w/it (the 2nd windows user acct they dont know the password or security question answers), I told them more than likely it will have to be reformatted and they’ll just have to have a fresh start.

I’ve never came across this before and the only thing so far I could see was the TPM Protector ID and the Recovery Password (not the 48 key).

I told them unless they can get the 48 digit recovery key or recall the windows passwords more than likely it’ll have to be reformatted. Figued i’d try here if anyone had any ideas before I reformat it.

I’ve looked and saw that some have used Passware or Elcomsoft Decryptor. Figured I’d see if anyone else has ran into this issue and been able to pull the data off w/out having to format it.

PatrickFarrell · 2025-04-10T15:31:09.660Z

Doubtful. It would defeat the entire point of bitlocker if you could. It would be stored in the microsoft account they set the computer up with if it’s Windows 11. Best bet is to keep hammering the brain cells trying to remember which e-mail address that was and see if you can get access.

TravelMore · 2025-04-10T15:38:04.182Z

That is what I was thinking too. I didn’t know if there was a way I could see what email address they used or even if i could login to the 2nd windows account (that just has password/security questions) and try to get in through that but since its encrypted I don’t think there is a program that could assist. I tried putting net user admin on in an attempt and activated it through cmd but it didn’t show up once I rebooted the pc (figured it wouldn’t but wanted to try).

titusovermyer · 2025-04-10T16:57:03.798Z

When there are a certain set of circumstances that are met, Windows Enabled Bitlocker and backs up the key to the MS Account. There aren’t many options outside of that.

learn.microsoft.com

BitLocker drive encryption in Windows 11 for OEMs

OEMs can configure hardware to support Windows 11 automatic device encryption.

Rod-IT · 2025-04-10T20:26:11.855Z

TravelMore:

I didn’t know if there was a way I could see what email address they used

This would also allow an attacker to know what account they can target if it’s a Microsoft account.

the purpose of encryption is to keep people out, in this case it’s the people who can’t remember their details. Unfortunate as it is, it’s doing what is expected of it.

As noted, OEMs will encrypt drives with certain criteria, it is also true that Windows 11 24H2 encrypts by default - newer OSes have stronger encryption.

Greek-Greg · 2025-04-10T22:21:49.095Z

No there is not. If there was then BitLocker would be absolutely useless. I don’t mean that as a flippant comment so please don’t take it that way. But that’s its whole job. No key, you’re not in

TravelMore · 2025-04-10T22:52:46.616Z

Thanks & No worries, I figured that was the case but wanted to be sure. I had never came across a encrypted drive before.

wattleandgum · 2025-04-10T22:53:14.509Z

I wouldn’t be promising them anything either in that scenario, that’s a pretty lost cause

If this was my relatives and it was likely to be worth my while, my next steps would be:

attempt to login as “Administrator” on the off chance that the local admin account is enabled, and even worse - has a blank or guessable password
ask the relevant people (your friends, not the original user) to search their email archives for any emails from the original user of the machine, which should turn up various email addresses - then work through them to work out what the likely options are, and narrow them down
ask them to email Microsoft with whatever they know about the second email address and ask for help. They will need to give details, e.g. what folders were in the mailbox, when it was last used, the name/DOB that were on the account etc

Using social engineering skills is going to be your best bet here.

wattleandgum · 2025-04-10T22:55:27.304Z

Just putting this here as an answer to your initial question:

Technically, yes you can unlock bitlocker without the recovery key, provided the following are true:

machine is windows 10 or 11, not sure about 7 or 8 as not tried
you have physical access to the machine
you know a windows administrator username and password
rarely, bitlocker is set to unlock with a password - if so, you know what it was
the hard drive is still in the original machine and hasn’t been removed
the TPM chip is still present, hasn’t died and hasn’t been reset

Procedure
Caution: If the affected system is configured to use RAID, the Storage Controllers within the BIOS of a system must first be changed from RAID to AHCI. During boot, load the BIOS options and adjust as appropriate

Cycle through the blue-screen error or (crash the computer 3-5 times by powering off mid boot) until you get to the recovery screen. Perform the steps below:

Navigate to Troubleshoot > Advanced Options > Startup Settings
Press Restart
Skip the first Bitlocker recovery key prompt by pressing Esc
Skip the second Bitlocker recovery key prompt by selecting Skip This Drive in the
bottom right
Navigate to Troubleshoot > Advanced Options > Command Prompt
Type bcdedit /set {default} safeboot minimal, then press Enter
Close the command prompt window by clicking the X in the top right. This will return you
back to the blue screen (WinRE main menu)
Select Continue.

Your PC will now reboot; it may cycle 2-3 times. Your PC should now boot into safe mode.

Then you can login as administrator and turn bitlocker off or whatever you need to do, but this still requires an administrator login.

Worst case, it might-or-might-not get you back to a login screen after bitlocker has got mad at you for trying too many times.

TravelMore · 2025-04-10T23:01:17.337Z

Thank you for the info!

Its a win11 machine, yes i have phsyical access to it. No i dont know the admin password, nor the bitlocker password. The hard drive is still i the original machine and the TMP Chip is still present.

I can try the steps just to see what happens, even though I don’t have an admin login. I’ll at least like to run through it and see.

Previously I had read something about coldbooting the RAM (Can’t recall if that was the correct phrase). but I did not want to do that.