BitLocker is one of the most advanced and most commonly used volume encryption solutions. BitLocker is well-studied and extensively documented solution with few known vulnerabilities and a limited number of possible vectors of attack. BitLocker volumes may be protected with one or more protectors such as the hardware-bound TPM, user-selectable password, USB key, or combination thereof. Attacking the password is only possible in one of these cases, while other protectors require a very different set of attacks. Learn how to approach BitLocker volumes depending on the type of protector.
The Introduction to BitLocker: Protecting Your System Disk describes how BitLocker works from the user’s perspective. Let’s dig into more details about the various encryption keys used by BitLocker to protect your data and the encryption key.
BitLocker implements staged protection and employs multiple keys, each serving its own purpose.
According to Microsoft, raw data is encrypted with the full volume encryption key (FVEK), which is then encrypted with the volume master key (VMK). The volume master key is in turn encrypted by one of several possible methods depending on the chosen authentication type (that is, key protectors or TPM) and recovery scenarios.
Does the VMK in this scheme looks redundant? It has its purpose. The use of intermediate key (VMK between FVEK and any key protectors) allows changing the keys without the need to re-encrypt the raw data in a case a given key protector is compromised or changed. When changing a key protector, a new VMK will be created and used to encrypt the old FVEK with the new VMK.
Where are all of these keys stored? The full volume encryption key (FVEK) is encrypted by the volume master key (VMK) and stored in the encrypted drive. The volume master key is encrypted by the appropriate key protector and also stored in the encrypted drive.
The thing is, it would not be possible to access the encrypted data if the appropriate encryption key was not stored in the computer’s volatile memory (RAM). While the BitLocker volume is mounted, the volume master key (VMK) resides in the computer’s RAM. By creating a memory dump and extracting the VMK from that dump with Elcomsoft Forensic Disk Decryptor, experts can instantly mount or quickly decrypt the content of the volume regardless of the type of protector used.
BitLocker volumes (or, rather, the volume master keys) can be protected with various methods called protectors. With some of these protectors, the protection is hardware bound. As a result, in order to unlock the volume and decrypt the data, you will need either the original piece of hardware (and possibly other credentials); the brute force attack will not be feasible. Let us check which key protectors exist, how they are used, and how to approach the attack of a BitLocker volume protected with a given protector type.
You can determine the types of protectors enabled for a given BitLocker volume by executing the following command while the volume is mounted:
manage-bde -protectors -get X:
where X: would be the drive letter. (Source: BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker).
TPM only
This is by far the most used protector type on portable devices such as notebooks, Windows tablets and two-in-ones. Your system will boot to login prompt; the VMK will be decrypted with a storage root key (SRK) that is stored in the TPM (or Intel PTT) module and only releases if the system passes the Secure Boot check. This is the most convenient option that effectively protects hard drives but offers weaker protection if the intruder has access to the whole system (computer with TPM and the hard drive).
It is important to understand that a fully encrypted BitLocker volume will be automatically mounted and unlocked during the Windows boot process, long before the user signs in to the system with their Windows credentials. The TPM module will release the encryption metadata and decrypt the protected volume master key (VMK) automatically during the boot sequence, as shown in the image below.
This allows performing a quite unique attack often called the ‘cold boot attack. The attacker would start the computer and wait while the system boots up. By the time the computer presents the login prompt, the BitLocker volume would be already mounted, and the VMK decrypted and stored in the computer’s RAM. The attacker would then dump the content of the computer’s volatile memory (by using a side attack or by physically removing the modules), extract VMK and decrypt the volume.
Attack vectors: Since there is no user-selectable password, attacking TPM only BitLocker volumes requires either of the following.
TPM + PIN
In this mode, the TPM module will only release the encryption key if you correctly type the PIN code during pre-boot phase. Even though the PIN code is short, entering the wrong PIN several times makes TPM panic and block access to the encryption key. This option arguably offers the best balance between security and convenience, combining “something that you have” (the TPM module) with “something that you know” (the PIN code). At the same time, this option may not be convenient in multi-user environments.
Attack vectors: Since TPM+PIN is an interactive mode, you will be required to produce the correct PIN, which then must be entered on the computer containing the TPM module. Note that brute-forcing the PIN may not be an option since all TPM vendors provide built-in protection against such attacks. Unless you are able to circumvent this protection, recovering the PIN may not be possible.
The following attack vectors are available.
TPM + USB Key
This option requires both the TPM and a USB flash drive (or CCID smartcard) to be present in order for the system to boot. This is not a standard configuration, but may be enforced by security policies.
Attack vectors: Since TPM+USB Key requires a key file stored on a USB drive, you will be required to present that USB key in order to decrypt the VMK.
The following attack vectors are available.
TPM + PIN + USB Key
Just as the name suggests, this option requires all three of the TPM, PIN code and USB key/smartcard in order to boot your computer. While this is probably the most secure option, the additional security benefits are hardly worth it compared to the TPM + PIN option if you consider the reduced convenience and reliability (you’ll have to use the recovery key if a USB key or smart card gets lost or corrupted).
Attack vectors: Since this protector requires both the PIN code and the key file stored on a USB drive, you will be required to produce both to satisfy the TPM module and release the decrypted VMK.
The following attack vectors are available.
USB Key
This is one of the more interesting options since it is often used by users whose computers are not equipped with a TPM module or Intel PTT.
Attack vectors: There is still no password to attack (wait for the next option!), so you will require the USB key in order to decrypt the VMK. However, the VMK can be decrypted on any computer as this time the TPM is out of the question.
The following attack vectors are available.
Password only
Just like the previous option, “password only” authentication is frequently used if no TPM or Intel PTT is available. Note that the “password” option is different from the “PIN” as there is no enforceable limit on the number of password attempts without a TPM, which allows a brute-force attack on the password.
Attack vectors: We are finally there. Password only is the only BitLocker protector allowing for a brute force (or dictionary) attack. Similar to the previous case, the VMK can be decrypted on any computer as this time the TPM is out of the question.
The following attack vectors are available.
Whether or not you’ll be able to break the BitLocker volume depends on multiple factors, such as the type of protector (TPM, password, key etc.), the availability of recovery information (BitLocker Recovery Key) or memory dump/hibernation file/page file, as well as whether you have the complete PC or just the disk/image. We have already posted about the different vectors of attack, namely: extracting the BitLocker Recovery Key from the user’s Microsoft Account and dumping and analyzing the computer’s RAM/hibernation/page files.
The RAM dump/hibernation file/page file attack
This attack is universal, and works regardless of the type of protector. Whether the volume is encrypted with TPM, USB key, password, or any combination thereof, the VMK will remain in the computer’s volatile memory (and possibly in the page/hibernation file) at all times while the encrypted volume is mounted.
The attack: How to Instantly Access BitLocker, TrueCrypt, PGP and FileVault 2 Volumes and Breaking BitLocker Encryption: Brute Forcing the Backdoor (Part I)
Extracting hibernation/page files with Elcomsoft System Recovery: A Bootable Flash Drive to Extract Encrypted Volume Keys, Break Full-Disk Encryption
BitLocker recovery keys
In many situations (e.g. the use of BitLocker Device Encryption on portable devices), BitLocker recovery keys are be stored in the user’s Microsoft Account. Extracting those keys from their account allows instantly mounting or decrypting protected volumes regardless of the type of protector.
The attack: Breaking into Microsoft Account: It’s No Google, But Getting Close (scroll down to BitLocker recovery keys).
The password
Finally, we are there. BitLocker passwords are used to protect volumes stored on external devices (including regular BitLocker and BitLocker To Go). The password is also the default when it comes to protecting fixed, non-system volumes. In other words, BitLocker passwords are extremely likely to be used on anything but the system volume. Passwords on bootable (system) volumes are rarely encountered as BitLocker’s default policy is TPM only. Using a password (without TPM) is blocked by the default security policy. While users may edit the policy and enable password-only BitLocker protection on the boot volume, this is fairly uncommon.
The attack is broken into two distinct stages.
Step 1.1: Extracting BitLocker encryption metadata with Elcomsoft Forensic Disk Decryptor
Use Elcomsoft Distributed Password Recovery to extract encryption metadata from BitLocker-protected forensic disk images. The encryption metadata will be saved into a small file that you can safely transfer to the computer where you’ll be performing the actual attack on the password. In order to extract the encryption metadata, do the following.
Important: You will be able to perform a password attack if and only if the BitLocker volume is protected with a password. All other types of protectors (TPM, TPM+PIN, USB Key etc.) do not have a password to recover and are not supported. Attacking a BitLocker volume protected with a different type of protector would be a waste of time. Therefore, EFDD will warn you if the partition you are about to extract is protected with a non-password type of protector:
If this is the case, consider a different attack vector.
Step 1.2: Extracting BitLocker encryption metadata with Elcomsoft System Recovery
The traditional acquisition approach requires disassembling the computer, removing and imaging all of its storage devices. However, all one really needs to start the attack on the password of an encrypted volume is a few kilobytes worth of encryption metadata. The metadata can be extracted significantly faster without removing the hard drives.
Elcomsoft System Recovery allows starting the investigation sooner by booting the computer from a portable flash drive with read-only access to computer’s storage devices. The tool automatically detects full disk encryption on all built-in and removable drives, and allows extracting encryption metadata that is required to brute-force the original password to encrypted disk volumes. Since crypto-containers, by design, are making attacks on the passwords extremely slow, we recommend executing a dictionary-based distributed attack with Elcomsoft Distributed Password Recovery.
In order to extract encryption metadata with Elcomsoft System Recovery, do the following.
Important: You will be able to perform a password attack if and only if the BitLocker volume is protected with a password. All other types of protectors (TPM, TPM+PIN, USB Key etc.) do not have a password to recover and are not supported. Attacking a BitLocker volume protected with a different type of protector would be a waste of time. Therefore, ESR will warn you if the partition you are about to extract is protected with a non-password type of protector:
Step 2: Attacking BitLocker password with Elcomsoft Distributed Password Recovery
In order to recover the BitLocker volume password, do the following.
While the three steps appear simple, running the default brute-force attack is one of the least effective ways to break BitLocker encryption. We strongly recommend configuring a smart attack based on patterns observed in the user’s existing passwords. Microsoft did an excellent work to protect BitLocker containers against brute-forcing the password. However, we have significant advances in password recovery attacks compared to what we had some ten years back. Brute-forcing a password today becomes significantly faster due to the use of GPU acceleration, distributed and cloud computing. Up to 10,000 computers and on-demand cloud instances can be used to attack a single password with Elcomsoft Distributed Password Recovery.
Brute force attacks became not just faster, but much smarter as well. The user’s existing passwords are an excellent starting point. These passwords can be pulled from the user’s Google Account, macOS, iOS or iCloud keychain, Microsoft Account, or simply extracted from the user’s computer. The user’s existing passwords give a hint at what character groups are likely used:
Elcomsoft Distributed Password Recovery offers a number of options to automatically try the most common variations of your password (such as the Password1, password1967 or pa$$w0rd):
Masks can be used to try passwords matching established common patterns:
Advanced techniques allow composing passwords with up to two dictionaries and scriptable rules:
Build high-performance clusters for breaking passwords faster. Elcomsoft Distributed Password Recovery offers zero-overhead scalability and supports GPU acceleration for faster recovery. Serving forensic experts and government agencies, data recovery services and corporations, Elcomsoft Distributed Password Recovery is here to break the most complex passwords and strong encryption keys within realistic timeframes.
Elcomsoft Distributed Password Recovery official web page & downloads »
Elcomsoft Forensic Disk Decryptor offers forensic specialists an easy way to obtain complete real-time access to information stored in popular crypto containers. Supporting desktop and portable versions of BitLocker, FileVault 2, PGP Disk, TrueCrypt and VeraCrypt protection, the tool can decrypt all files and folders stored in crypto containers or mount encrypted volumes as new drive letters for instant, real-time access.
Elcomsoft Forensic Disk Decryptor official web page & downloads »
Reset passwords to local Windows accounts and Microsoft Account and perform a wide range of administrative tasks. Assign administrative privileges to any user account, reset expired passwords or export password hashes for offline recovery, and create forensic disk images. Elcomsoft System Recovery is ready to boot thanks to the licensed Windows PE environment, allowing administrators to access locked computers.