Introduction
BitLocker is a full-disk encryption feature available in recent Windows versions (Vista, 7, 8.1 and 10) Pro and Enterprise. BitCracker is a mono-GPU password cracking tool for memory units encrypted with the password authentication mode of BitLocker.
Our attack has been tested on several memory units encrypted with BitLocker running on Windows 7, Window 8.1 and Windows 10 (both compatible and non-compatible mode). Here we present two implementations: CUDA and OpenCL.
Requirements:
For CUDA implementation, you need at least CUDA 7.5 and an NVIDIA GPU with minimum cc3.5 (i.e. Kepler arch)
How To
Use the build.sh script to build 3 executables:
+ hash extractor
+ BitCracker CUDA version
+ BitCracker OpenCL version
The executables are stored in the build directory.
bitcracker
Before starting the attack, you need to run bitcracker_hash to extract the hash from the encrypted memory unit.
In the the run_test.sh script there are several attack examples using the encrypted images provided in this repo:
+ imgWin7: memory unit encrypted with BitLocker using Windows 7 Enteprise edition OS
+ imgWin8: memory unit encrypted with BitLocker using Windows 8 Enteprise edition OS
+ imgWin10Compatible.vhd: memory unit encrypted with BitLocker (compatible mode) using Windows 10 Enteprise edition OS,
+ imgWin10NonCompatible.vhd: memory unit encrypted with BitLocker (NON compatible mode) using Windows 10 Enteprise edition OS,
+ imgWin10CompatibleLong27.vhd: memory unit encrypted with BitLocker (compatible mode) using Windows 10 Enteprise edition OS using the longest possible password (27 characters)
Currently, BitCracker is able to evaluate passwords having length between 8 (minimum password length) and 27 characters (implementation reasons).
BitCracker doesn’t provide any mask attack, cache mechanism or smart dictionary creation; therefore you need to provide your own input dictionary.
Usage:
git clone https://github.com/e-ago/bitcracker && cd bitcracker ./build.sh ./run_tests.sh
Source: https://github.com/e-ago