Це відео не доступне.
Перепрошуємо.
How to: Crack Bitlocker encrypted drives
Вставка
- Опубліковано 14 сер 2024
- UPDATE: Because of the requirement of TPM 2.0 in Windows 11, this method no longer works. On older Windows 10 systems that are not using TPM it will still work as described.
NOTE: This is a very long process, and may not always be successful. There are people who crack hashes for money, I AM NOT ONE OF THEM. Do not contact me to crack "your" hash.
This is for educational purposes only and is only to be used on computers that you own or have permission to test.
In this video we go through the steps of creating a Bitlocker drive, imaging it, turning the image into a crackable hash and then cracking that hash with Hashcat.
FTK imager: marketing.acce...
Article I used: openwall.info/...
Intro: (0:00)
Bitlocker settings: (1:10)
FTK imager: (1:50)
Bitlocker2john: (4:27)
Hashcat (Crack the Hash): (7:20)
Password cracked: (8:40)
Outro: (9:27)
My setup:
CPU: amzn.to/35CsCsO
GPU: amzn.to/33uLB5E
Ram: amzn.to/2ZzNfBQ
SSD: amzn.to/32uDiHW
Motherboard: amzn.to/2RqgNgP
PSU: amzn.to/2Rq0SiD
Here is the command if you want to crack the recovery key: John --format=bitlocker-opencl -mask=?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d target_hash
Can you tell me which code to be replaced?
Target_hash
@@PentestsandTech Awesome video. How can I carry this out with hashcat? Target_hash only seems to exist as part of the John attack.
@@PentestsandTech Hi, can I know what is the code I need to replace for the "Target_hash"? Do you mean the Txt file name where I saved the hash?
Yes, the text file containing the hash
Best soft soft tutorial for beginners on UA-cam! I'm an absolute beginner and all the other tutorials I've found on UA-cam have been so
I agree
how many people here are like me where I lost the key and password...
Do you find any solution for this problem ?
😢
@bibizarafshan4723 do you find any solution for the problem
I'm here because windows decided to permanently encrypt my entire fucking ssd because I had the audacity to disable boot security in my bios. I never even activated the fucking thing and never set up a password
Hey! I deleted my comment before seeing your response, but I just had to press Enter and it showed the results! Currently running Hashcat, hopefully should be cracked soon. Great video, you got yourself a subscriber. Keep up the good work! ;)
This is a great video! Though as a preventative, what is the best thing (besides long complex password) that one can do to make cracking the bitlocker driver extremely difficult to almost impossible?
Hi, I have FTK imager downloaded, where do I find the other 2 that I need
Thanks
How on earth have I not seen this until now?!?!?! Thanks!
You’re welcome, just so you know, it dosen’t work on windows 11 anymore
I don't get it. If you have logged onto the pc, then you have access to the drive, and can manage bitlocker. It would be more useful to see how you would access a drive that you dont have access to the Windows credentials.
so I'm stuck right in the beginning basically, when i run that first command from the jumbo john "run" folder i get "Unknown option: "-i"" so out of curiosity I've tried running it without that option not expecting much so these following errors might not mean much " detected hash type "HMAC-SHA256", but the string is also recognized as "HMAC-SHA512"
Use the "--format=HMAC-SHA512" option to force loading these as that type instead
oracle: Input file is not UTF-8. Please use --input-enc to specify a codepage.
Error: UTF-16 BOM seen in input file."
I've used the suggested parameters here too and received this output:
Invalid encoding. Supported encodings:
ASCII (or RAW), UTF-8, ISO-8859-1 (or Latin1 or ANSI),
ISO-8859-2, ISO-8859-7, ISO-8859-15, KOI8-R,
CP437, CP720, CP737, CP850, CP852, CP858, CP866, CP868,
CP1250, CP1251, CP1252, CP1253, CP1254, CP1255, CP1256
I've had a rapid influx of people coming into my tech repair store because the Windows 22H2 update has been bricking systems left and right and unfortunately many of these people don't even know what bitlocker is, why it was enabled, and don't have their key. I'm hoping this method might be a solution for these people.
Thank you for this video. This seems to be the only method I could get to work (I originally had trouble just making the image of the drive).
I created disk image using external hard disk.when using code commend it shows invalid version.is it necessary to create image with TPM chip and possible to extract the image using another system with TPM Chip
For the bitlocker2john how long does it take? I have a 500gb HDD if that helps.
Hey, I have a big problem - the thing is that I saved the key on an encrypted disk - I only saved it there and I do not have access to it, unfortunately I do not remember the password, is there any possibility to crack the password, recover the key or, for example, recover files from of an encrypted disk, and then clean it and upload a new system to have access to this disk?
You showed how to crack it with a dictionary "wordlist" passwords. What about a recovery key? there is no wordlist for it so how is it done?
Brute force, try 10^48 combination of recovery keys
Hi i m badly facing the problem of forget pwd and recovery key of my ext hd, plz guide me in simple words how can i get my data recovered plz
I had two partitions on my bitlockered 1TB drive. jumbo-john stops always at "VMK entry found at 0xede90f8a90" after around 24 hours of work. How, in that case, find the hashes of only one partition instead of a whole disk? Any suggestions? How to make a bit-to-bit image of chosen partition only?
Why would I save my 'unencrypted' recovery key to a MS cloud account?
The majority of people don’t worry about their bitlocker recovery key being subpoenaed by law enforcement. Also someone would need to hack your Microsoft account, bypass your MFA, and then also gain physical access to your computer. Which i think would be very likely.
Mostly for people who just want a little extra physical security, but also have data that they cannot afford to lose if they forget their encryption key. Also if your recovery key gets stolen, you can always change it, and there is nothing an attacker can do remotely with your recovery key.
Hey I needed this today... and you uploaded it today. Hello =D
I'm glad I could help!
hey , i m in a trouble , due to hadware change of my system my hardisk has been encrypted . and its 48 digit recovery key is not saved in my microsoft account . will i get accsses to those data , through this method ?
If you found any solution for it, kindly share. Thanking you in advance
Hey manthaks for helpfu video. MY lenovo thinkpad has 240gb ssd windows 8.1 pro installed. My account is locked out; I don't have admin password. My ssd is bitlocker-locked out with lots of my data on it. I have windows logon screen without admin/user password. I don't have any recovery key or password. my account is locked out. I spent 3-days; went through all steps as you explained; my disk image is ready; I extracted hash keys with jumbojohn; ran hashcat with dictionary attack; nogo, it says exhausted and does not recovered any password. JmboJohn hashed the keys: and it says Bitlocker with TPM. I need to crack 48-numbers Recover-Key., which is only possible applying "BruteForce" full random. However I don't know how to compose command for brute force using "jumbojohn" or hashcat. please help...
Note: -openCL option is not working on my pc, because I have nvidia GT 710 graphics card, which i did driver tweak but it crashed saying ran out of resources
If your Lenovo has a TPM chip, then this method will not work. I'm sorry for the inconvenience.
quick question, since this is specific to bitlocker can i still use these tools for other types of brute forcing? I got a computer in an estate auction, and strangely there was also a disk labeled "merlin encrypted HD". i can't seem to find much specific to merlin and encryption other than 'merlincryption' but not sure if that's relevant? it mentions an m70 which is a dell laptop, does dell have proprietary encryption?
I was tempted to answer, so here I am. Yes, Dell does have proprietary encryption
I'm sitting here struggling to get bitlocker removed😂
I always got error notification receive like this (error recovering disk G: A Recovery key was not found on this drive) any one can give me any soloution ???
Greeting, I have WD my passport portable drive bitlocker and I do not have the password or they backup key. so my question is it possible to access the drive and backup all files saved on it ?
please let me know I appreciated your quick replay
Did you find any solution?
IT WORKED!!! THANK YOU SO MUCH!!!!
I encrypted my 250g drive from my Dell laptop and for some reason the drive got locked after an update and the Bitlocker key ID has changed, making my backed-up key obsolete.
I know the password which is composed of 12 characters (1 capital letter + 8 lower case letters + 1 special character + 2 numbers)
Whats the best method to retrieve the key and not the password?
Thanks for the video.
@Leon Wallace I have a similar problem (bitlocker screen after update) but I never used bitlocker on the computer. Any success on your part? have you succeeded in recovering your data?
Hi I have the same problem, did you ever find a solution?
@@alexhall2514 unfortunately no
I tried a bunch of different solutions and ultimately the ssd got corrupted so I had it replaced
Can you give some stats on end-to-end cracking time? Ie. against recovery keys, since they are fixed in size and complexity. Which means cracking time of a fixed volume size should be relatively constant.
Is it possible to use a similar method to decrypt files encrypted with ransomware?
yes and no. an example: ua-cam.com/video/Sv8yu12y5zM/v-deo.html
How do I do a recovery password fast attack with john?
Because I have a drive that is locked
What can I do with numerical password ID and external key id ?
Doesn't work for me.
USB 3.0 to Physical SATA Drive and FTK Fails almost immediately, changed output to a new NVMe and got stuck at 1%. Not going to bother trying again. Will just use DD.
While trying to install FTK imager, I'm getting a Processor not supported error - is it because I'm on a 32 bit system??
If so from where can I get the 32 bit one??
Sorry man, they don’t make a 32 bit version. 32 bit is being phased out because 32 bit processors are not being made anymore. I’m guessing you have a 64 bit processor but your windows install is probably 32 bit. Consider reinstalling windows and making sure you select 64 bit.
If I encrypted my personal USB on a work computer and don't have that original device anymore that encrypted - does this work?
I tried all the steps did get work out. I have 64GB sd pulled from lumia 950 when testing arm on windows, the phone suddently when dead. i found this video and tried all steps, the bitlokerjohn end up empty, no password, also tried different pirated data recovery, tried to open the image file, still get nothing. what do to?
If the all drives are encrypted and don't know any decrypt key what I can do ? (Only hope is cmd with X: drive in the blu screen.)
having same problem 2 years later
so no matter how strong the password is, it can be broken by the recovery key
right?
Yes, the recovery key and password are independent.
Please help me....
The bitlocker encryption on this Drive isn't compatible with your version of Windows, try opening the drive using a never version of Windows.
my HDD is lock by bitlocker for some reason the drive got locked after an update and the Bitlocker key ID has changed,
Also getting: Hashfile "file.txt" on line 1 Salt-value exception No hashes loaded.
Did you name your hash file “file.txt”
@@PentestsandTech I did, I fixed it somehow, but I can't remember how since it was 3 weeks ago. I just did a bit of googling.Needless to say I didn't crack the password 😅
how u get 6gb from 8gb of ur video memory? i have 3070
I got to 7:56 and it gets stuck at "Initializing backend runtime for device #1..." I left it alone for half an hour and still nothing. Any suggestions as to why that's happening?
Hi.. when I ran the Jumbo John, i got the following error. Does that mean it didn't generate any hash for the Bitlocker drive?
Error while extracting data: No signature found!
HI, my hdd was locked by bitlocker when after re-install windows. However, i don't have the recovery key and no record in my hotmail account. is it can unlock my hdd & save the data?
When I plug a bitlockered drive into my computer externally to read it, it only asks for a 48 digit key, not a password. Will this guide still work in my case?
Cracking the key is not easy, much harder than the password
@@PentestsandTech but how to do? any help thanks
Hi there, I actually have the recovery key, but when i enter the Bitlocker-Key it opens the lock but I still cannot access the drive! I get the Message: I need to format the drive before using it; file location is not available ! any Idea?
thank you in advance
ftk is not install. why? my problem is that i know my bitlocker password but unfortunately i have window 10 to 8.1. now my encrypted drive is not open by saying wrong password. what i do help me??
Hi, i have a very big problem and i was not my fault.
HP ProBook 450 G5 with 2 drives i just reinstalled windows 11 fresh to M2 drive after formating everything but never touched SATA drive with all the data inside almost 950gb of data.
I also did load factory default settings in bios and now i have the SATA drive with bitlocker encryption and of course don't know the password.
Can you help me please, i need to recover my data please
do we really need the full image to be stored somewhere? because my bitlockered drive is 4tb and my other drive is only 1tb will it still be possible to use this method?
To increase performance (lower times), what hardware would be best? A video card? If so, what brands/models do best?
Nvidia graphics card, as high end as your budget can go
Doesnt work for me. at Bitlocker2John it shows "Error: VMK not encrypted with AES-CCM (0x93,0xa0)" Anyone can help?
Thanx for the video, good stuff! When I run the command to crack the recovery key I get the error "No OpenCL devices found". My target_hash file has the $bitlocker$2 and $bitlocker$3 hashes listed. What could be the cause of the error?
and if my result on john is: VMK encrypted with TPM...not supported! (0x71bbf928)
There's an alternative method or game over for my HD?
I know this is 2 years old. But What do I do if john keeps saying No opencl devices found? I'm trying to crack a recovery key since thats all I am getting
Hello I’m currently facing the problem with encrypted hard drive with VeraCrypt I encrypted it last year and write Down on a paper the password now when I’m trying to access the Bullshit VeraCrypt keep giving me the same error code any help or suggestions please. I really have important information on the disk .. Please help guys
How do I defend my bitlocker-encrypted external hard disk against this attack??
If I understand him right. The recovery key is easier to hack in brute force scenarios. Am I right?
Hm m8 i dont know why is it even possible to crack...i mean AES 256 is not hacked yet but ifyo can hack bitlocker it makes no sense to encrypt anything.
i have a vhd which was created and encrypted in windows 7 but after i upgrade to windows10/11 bitlocker doesnt recognize the drive and mount directly but files are still encrypted cant be opened. Any way i can recover my files?
I haven’t heard of this problem, i would try to make a windows 7 VM and decrypt the files.
My all drives are encrypted by bit locked and my laptop was update Windows 10 to 11 and I never used bitlocker. Three days back when ai turned on my computer and it shown a blue screen with bitlocker recovery key bar to open... I have reinstalled the Windows on C and now other 3 drives are locked and they important data on them... How I have open the drives?
Check and see if your Microsoft account have a back up of the recovery key , as most people didn’t save it locally
just want to share my terrible experience. I had my maxtor 1T send to netherlands to recover data which only have 2 years life time then sudden death. Journey took 2 months. Yesterday i get my recovered data stored in a 2T seagate expansion+ but encrypted by bitlocker. the decryption process is hell long only 52% stuck, then i pause and shut down, next day it is unreadable and no way to format it. So bad seagate quality!
Is the microsoft bit locker kill the 2T seagate expension+ or it is a defective product manufactured in china 2020?
I can't see how to install or download Jumbo John...you mention that was covered earlier, but I can't see anything here. Thanks.
Hello
Thank for this video.
At the end, I don't understand that you said (i'm french) : More the disc image is bigger, fast the crack is ?
The bigger the disk, the longer it takes to extract the hash. The bigger the password, the longer it takes to crack.
@@PentestsandTech Tank you !
Sorry, I don't totally get how to crack the recovery key per se...I understand the mask part, but where to place the command during the hashcat part? or will it be a file with different recovery keys that will do the same trick as if it was a dictionary?
The mask is put in place of the file
Hi Ad,If I delete old windows and reinstall new windows, can I still open bitlocker on drive D?
As long as you know the password it should be fine
Please does soft soft need a driver for midi controller? Coz it's not reading my midi controller, m-content oxygen49, thanks if it need please
i have formatted my pc and trying to enter the password but showing it wrong why ???
i used to open it everyday with the password
Hey plis can help me to unlock my external drive what have mys archives whit bitlocker my pc die so I don’t have the key
HI, Have a ASUS tablet with soldered HD so cant connect to other computer to erase drive. All boot USB attempts keep triggering Bitlocker. So i want to erase drive and install Win 8 but how can i do this? Can i use command prompt in recovery blue screen F8 area or will i still need key. As you explained, will erasing drive totally still leave Key with TPM and still lock me out?
You’re gonna need to get usb boot to work, in the bios you should be able to set usb to boot before windows. Either use a Linux usb or the windows installer usb. Both will let you wipe the hard drive.
I have a client that had lightning hit their house. Computer fried. Drive seems to have survived because it pops up asking for the bitlocker password when I try to access. Big surprise, client has no idea what that is... and it is not in their Microsoft account. So here's my question: From my research, it's my understanding that this sort of password recovery is dependent upon the bitlockered drive being created on the same computer you are doing the recovery on. Meaning, removing a bitlockered drive from a dead computer, installing it in my computer, and then running these types of methods won't work because you're pulling the password from information in the working computer right? Thoughts?
Im following the thing but it keeps saying run is an unrecognized command pls help I have 4 brain cells and cant do this
What command are you running
@@PentestsandTech windows 10 command prompt
@@creepertntboom122 what command are you running inside command prompt?
I have an external hdd that automatically encrypted when I plugged it into my dell xps (this is a known problem with the xps). Somehow Dell installed bitlocker on windows 10 home which means I couldn't really do anything in the program because it doesn't run on windows 10. Absolute nightmare. Anyways, I never set a password for the drive because I didn't even know it was encrypted until half a year later. Would it be better to try and find the recovery key or the password (I'm not sure a password even exists though since I never set one)?
The best option would be to try to contact dell, they probably have some idea of what to do. Cracking a password you don’t know exists, and or cracking a 48 digit key are both very difficult to do.
I tried and they basically denied they put bitlocker on my PC and said they had no idea how it happened + told me to contact microsoft or format the drive...Microsoft told me to find the recovery key which if I were able to do, I wouldn't have called tech support in the first place!
Thanks for the help nonetheless
Hey! Any working solution on this?
My gf’s XPS also did the same, but worse because this happens in internal ssd - meaning it also locks her out from Windows. As you mentioned, the key cant be found anywhere and I have tried solutions I found online, such as playing with secure boot, TPM in BIOS setting and downgrade the bios version, but none working.
Thanks!
@@darrenlukas I found my key stored in my Azure account for my school email. I had to contact my school's IT team and have them look for saved bitlocker keys in the company Azure Active Directory. If she had any outlook account logged in on her computer, try contacting IT for whoever manages it
@@gay4milfs thanks!! Unfortunately she has already graduated, so she can’t login to her student mail. However, I’ll let her know so she could try contacting uni IT helpdesk.
Hashfile 'bitlocker.txt' on line 1 ($bitlo...b4234dc33fc6fe2432e46f6839b1c467): Salt-value exception
No hashes loaded. how can i resolve this
Buenos dias, me sale este error despues de realizar todo lo del video que puede ser?
Hashfile 'bitlocker.txt' on line 1 ($bitlo...bd804a5ba7c99d89685dae7cbe4cfbe2): Salt-value exception
No hashes loaded.
both the GMS and softEX setup is very different from the one ur using.. why is it so.? GMS doesn't even soft like a app one... and the
Thanks for you video but i'm not sure to understand all steps. I have some keys on John but i don't think that's the good one... I have a RP MAC / RP VMK / RP NONCE only.
Does it mean i have to wait more ? It's a M2 from a Surface Pro 4, my customer doesn't know the password and he think he never set a password... His tablet is out and i just have to unlock the M2 for put it on a external box.
I'm scared because i think it doesn't have any password but only a recovery key :/
Can you help me please? I try to put the RP VMK hash on the txt but i have a "No hashes loaded" on Hashcat.
Thank you :)
"rockyou.txt" file what do I put in it, where can I get a password list... I know most of the password just not the combination of numbers and possibly 1 special character
I can't enter anything, just receive the blue screen. Probably by windows update ystem fails, can't even remove the update
I’m not sure what to do for that, maybe take it in to a repair shop, or wipe it and reinstall windows
Is it possibile to crack the 48 digits that you enter before booting the system?
I am struggling for bit lockering to my own storage SSD which was been bitlocking on set-up to my laptop
Before this situaion I am not using bitlocker to my SSD
I hope if i can get your hacking on bitlock ASAP
Can yu give me your will?
I am eagerly
hey , i just locked my drive with windows bitlocker and now i want to unlock it but i dont have password and recovery key .Please can you provide any solution
That’s what the video is about...
Pentests and Tech So I have a question to ask you, isn’t this a brute force attack? It’s basically trying all the passwords right? Also I know that the recovery key or password is stored on the bit locker drive. What if that file is deleted before you forget the password or recovery key? Can you recover the hash from the drive at all? Let’s assume that the people that enabled bit locker on the drive delete the possibility of the recovery files such as passwords or recovery keys and even maybe they did something to delete the hash? Is it still possible? Thank you
Yes a mask attack is a type of brute force attack, and no they cannot delete the hash because it is required to unlock the drive normally. This is different for TPM enabled bitlocker though.
Amazing tutorial
Could it be that this doesn't work if the image was encrypted by the TPM?
Is this if the whole drive is BitLocker encrypted? If I have an encrypted partition would I need to separate the encrypted partition to it's own image file and then run it? When running it on the physical disk image it failed saying no HASHES were found. THANKS! and Subscribed!
Disregard- I imaged out the encrypted partition and it appeared to fix the issue. Great video. I appreciate it.
Glad you got it figured out!
How much time it will take for 300gb disk with 80 gb of data?
TNice tutorialS IS WHAT I NEEDED BRO, thank you for taking the ti and doing tNice tutorials for most of that are starting with tNice tutorials beautiful tNice tutorialng called
hi can someone tell me that with this video can i open locked drive with out recovery key and password? i forgoted my password so can i open drive with it?
So is it better to get a USB like the Kingston datatraveler 2000 that has hardware encryption with a keypad on is it possible to crack those
Those are much more secure
why I took a long time when 'creating image' it's been 3 hours, and the progress is just like 1% 😭
Either you have a really slow hard drive, its in the process of failing or FTK needs to be restarted.
when I created disk image.. it created multipart files.. how to run bitlocker jhon on those files
You have to change the setting to create one file instead of multiple files
like What are the basics you need to learn to produce a , or setup it. Also I need to learn how to add soft notes to a .
Thank you for the video. Please, I need your help. I have my external hard drive encrypted using bitlocker. The laptop I used to encrypt the external is no longer available. I have tried to decrypt the external drive with passwords I can remember using another laptop but it doesn't work and the recovery key is even in the external drive which is about 1TB.
I saw you that you you have an image of your drive. In my case I don't have an image of my external drive. Do I need to make an image of the external or I don't need to.
Please, can you drop your email to enage more.
Does this work against BitLocker TPM+pin? This video only appeared to use a password.
It will not work with TPM at all
@@PentestsandTech What to do then? :/
I need to know, it's not my disk and it randomly locked on Dell laptop in my hands... I'm in trouble and confused.
I encrypted a divce with bitlocker but the encyption failed and now I cannot get access to my device, the password doesn't work and the key recovery doesn't work either, so what can I do to recover my data? I tried M3 bitlocker recovery but it did not work... please help
You get the device you stole to his owner, you scumbag 😂
is this step possible if i format boot drive and the one im trying to unlock is the other drive (different hard drive).
Yes
Help ME this error in USB BitLocker Drive Encryption failed to recover from an abruptly terminated Conversion. This
Could be due to either all conversion logs being corrupted or the media being write-protected.
I'm not sure how to fix that, sorry
can a sd card that was encrypted with “bit locker to go” be bypassed as well? Can i use this same method on the sd card?
Haven’t tried it, but i think the to go version can also be cracked with this method.
ive been trying to crack my old 2tb harddrive so far its been scanning over the VMKs for 20 hours.
Large drives can take a longggggg time, just let it keep going and it will eventually finish.
@@PentestsandTech Hi I've been scanning the VMKs for a long time and it dosn't seem like its going any further. HDD is still flashing though. Will I have to restart ?
It does take a long time, I’d let it run for a while longer. How large is your hard drive?
Can you explain about file "rock you"? I don´t understand how I create this file. What content will this file contain?
It’s a wordlist of possible passwords, if you google rock you it’ll come up
i was preparing to crack my friends Disk... luckily he found his Key last minute
Pls clarify my doubt sir does it have tabla soft????? Pls tell sir
Hey sorry for bother but I can't use dictionary since my password had special characters, is there any way to configure and download a dictionary with a maximum of 14 characters alphanumeric and with special characters? Sorry I literally have no idea how to code but I'm guessing this would be a lot faster than using the recovery password method
You would need to make your own, or just brute force it.