- #Bitlocker recovery key dell full#
- #Bitlocker recovery key dell pro#
- #Bitlocker recovery key dell code#
The following images show the chip on the board and the pin-out from the data-sheet: The board I tested on has an Infineon SLB96350 chip, which is connected via LPC. We’ll start with the TPM1.2 device, and aim to replicate work. For SPI or I2C attacks, I’d start with a logic analyzer and go from there. I’ve added a link to the TPM client spec in the reading section at the end of this post. This blog post is looking at the LPC bus, specifically. Check the data sheet for your specific chip. The TPM hangs off the LPC, SPI or I2C bus. That’s why you can’t boot off an Ubuntu live image and just smash an unseal command at the TPM.
The general gist here is that the TPM wont unseal keys unless its in an expected boot state (the PCR registers have a specific set of values in them). If you’re not familiar with what a TPM does, Microsoft has some good docs on TPM fundamentals. This post wont be going into much detail on TPM fundamentals.
#Bitlocker recovery key dell code#
Any modifications to the bios or boot loader code should change the PCR values, and the TPM will not unseal the VMK.Īs the decryption happens automatically, if we can sniff the VMK as its being returned by the TPM then we can enter that information into any number of BitLocker libraries and decrypt the drive. The idea behind this is that if the laptop is stolen, and the attacker does not know your login password, they can not pull the drive and read the contents. This is due to the TPM only being used to decrypt the VMK.
When you enable BitLocker in its default configuration, no additional user interaction is required at boot. All of this exist so that if an attacker has physical access to the device, they can’t boot the laptop into a Linux live distro (or remove the drive) and access your data. One is the TPM, the other is the Recovery Key. For example, in the default configuration there are two protectors. The VMK is encrypted by multiple protectors. The FVEK is in turn encrypted with the Volume Master Key (VMK).
#Bitlocker recovery key dell full#
The data is encrypted using the Full Volume Encryption Key (FVEK). Windows uses BitLocker to encrypt drives.
Don’t want to be vulnerable to this? Enable additional pre-boot authentication. After sniffing, you can decrypt the drive. TLDR: You can sniff BitLocker keys in the default config, from either a TPM1.2 or TPM2.0 device, using a dirt cheap FPGA (~$40NZD) and now publicly available code, or with a sufficiently fancy logic analyzer. If you’re just interested in the practical attack, then I suggest skipping to the TPM2.0 section. Hector used an FPGA to sniff the bus for a TPM1.2 chip I wanted to see if I could achieve the same thing with a cheapie off-the-shelf logic analyzer and attempt the attack against a TPM2.0 chip. This project kicked off for me when Hector Martin ( mentioned they were able to sniff the BitLocker VMK straight off the LPC bus. From bus wiring through to volume decryption.
#Bitlocker recovery key dell pro#
This post demonstrates the attack against an HP laptop logic board using a TPM1.2 chip and a Surface Pro 3 using a TPM2.0 chip. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board. By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive.