← Back to context

Comment by cookiengineer

9 hours ago

> no, to access a bitlocker volume which automatically decrypts

> thats an LPE, not an encryption backdoor

No. RedSun and Bluehammer were LPEs

> the USB stick doesnt decrypt bitlocker, it just gives you root after bitlocker was AUTOMATICALLY decrypted

No, that's not what the bypass does. Maybe go try it out and verify it before you come to your quickly made conclusions?

It's not tied to "automatically decrypted" volumes, whatever that would imply for your setup requiring a pretty pointless TPM keystore for that.

If your case were true, it would also imply that any bitlocker cryptography never really worked because it was automatically decryptable without the need for a password/hash/whatever to get your keys from the keystore, which actually makes it so much worse. Even worse than the previously known coldboot attacks.

4 comments

cookiengineer

Reply
aiscoming  9 hours ago

its pretty obvious you have no idea how bitlocker works, and its various modes - TPM only, TPM+PIN, PIN only

  • cookiengineer  8 hours ago

    > its pretty obvious you have no idea how bitlocker works, and its various modes - TPM only, TPM+PIN, PIN only

    How could anybody besides a Microsoft employee, given the appearance of this bypass technique?

    • mananaysiempre  5 hours ago

      Linux can decrypt BitLocker-encrypted drives. The cryptography is known and solid. The issue is that, as 'aiscoming says, its surroundings in Windows make the quality of the cryptography irrelevant.

      In the default BitLocker configuration, Windows puts all the key material in the TPM, locked behind the usual trusted-boot stuff: known-good BIOS hashes the bootloader and tells the TPM, bootloader hashes the kernel and tells the TPM, kernel hashes the initial process and tells the TPM, (I’m not sure how far it goes in this specific application,) and at the end of it the TPM won’t release the keys unless the entire chain was correct. This process does (modulo TPM flaws) ensure the disk will only be decryptable when in the original computer running the original OS. It does not ensure that the original OS will not subsequently give a root shell to anyone who walks up to the keyboard and types in a cheat code, and that’s essentially what’s happening here.

      Celebrite et al. take a similar approach: after your Android phone boots and you first enter your PIN (which, unlike with BitLocker defaults, is required to unlock the TPM, thus the distinguished status of “before first unlock” aka BFU vs “after first unlock” aka AFU), the key material is already in RAM and breaking dm-crypt is not necessary; all that’s needed is find a USB stack vulnerability or a Bluetooth stack vulnerability or whatnot that can be leveraged into a root shell.

      1 reply →