{"id": "KITPLOIT:2008041285543762824", "bulletinFamily": "tools", "title": "BitCracker - BitLocker Password Cracking Tool (Windows Encryption Tool)", "description": "[  ](<https://2.bp.blogspot.com/-858TKLclqqs/Wch0FrbGz6I/AAAAAAAAI-A/Jl2ImBZRDL0OmD-4zFyGQuhvNkw-QFbHgCLcBGAs/s1600/BitLocker.png>)\n\n \nBitLocker is a full-disk encryption feature available in recent [ Windows ](<https://www.kitploit.com/search/label/Windows>) versions (Vista, 7, 8.1 and 10) Pro and Enterprise. BitCracker is a mono-GPU password [ cracking ](<https://www.kitploit.com/search/label/Cracking>) tool for memory units encrypted with the password authentication mode of BitLocker (see picture below). \n \n\n\n[  ](<https://3.bp.blogspot.com/-hBZjhXDhxok/Wch0WkUuXXI/AAAAAAAAI-E/agiQjixNsq0uIUNXo7OSnIRqK5qbwpaUwCLcBGAs/s1600/BitLocker_.png>)\n\n \n \nOur attack has been tested on several memory units encrypted with BitLocker running on [ Windows ](<https://www.kitploit.com/search/label/Windows>) 7, Window 8.1 and Windows 10 (both compatible and non-compatible mode). Here we present two implementations: CUDA and OpenCL. \n \n \n** Requirements ** \nFor CUDA implementation, you need at least CUDA 7.5 and an NVIDIA GPU with minimum cc3.5 (i.e. Kepler arch) \n \n** How To ** \nUse the build.sh script to build 3 executables: \n\n\n * hash extractor \n * BitCracker CUDA version \n * BitCracker OpenCL version \nThe executables are stored in the build directory. \nBefore starting the attack, you need to run bitcracker_hash to extract the hash from the encrypted memory unit. \n\n \n \n > ./build/bitcracker_hash -h\n \n Usage: ./build/bitcracker_hash -i <Encrypted memory unit> -o <output file>\n \n Options:\n \n -h, --help Show this help\n -i, --image Path of memory unit encrypted with BitLocker\n -o, --outfile Output file\n\nThe extracted hash is fully compatible with the John The Ripper format (see next Section). \nThen you can use the output hash file to run the BitCracker attack. \n\n \n \n > ./build/bitcracker_cuda -h\n \n Usage: ./build/bitcracker_cuda -f <hash_file> -d <dictionary_file>\n \n Options:\n \n -h, --help Show this help\n -f, --hashfile Path to your input hash file (HashExtractor output)\n -s, --strict Strict check (use only in case of false positives)\n -d, --dictionary Path to dictionary or alphabet file\n -g, --gpu GPU device number\n -t, --passthread Set the number of password per thread threads\n -b, --blocks Set the number of blocks\n\nNote: In case of false positives you can use the -s option, that is a more restrictive check on the correctness of the final result. Altough this check is empirically verified and it works with the images of this repo encrypted with Windows 7, 8.1 and 10, we can't guarantee that it doesn't lead to false negatives. Use -s option only if BitCracker returns several false positives. \nIn the the run_test.sh script there are several attack examples using the encrypted images provided in this repo: \n\n\n * imgWin7: memory unit encrypted with BitLocker using Windows 7 Enteprise edition OS \n * imgWin8: memory unit encrypted with BitLocker using Windows 8 Enteprise edition OS \n * imgWin10Compatible.vhd: memory unit encrypted with BitLocker (compatible mode) using Windows 10 Enteprise edition OS, \n * imgWin10NonCompatible.vhd: memory unit encrypted with BitLocker (NON compatible mode) using Windows 10 Enteprise edition OS, \n * imgWin10CompatibleLong27.vhd: memory unit encrypted with BitLocker (compatible mode) using Windows 10 Enteprise edition OS using the longest possible password (27 characters) \nCurrently, BitCracker is able to evaluate passwords having length between 8 (minimum password length) and 27 characters (implementation reasons). \nBitCracker doesn't provide any mask attack, cache mechanism or smart dictionary creation; therefore you need to provide your own input dictionary. \n \n** Performance ** \nHere we report best performance of BitCracker implementations tested on different GPUs \nGPU Acronim | GPU | Arch | CC | # SM | Clock | CUDA \n---|---|---|---|---|---|--- \nGFT | GeForce Titan | Kepler | 3.5 | 14 | 835 | 7.0 \nGTK80 | Tesla K80 | Kepler | 3.5 | 13 | 875 | 7.5 \nGFTX | GeForce Titan X | Maxwell | 5.2 | 24 | 1001 | 7.5 \nGTP100 | Telsa P100 | Pascal | 6.1 | 56 | 1328 | 8.0 \nAMDM | Radedon Malta | \\- | \\- | \\- | \\- | \\- \nPerformance: \nVersion | GPU | -t | -b | Passwords x kernel | Passwords/sec | Hash/sec \n---|---|---|---|---|---|--- \nCUDA | GFT | 8 | 13 | 106.496 | 303 | 635 MH/s \nCUDA | GTK80 | 8 | 14 | 114.688 | 370 | 775 MH/s \nCUDA | GFTX | 8 | 24 | 106.608 | 933 | 1.957 MH/s \nCUDA | GTP100 | 8 | 56 | 458.752 | 1.363 | 2.858 MH/s \nOpenCL | AMDM | 32 | 64 | 524.288 | 241 | 505 MH/s \nOpenCL | GFTX | 8 | 24 | 196.608 | 884 | 1.853 MH/s \n \n** John The Ripper ** \nWe released the OpenCL version as a plugin of the John The Ripper (bleeding jumbo) suite: \n\n\n * Wiki page: [ http://openwall.info/wiki/john/OpenCL-BitLocker ](<http://openwall.info/wiki/john/OpenCL-BitLocker>)\n * JtR source code: [ https://github.com/magnumripper/JohnTheRipper ](<https://github.com/magnumripper/JohnTheRipper>)\n \n** Next Release ** \nIn the next relese: \n\n\n * The maximum password lenght will be dynamic \n * Improve strict check with optional MAC verification to avoid any false positive \n \n\n\n** [ Download BitCracker ](<https://github.com/e-ago/bitcracker>) **\n", "published": "2017-10-01T14:35:05", "modified": "2017-10-01T14:35:05", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.kitploit.com/2017/10/bitcracker-bitlocker-password-cracking.html", "reporter": "KitPloit", "references": ["https://github.com/e-ago/bitcracker", "https://github.com/magnumripper/JohnTheRipper"], "cvelist": [], "type": "kitploit", "lastseen": "2020-12-08T05:23:29", "edition": 27, "viewCount": 121, "enchantments": {"dependencies": {"references": [], "modified": "2020-12-08T05:23:29", "rev": 2}, "score": {"value": -0.0, "vector": "NONE", "modified": "2020-12-08T05:23:29", "rev": 2}, "vulnersScore": -0.0}, "toolHref": "https://github.com/e-ago/bitcracker", "scheme": null}

{}