bitcracker VMK not encrypted with AES-CCM

Hello,

I am trying to find the hash for a disk volume I made, it says however,

`Signature found at 0x00000003 Version: 8 Invalid version, looking for a signature with valid version...

Signature found at 0x16dad000 Version: 1 (Windows Vista)

VMK entry found at 0x16dad177 VMK encrypted with Recovery Password found at 0x16dad198 Searching AES-CCM from 0x16dad198 Salt: 5b2eb594d822bcd2e20cf10a0e1da4c5 Error: VMK not encrypted with AES-CCM (0,8) Searching AES-CCM from 0x16dad198 Salt: 05000100008b543179bccb0129000000 Error: VMK not encrypted with AES-CCM (74,ffffff90) `

It has hung for the moment, I will wait for anything else to happen.

Is there any way to still retrieve the hash for the disk?

Apr 10 '18 16:04 hammi1

Is the windows vista info correct ? Which authentication method did you chose to encrypt your device? What's the size of your image?

Apr 10 '18 17:04 e-ago

The windows vista bit IS correct, and it finished with

`Error while extracting data: No signature found!

Error while parsing input device image`

The size of the image is 130GB. I dd'ed it from the partition into an IMG file (4096 block size).

Im not sure of the auth method, because I bitlocked this many years ago, but I remember that it had a TPM key with it, so that the password by itself cant unlock it, only the recovery key can.

Apr 10 '18 17:04 hammi1

I'm not sure if this helps or not, but using bdeinfo on the img file shows that it was encrypted using AES-CBC 128-bit with Diffuser.

Im thinking that this may be different to AES-CCM

Apr 10 '18 18:04 hammi1

Probably metadata in your encrypted image are organized in a different way wrt tests I've done until now. May I ask you to send to me the first 256Kb of your image?

Apr 16 '18 17:04 e-ago

Sure, I can do that. I'm a bit unsure of how to copy that though, people are saying I can use dd, or dd and truncate, and some other potential solutions. I don't have enough space for a second image so can I dd only a portion of it?

Apr 17 '18 19:04 hammi1

I have potentially found a way to do it. I used cat command and piped through to head, with

cat image.img | head -c 32000

Since you specified 256Kb, in kilobits, that is 32 kilobytes.

Furthermore, how should I attach this? Should I just attach this as a file to the issue?

Apr 17 '18 22:04 hammi1

I'm sorry, I meant 256 KB. Yes you can attach the file here

Apr 18 '18 13:04 e-ago

I have redone the command with "head -c 256000" instead, and attached the file image.txt .

Github only supports certain files, so I have chosen txt, but obviously as you know, its not a text format, its simply the first 256KB of the bitlocked image

Apr 18 '18 15:04 hammi1

I edited this comment, thus I'm tagging you @hammi1

Looking at the output, in this first signature there are some interesting info about the encryption of your device. Unfortunately there aren't all the info needed by BitCracker to perform the attack, thus you should send to me also the 256 KB starting some byte before address 0x16dad00.

You can try with something like: dd skip=23964908 count=262144 bs=1

would copy from byte 23964908 ( i.e. 0x16DACEC ) to byte 24227052 from its input to its output, and discard the rest (source https://stackoverflow.com/questions/218912/linux-command-like-cat-to-read-a-specified-quantity-of-characters )

Apr 18 '18 15:04 e-ago

Hi, sorry for the delay in replying. I didn't notice there was an update until today.

I have attached the image.txt file again, retrieved from the command you put out (amending if=bitlock.img of=image.txt )

Thanks again for looking into this.

image.txt

Apr 28 '18 14:04 hammi1

@hammi1 unfortunately the -FVE-FS- signature is not present in the file you sent. Could you open your image with an hex editor (i.e. hex fiend) and find the -FVE-FS- around offset 0x16dad000? I need that part of the encrypted image

May 31 '18 18:05 e-ago

Hi @e-ago , I'm having the same issue as described above, while doing a build review on a laptop with what also seems to be a TPM encrypted partition. It's running Windows 7 Enterprise N. I can send whatever data you need, just send me the dd command you require. Here's the output I have so far:

# ./bitcracker_hash -i /dev/sda2 

---------> BitCracker Hash Extractor <---------
Opening file /dev/sda2

Signature found at 0x00000003
Version: 8 
Invalid version, looking for a signature with valid version...

Signature found at 0x22fd2f000
Version: 2 (Windows 7 or later)

VMK entry found at 0x22fd2f123
VMK encrypted with Recovery Password found at 0x22fd2f144
Searching AES-CCM from 0x22fd2f144
Salt: 5c3394362de000247d3c4d6b27803507
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x22fd2f144
Salt: 05000100e0d1e593b7e7d30103000000
Error: VMK not encrypted with AES-CCM (ffffff93,ffffffe0)

Signature found at 0x22fd3f000
Version: 2 (Windows 7 or later)

VMK entry found at 0x22fd3f123
VMK encrypted with Recovery Password found at 0x22fd3f144
Searching AES-CCM from 0x22fd3f144
Salt: 5c3394362de000247d3c4d6b27803507
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x22fd3f144
Salt: 05000100e0d1e593b7e7d30103000000
Error: VMK not encrypted with AES-CCM (ffffff93,ffffffe0)

Signature found at 0x24b958000
Version: 2 (Windows 7 or later)

VMK entry found at 0x24b958123
VMK encrypted with Recovery Password found at 0x24b958144
Searching AES-CCM from 0x24b958144
Salt: 5c3394362de000247d3c4d6b27803507
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x24b958144
Salt: 05000100e0d1e593b7e7d30103000000
Error: VMK not encrypted with AES-CCM (ffffff93,ffffffe0)

Jun 20 '18 20:06 ejtaal

Based on the above I took a guess and did the following:

# printf "%d\n" 0x22fd2f000
9392287744 
# dd if=/dev/sda2 count=256 bs=1k > dev_sda2_first_256k.bin
256+0 records in
256+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.0620299 s, 4.2 MB/s
# dd if=/dev/sda2 count=256k bs=1 skip=9392287000 > dev_sda2_256k_9392287000b_skipped.bin
262144+0 records in
262144+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.532778 s, 492 kB/s

tpm_bitlocker_bitcracker_debug.zip

Jun 20 '18 20:06 ejtaal

@ejtaal I found the signature -FVE-FS- in your file and it seems that AES-CCM signature flag is at a different offset. Later I'll push some changes to the hash_extractor according to this new offset. In the meantime, you could try to attack this recovery password hash:

$bitlocker$2$16$5c3394362de000247d3c4d6b27803507$1048576$12$e0d1e593b7e7d30104000000$60$b8abaf114057bc9f5b6d259db56c671181e10a111b0ca2da56bbf0f0c6a71c148211cf6e39ed496bcdbfa76290dd5951ee09e930f768caa4f5a23e6b

I can confirm there is a TPM part at a certain point. This is the complete output:

---------> BitCracker Hash Extractor <---------
Opening file dev_sda2_256k_9392287000b_skipped.bin

Signature found at 0x000002e8
Version: 2 (Windows 7 or later)

VMK entry found at 0x0000040b
VMK encrypted with Recovery Password found at 0x0000042c
Searching AES-CCM from 0x0000042c
Salt: 5c3394362de000247d3c4d6b27803507
Offset=0x000004d9
Error: VMK not encrypted with AES-CCM (0x00000000,0x00000008),  offset=0x000004db
Offset=0x00000489
VMK encrypted with AES-CCM (0x0000048b)

Nonce: e0d1e593b7e7d30104000000
MAC: b8abaf114057bc9f5b6d259db56c6711

VMK entry found at 0x000004db
VMK encrypted with TPM...not supported! (0x000004fc)

Signature found at 0x000102e8
Version: 2 (Windows 7 or later)

VMK entry found at 0x0001040b

VMK entry found at 0x000104db
VMK encrypted with TPM...not supported! (0x000104fc)
VMK: 81e10a111b0ca2da56bbf0f0c6a71c148211cf6e39ed496bcdbfa76290dd5951ee09e930f768caa4f5a23e6b
Recovery Key hash:
$bitlocker$2$16$5c3394362de000247d3c4d6b27803507$1048576$12$e0d1e593b7e7d30104000000$60$b8abaf114057bc9f5b6d259db56c671181e10a111b0ca2da56bbf0f0c6a71c148211cf6e39ed496bcdbfa76290dd5951ee09e930f768caa4f5a23e6b

Jun 21 '18 11:06 e-ago

I think I have the same problem

root@kali:/bitcracker/build#` ./bitcracker_hash -i /dev/nvme0n1p4

---------> BitCracker Hash Extractor <--------- Opening file /dev/nvme0n1p4

Signature found at 0x00000003 Version: 8 Invalid version, looking for a signature with valid version...

Signature found at 0x041ed000 Version: 2 (Windows 7 or later)

VMK entry found at 0x041ed15b VMK encrypted with Recovery Password found at 0x041ed17c Searching AES-CCM from 0x041ed17c Salt: 6c00740061000000ea00000003000100 Offset=0x041ed229 Error: VMK not encrypted with AES-CCM (0x3a,0x17), offset=0x041ed22b Offset=0x041ed1d9 Error: VMK not encrypted with AES-CCM (0x54,0xaa), offset=0x041ed1db Searching AES-CCM from 0x041ed17c Salt: 6642f81c548037601de3816250816c4e Offset=0x041ed23d Error: VMK not encrypted with AES-CCM (0x0,0x14), offset=0x041ed23f Offset=0x041ed1ed VMK encrypted with AES-CCM (0x041ed1ef)

Nonce: d03d9186660cd40138000000 MAC: a9e84bc5af3a4034ffacb780b42ca681

Signature found at 0x43e00000 Version: 2 (Windows 7 or later)

VMK entry found at 0x43e0015b

Signature found at 0x83e00000 Version: 2 (Windows 7 or later)

VMK entry found at 0x83e0015b

VMK entry found at 0xa47bd055 ^C root@kali:/bitcracker/build# printf "%d\n" 0x041ed000 69128192 root@kali:/bitcracker/build# dd if=/dev/nvme0n1p4 count=256 bs=1k > dev_nvmen1p4_256k.bin 256+0 records in 256+0 records out 262144 bytes (262 kB, 256 KiB) copied, 0.0012522 s, 209 MB/s root@kali:/bitcracker/build# dd if=/dev/nvme0n1p4 count=256 bs=1k skip=69128100 > dev_nvmen1p4_256k_69128100.bin 256+0 records in 256+0 records out 262144 bytes (262 kB, 256 KiB) copied, 0.000691548 s, 379 MB/s

bitcracker_debug.zip

Jun 28 '18 12:06 remitavenot

Sorry for that, I did not wait enought. I finaly had the hash ;). Thanks a lot

Jun 28 '18 12:06 remitavenot

@remitavenot could you paste the complete output? @ejtaal Any news?

Jun 28 '18 13:06 e-ago

`# ./bitcracker_hash -i /dev/sda2

---------> BitCracker Hash Extractor <--------- Opening file /dev/sda2

Signature found at 0x00000003 Version: 8 Invalid version, looking for a signature with valid version...