bitpixie icon indicating copy to clipboard operation
bitpixie copied to clipboard
verified publisher icon andigandhi

Feature-Request: Full Memory Dump

Open netaddict opened this issue 10 months ago • 5 comments

Hi, I really would like to have a option in the exploit binary to dump the whole memory to a file (mounted usb storage). Since my C skills are to bad, maybe someone could implement this feature. 😅

Sometimes the VMK isn't found by the exploit, and I would like to use commercial tools like Passware to check the memory dump.

netaddict avatar Feb 07 '25 22:02 netaddict

Hi, maybe I can have a look into it the following week, I'll keep you updated. Seems like a nice idea for trying to debug physical systems!

andigandhi avatar Feb 09 '25 10:02 andigandhi

Can be flagged as improvement. Would need to mount an sftp/nfs/smb share as target, or requires usb ports to be enabled. tftp would be way to slow.

code1997 avatar Feb 09 '25 19:02 code1997

Hi, are there any updates on this topic?

netaddict avatar Jul 07 '25 12:07 netaddict

Hey! Sadly I lost track of some of the issues... As I did/do all my development of the exploit on a virtual machine, I never had the need of this feature. Additionally I never had problems finding the VMK on real life systems; at least if all the criteria mentioned in https://neodyme.io/de/blog/bitlocker_screwed_without_a_screwdriver/ was met. Do you currently have a system where you would need an export functionality?

andigandhi avatar Jul 08 '25 16:07 andigandhi

Soo, I just pushed a commit (69ddfa8) that pauses the exploit for interesting candidates and prints a hexdump of the relevant memory area. I know this is not exactly what you asked for but it might help debugging.

andigandhi avatar Jul 24 '25 16:07 andigandhi