03-01-2023, 12:22 PM
(Extension to my reply to your message) Correction my mistake,
it's actually $bitlocker$2$ & $bitlocker$3$, can those even be used together?
it's actually $bitlocker$2$ & $bitlocker$3$, can those even be used together?
(03-01-2023, 12:18 PM)Ian Marais Wrote: Thank you for replying,
Yes unfortunately the hashes are $bitlocker$3$ & $bitlocker$4$, do you have any steps to follow with john or should I rather check other sources?
If I'm able to get the recovery password from john, will this help getting the Bitlocker key itself? I have the Recovery key ID as well. Will the User password be of any help?
Thank you again.
(02-26-2023, 05:23 PM)b8vr Wrote:(02-25-2023, 11:51 AM)Ian Marais Wrote: Hi everyone.
Very new to code cracking but I've received an SSD from a client that got Bitlocker locked because someone ells installed parts in a Dell laptop without disabling Bitlocker, they couldn't rectify the issue.
So I am trying to take on the challange.
So far I have made an image with FTK imager, extracted hashes with Bitlocker2John, but now I'm stuck with Hashcat.
John only gave me 2x Bitlocker hashes instead of 4, is that normal?
How will I know what mask to use and how to use a word list?
Do I need any info from the client like a password or anything ells?
They do not have a Microsoft Account.
Also just a bit of extra limitations, in my country of South Africa the retarded government has stolen the national energy provided into such a state that they are unable to provide the country with constant electricity, so as a result we have 4 hour outages twice a day with 4 hour to 12 hour power in between every day. We do not have backup power that will last long enough for a GPU carcking to continue as I only have a mobile power station for laptops and low power machines.
My GPU is a GTX 1070, is it even worth perusing this venture?
Will a password attack even help with getting a Bitlocker key?
Kind regards.
Ian.
Firstly, you need to check what kind of hash you've got.
If your hashes starts with $bitlocker$0$ or $bitlocker$1$, then you can use hashcat to try and crack them.
But if they start with $bitlocker$3$ or $bitlocker$4$, then it's a recovery password consisting of 8 groups of 6 digits in each group. Each group has a hyphen as delimiter. These can't be cracked with hashcat. You need John the Ripper for those. But it's literally impossible as the amount of candidates is enormous.
If bitlocker2john only gave 2 hashes, they are most likely recovery hashes.