Bitlocker recovery Key
#1
Hi, I have lost my Bitlocker recovery key. Can Hashcat be used to find the windows recovery key, If so what would the syntax be. Ive tried to recover the password, but it would be a combination of letters, a symbol like@ and number. Ran Hashcat for 5 days with a massive Rockyou reference file with no results.  Thanks


Attached Files
.png   hashcat.png (Size: 24.96 KB / Downloads: 9)
Reply
#2
The BitLocker recovery key is a 48-bit pure number, and it is not realistic to hack
Reply
#3
your screenshot (bruteforce) doesnt match your passordstyle (you miss the special char @ mentioned) so you will never crack your own passoword

anyway, rockyou is a dict and has nothing to do with the bruteforce you started

with explicit knowledge of your password you can specify a better mask than the one you provided

do you used words or really random letters? is the number/digit at the end of the pass and if so, 1 digit, 2, 3?
Reply
#4
It sound like what you want to do is something like a hybrid attack where you combine a list of words with number and special characters at the beginning or end. See this article, scroll down to "Hybrid attack":
https://in.security/2022/06/20/hashcat-p...sk-hybrid/

For example:
hashcat -a 6 -m 0 <$hash> rockyou.txt -1 ?s?d ?1?1?1?1 -i  
hashcat -a 7 -m 0 <$hash> [i]-1 ?s?d ?1?1?1?1 -i rockyou.txt [/i]


The above examples would search for a word in the rockyou.txt list followed by up to four characters being either a number or special characters (-a 6), or up to four numbers or special characters followed by a word (-a 7). The "-i" part means the mask part is incremental, meaning 1 character up to the end of the mask are tried.
What I am missing in your question is specific information:

1) The order of numbers and letters random -> use a mask attack
2) Are letters non-random such as words  -> huge difference since you can use a dictionary limiting the number of passwords to check. In this case use hybrid attack
3) Which characters, most people use only some special characters not all in their password. In such a case you can make a spefic mask for those characters, e.g. mask "-1 @?d ?1?1?1?1 -i" would only search for character "@" and digits/numbers, not all characters.
4) What is known about the order or words/letters/special characters

In other words, be specific!
Reply