hashcat Forum Support hashcat v
Bitlocker: TPM + Pre-Boot Pin

Threaded Mode
Bitlocker: TPM + Pre-Boot Pin
Sondero Offline
Member
***
Posts: 76
Threads: 14
Joined: Dec 2019
#1
08-16-2021, 02:15 PM (This post was last modified: 08-16-2021, 02:15 PM by Sondero.)
Hello,
is there any possible way to attack a device with (Bitlocker) TPM+Preboot-Pin encryption ?

I took a physical image, but bitlocker2john doesnt give me a hash, and Passware also wouldn’t give me the option for a wordlist attack (only with memory dump, but i dont habe a dump or decrypted hiberfile.sys)

Thank Wink

Best regrads
Sondero
Find
Reply
Lars Offline
Junior Member
**
Posts: 12
Threads: 0
Joined: Dec 2015
#2
08-16-2021, 03:17 PM
There's no human entered password-hash to attack as the encryption keys are stored in the TPM and are released with the PIN.
Find
Reply
DanielG Offline
Pentester
***
Posts: 180
Threads: 0
Joined: Nov 2017
#3
08-16-2021, 03:49 PM
You probably need a hardware attack like described on https://dolosgroup.io/blog/2021/7/9/from...ny-network
Find
Reply
Sondero Offline
Member
***
Posts: 76
Threads: 14
Joined: Dec 2019
#4
08-16-2021, 05:36 PM
If i understand it correct, this attack only works if there is no pre-autentification needed Undecided
Find
Reply
DanielG Offline
Pentester
***
Posts: 180
Threads: 0
Joined: Nov 2017
#5
08-17-2021, 10:06 AM
Ah I see, you are right, the PIN requirement prevents this attack.
Find
Reply