Bitlocker/Truecrypt Decryption Tool

By on

Following on from my post “10 Things You Don’t Want To Know About Bitlocker”, “TPM Undressed” and “Firewire Attacks Revisited” it recently came to my attention that Passware, Inc. A feisty California company has released a version of their forensic software which will decrypt Bitlocker and TrueCrypt protected hard disks via the classic Firewire vulnerabilities.

A full write-up can be found on the Passware site, but simply, given a machine that’s running, but has encrypted drives (for example one using Bitlocker in TPM-only mode, or a machine which is suspended, not hibernated). As to how to do it, well they have implemented the exploit in a very neat and usable way:

Step 1 – capture a forensic memory image and disk images
1. Create the Firewire memory imager from the Passware Kit on a USB Stick
2. Connect the target computer to the forensic computer using a Firewire cable
3. Boot the forensic computer off the USB stick from step 1 to capture the image
4. Create disk images using tools such as Encase

Step 2 – Decrypt the disk images
1. Click “Recover Hard Disk Passwords” within the Passware Kit
2. Select Bitlocker or Truecrypt
3. Select the memory image file, and the disk image file
4. Click Next – Passware will now decrypt the disk image.

This is, to my knowledge, the first commercial implementation (or should that be exploitation?) of the Firewire memory attack, and should be considered by anyone intending to use products such as Bitlocker or Truecrypt, without making sure they implement them in a way which prevents this kind of exploitation. As always, encryption is no use without proper pre-boot authentication.

2 comments on “Bitlocker/Truecrypt Decryption Tool

Leave a Comment

Similar articles

I’ve been in this industry for over twenty years, and the advancements in cybersecurity over the last few years are unmatched. As an industry, we went from believing in a best-in-breed, siloed approach and now we understand our customers need a connected security architecture that can protect, detect, and correct. While we’ve made impressive advancements, ...
Read Blog
Fifth-generation networking (5G) holds the potential for a massive immersion of technology into the lives of people and businesses. It is an evolution of technology that could allow enough bandwidth for 50 billion smart devices, driving toward a world in which everything that computes will be connected. Such transformative technology opens great opportunities, but also presents new ...
Read Blog
With the growth of the Internet of Things, going from 15 billion to 200 billion devices by 2020, and the focus by attackers to get further down the stack, silicon-based security will play an increasing role in protecting technology and users. As attackers evolve, they get stronger, smarter, and more resourceful. Traditional defensive structures must ...
Read Blog