Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not an issue-sorta... #45

Open
BogusException opened this issue Jan 23, 2022 · 1 comment
Open

Not an issue-sorta... #45

BogusException opened this issue Jan 23, 2022 · 1 comment

Comments

@BogusException
Copy link

Bitlocker recovery keys are not random strings. Each of the first 7 groups of 6 characters must be divisible by 11, making the field of possible solutions far smaller than random. In addition, the last group of 6 is a computed checksum of the others-again, not random.

Does your tool narrow the solution field, and thus solution time, by taking this into account?

If you check here: https://wikileaks.org/hbgary-emails//fileid/45244/13483 (a PDF) you will see that M$ documentation is in error.

Implementing BitLocker Drive Encryption for Forensic Analysis
Jesse D. Kornblum, ManTech International Corporation
jesse.kornblum@mantech.com

excerpt:

#5.4 Recovery Password
When BitLocker is installed on a system volume the system encourages the user to create a recovery password. The user can also create a recovery password from the BitLocker Control Panel at any time. The recovery password can either be written directly to a text file or displayed on the screen. The “password” is actually a 48 digit number, eight groups of six digits, with three properties for checksumming described in [6, 7]. These properties are:

  1. Each group of six digits must be divisible by eleven. This check can be used to identify groups mistyped by the user.

  2. Each group of six digits must be less than 720,896, or 216 ∗ 11. Each group contains 16 bits of key information. The eight groups, therefore, hold 16 ∗ 8 or 128 bits of key.

  3. The sixth digit in each group is a checksum digit. If the digits in each group are represented as x1, x2, x3, x4, x5, and x6, then x6 must equal (x1−x2+x3−x4+x5) mod 11. Note that the Microsoft documentation for the check digit calculation is incorrect. In [7] Microsoft claimed that x6 must equal (−x1 +x2 −x3 +x4 −x5) mod 11.

The error may be attributable to the fact that many programming languages do not compute the modulus operator correctly. In C, for example, -5 % 11 yields -5, and not the correct result, 6. A method to compute the check digit correctly in C is: check digit = (11 - (-x1 + x2 - x3 + x4 - x5)) % 11;.

The author believes that whomever wrote the documentation for Microsoft may have relied on the source code. If that source code resembles the version of the checksum above, it would account for the discrepancy in [7].

Wouldn't only supplying the possible characters lower the solution time? Or is the overhead of making each entry valid more than just hitting it with random characters?

@drdunn858
Copy link

This is not an answer, but rather an additional question for the asker. Can you give me an example of a 6 digit number divisible by 11 in which the 6th digit is NOT the checksum as per the documentation? I am at a loss as to any number which meets 1 and 2 without automatically meeting 3?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants