VMK not encrypted with AES-CCM #4

hammi1 · 2018-04-10T16:06:19Z

Hello,

I am trying to find the hash for a disk volume I made, it says however,

`Signature found at 0x00000003
Version: 8
Invalid version, looking for a signature with valid version...

Signature found at 0x16dad000
Version: 1 (Windows Vista)

VMK entry found at 0x16dad177
VMK encrypted with Recovery Password found at 0x16dad198
Searching AES-CCM from 0x16dad198
Salt: 5b2eb594d822bcd2e20cf10a0e1da4c5
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x16dad198
Salt: 05000100008b543179bccb0129000000
Error: VMK not encrypted with AES-CCM (74,ffffff90)
`

It has hung for the moment, I will wait for anything else to happen.

Is there any way to still retrieve the hash for the disk?

e-ago · 2018-04-10T17:45:41Z

Is the windows vista info correct ? Which authentication method did you chose to encrypt your device? What's the size of your image?

hammi1 · 2018-04-10T17:49:13Z

The windows vista bit IS correct, and it finished with

`Error while extracting data: No signature found!

Error while parsing input device image`

The size of the image is 130GB. I dd'ed it from the partition into an IMG file (4096 block size).

Im not sure of the auth method, because I bitlocked this many years ago, but I remember that it had a TPM key with it, so that the password by itself cant unlock it, only the recovery key can.

hammi1 · 2018-04-10T18:00:34Z

I'm not sure if this helps or not, but using bdeinfo on the img file shows that it was encrypted using AES-CBC 128-bit with Diffuser.

Im thinking that this may be different to AES-CCM

e-ago · 2018-04-16T17:27:23Z

Probably metadata in your encrypted image are organized in a different way wrt tests I've done until now. May I ask you to send to me the first 256Kb of your image?

hammi1 · 2018-04-17T19:36:06Z

Sure, I can do that. I'm a bit unsure of how to copy that though, people are saying I can use dd, or dd and truncate, and some other potential solutions. I don't have enough space for a second image so can I dd only a portion of it?

hammi1 · 2018-04-17T22:15:58Z

I have potentially found a way to do it. I used cat command and piped through to head, with

cat image.img | head -c 32000

Since you specified 256Kb, in kilobits, that is 32 kilobytes.

Furthermore, how should I attach this? Should I just attach this as a file to the issue?

e-ago · 2018-04-18T13:22:07Z

I'm sorry, I meant 256 KB. Yes you can attach the file here

hammi1 · 2018-04-18T15:18:41Z

I have redone the command with "head -c 256000" instead, and attached the file
image.txt
.

Github only supports certain files, so I have chosen txt, but obviously as you know, its not a text format, its simply the first 256KB of the bitlocked image

e-ago · 2018-04-18T15:29:41Z

I edited this comment, thus I'm tagging you @hammi1

Looking at the output, in this first signature there are some interesting info about the encryption of your device.
Unfortunately there aren't all the info needed by BitCracker to perform the attack, thus you should send to me also the 256 KB starting some byte before address 0x16dad00.

You can try with something like:
dd skip=23964908 count=262144 bs=1

would copy from byte 23964908 ( i.e. 0x16DACEC ) to byte 24227052 from its input to its output, and discard the rest (source https://stackoverflow.com/questions/218912/linux-command-like-cat-to-read-a-specified-quantity-of-characters )

hammi1 · 2018-04-28T14:04:41Z

Hi, sorry for the delay in replying. I didn't notice there was an update until today.

I have attached the image.txt file again, retrieved from the command you put out (amending if=bitlock.img of=image.txt )

Thanks again for looking into this.

image.txt

e-ago · 2018-05-31T18:29:55Z

@hammi1 unfortunately the -FVE-FS- signature is not present in the file you sent.
Could you open your image with an hex editor (i.e. hex fiend) and find the -FVE-FS- around offset 0x16dad000? I need that part of the encrypted image

ejtaal · 2018-06-20T20:06:03Z

Hi @e-ago , I'm having the same issue as described above, while doing a build review on a laptop with what also seems to be a TPM encrypted partition. It's running Windows 7 Enterprise N. I can send whatever data you need, just send me the dd command you require. Here's the output I have so far:

# ./bitcracker_hash -i /dev/sda2 

---------> BitCracker Hash Extractor <---------
Opening file /dev/sda2

Signature found at 0x00000003
Version: 8 
Invalid version, looking for a signature with valid version...

Signature found at 0x22fd2f000
Version: 2 (Windows 7 or later)

VMK entry found at 0x22fd2f123
VMK encrypted with Recovery Password found at 0x22fd2f144
Searching AES-CCM from 0x22fd2f144
Salt: 5c3394362de000247d3c4d6b27803507
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x22fd2f144
Salt: 05000100e0d1e593b7e7d30103000000
Error: VMK not encrypted with AES-CCM (ffffff93,ffffffe0)

Signature found at 0x22fd3f000
Version: 2 (Windows 7 or later)

VMK entry found at 0x22fd3f123
VMK encrypted with Recovery Password found at 0x22fd3f144
Searching AES-CCM from 0x22fd3f144
Salt: 5c3394362de000247d3c4d6b27803507
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x22fd3f144
Salt: 05000100e0d1e593b7e7d30103000000
Error: VMK not encrypted with AES-CCM (ffffff93,ffffffe0)

Signature found at 0x24b958000
Version: 2 (Windows 7 or later)

VMK entry found at 0x24b958123
VMK encrypted with Recovery Password found at 0x24b958144
Searching AES-CCM from 0x24b958144
Salt: 5c3394362de000247d3c4d6b27803507
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x24b958144
Salt: 05000100e0d1e593b7e7d30103000000
Error: VMK not encrypted with AES-CCM (ffffff93,ffffffe0)

ejtaal · 2018-06-20T20:28:38Z

Based on the above I took a guess and did the following:

# printf "%d\n" 0x22fd2f000
9392287744 
# dd if=/dev/sda2 count=256 bs=1k > dev_sda2_first_256k.bin
256+0 records in
256+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.0620299 s, 4.2 MB/s
# dd if=/dev/sda2 count=256k bs=1 skip=9392287000 > dev_sda2_256k_9392287000b_skipped.bin
262144+0 records in
262144+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.532778 s, 492 kB/s

tpm_bitlocker_bitcracker_debug.zip

e-ago · 2018-06-21T11:04:06Z

@ejtaal I found the signature -FVE-FS- in your file and it seems that AES-CCM signature flag is at a different offset. Later I'll push some changes to the hash_extractor according to this new offset. In the meantime, you could try to attack this recovery password hash:

$bitlocker$2$16$5c3394362de000247d3c4d6b27803507$1048576$12$e0d1e593b7e7d30104000000$60$b8abaf114057bc9f5b6d259db56c671181e10a111b0ca2da56bbf0f0c6a71c148211cf6e39ed496bcdbfa76290dd5951ee09e930f768caa4f5a23e6b

I can confirm there is a TPM part at a certain point. This is the complete output:

---------> BitCracker Hash Extractor <---------
Opening file dev_sda2_256k_9392287000b_skipped.bin

Signature found at 0x000002e8
Version: 2 (Windows 7 or later)

VMK entry found at 0x0000040b
VMK encrypted with Recovery Password found at 0x0000042c
Searching AES-CCM from 0x0000042c
Salt: 5c3394362de000247d3c4d6b27803507
Offset=0x000004d9
Error: VMK not encrypted with AES-CCM (0x00000000,0x00000008),  offset=0x000004db
Offset=0x00000489
VMK encrypted with AES-CCM (0x0000048b)

Nonce: e0d1e593b7e7d30104000000
MAC: b8abaf114057bc9f5b6d259db56c6711

VMK entry found at 0x000004db
VMK encrypted with TPM...not supported! (0x000004fc)

Signature found at 0x000102e8
Version: 2 (Windows 7 or later)

VMK entry found at 0x0001040b

VMK entry found at 0x000104db
VMK encrypted with TPM...not supported! (0x000104fc)
VMK: 81e10a111b0ca2da56bbf0f0c6a71c148211cf6e39ed496bcdbfa76290dd5951ee09e930f768caa4f5a23e6b
Recovery Key hash:
$bitlocker$2$16$5c3394362de000247d3c4d6b27803507$1048576$12$e0d1e593b7e7d30104000000$60$b8abaf114057bc9f5b6d259db56c671181e10a111b0ca2da56bbf0f0c6a71c148211cf6e39ed496bcdbfa76290dd5951ee09e930f768caa4f5a23e6b

…rding to issue #4. The extractor code needs to be reworked

remitavenot · 2018-06-28T12:10:28Z

I think I have the same problem

root@kali:/bitcracker/build#` ./bitcracker_hash -i /dev/nvme0n1p4

---------> BitCracker Hash Extractor <---------
Opening file /dev/nvme0n1p4

Signature found at 0x00000003
Version: 8
Invalid version, looking for a signature with valid version...

Signature found at 0x041ed000
Version: 2 (Windows 7 or later)

VMK entry found at 0x041ed15b
VMK encrypted with Recovery Password found at 0x041ed17c
Searching AES-CCM from 0x041ed17c
Salt: 6c00740061000000ea00000003000100
Offset=0x041ed229
Error: VMK not encrypted with AES-CCM (0x3a,0x17), offset=0x041ed22b
Offset=0x041ed1d9
Error: VMK not encrypted with AES-CCM (0x54,0xaa), offset=0x041ed1db
Searching AES-CCM from 0x041ed17c
Salt: 6642f81c548037601de3816250816c4e
Offset=0x041ed23d
Error: VMK not encrypted with AES-CCM (0x0,0x14), offset=0x041ed23f
Offset=0x041ed1ed
VMK encrypted with AES-CCM (0x041ed1ef)

Nonce: d03d9186660cd40138000000
MAC: a9e84bc5af3a4034ffacb780b42ca681

Signature found at 0x43e00000
Version: 2 (Windows 7 or later)

VMK entry found at 0x43e0015b

Signature found at 0x83e00000
Version: 2 (Windows 7 or later)

VMK entry found at 0x83e0015b

VMK entry found at 0xa47bd055
^C
root@kali:/bitcracker/build# printf "%d\n" 0x041ed000
69128192
root@kali:/bitcracker/build# dd if=/dev/nvme0n1p4 count=256 bs=1k > dev_nvmen1p4_256k.bin
256+0 records in
256+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.0012522 s, 209 MB/s
root@kali:/bitcracker/build# dd if=/dev/nvme0n1p4 count=256 bs=1k skip=69128100 > dev_nvmen1p4_256k_69128100.bin
256+0 records in
256+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.000691548 s, 379 MB/s

bitcracker_debug.zip

remitavenot · 2018-06-28T12:20:22Z

Sorry for that, I did not wait enought. I finaly had the hash ;).
Thanks a lot

e-ago · 2018-06-28T13:04:57Z

@remitavenot could you paste the complete output?
@ejtaal Any news?

ejtaal · 2018-06-28T14:37:02Z

`# ./bitcracker_hash -i /dev/sda2

---------> BitCracker Hash Extractor <---------
Opening file /dev/sda2

Signature found at 0x00000003
Version: 8
Invalid version, looking for a signature with valid version...