Bruteforcing bitlocker through Powershell

[icarus255]

Wrote this little password brute forcing script in Powershell while trying to decrypt a bitlocked HDD. There are some brute forcers already available that will actually test the extracted crypto values from the HDD but they are slow and cumbersome. I wanted to see if brute forcing straight through windows would be any quicker and as expected... no 😞

The code basically takes input from a text file, converts it to a "SecureString" (needed or PS has a panic attack) and then tries to decrypt the HDD. At 0.5 guesses/second, I wouldn't worry about any large word lists but it works 🙂

This was just for a bit of fun but if you know of a way to speed up the script or make it more efficient please let me know as I wrote this really to get more familiar with PS. Better yet, if you know of a way to backdoor the bitlocker encryption that would be much appreciated 😉

Quote

# Need to run the script as powershell admin
# Define StreamReader and point it to your passwords list
$PWSstreamreader = New-Object System.IO.StreamReader("C:\temp\passwords.txt")
$linenumber = 1
#feeds line by line the candidates in passwords.txt
while (($readeachline =$PWSstreamreader.ReadLine()) -ne $null)
{
    Write-Host "$linenumber  $readeachline"
    # Need to convert our plaintext to SecureString for powershell to try and unlock. I guess this is some sort of security feature so people don't have plaintext passes lying around
    $SecureString = ConvertTo-SecureString "$readeachline" -AsPlainText -Force
    # Tries to unlock with converted SecureString.
    Unlock-BitLocker -MountPoint "D:" -Password $SecureString
    $info = Get-BitlockerVolume -MountPoint "D:"
    $linenumber++
    # Tests for decryption. Encrypted HDDs will always have a capacity of "0" so loops until capacity > 0 i.e. decrypted.
    If ($info.CapacityGB -ne "0") {Break}
}
$PWSstreamreader.Dispose()