careless223 Posted February 3, 2007 Share Posted February 3, 2007 I thought of this idea driving home from working out and debating whether I should buy Vista tomorrow. So I got to thinking about Bitlocker drive encryption. Apparently it encrypts system files and the swap space along with all the user’s files. So what I was thinking (this is still just theory) is that if the system files are encrypted which includes little files that don't vary such as icons, you can take the encrypted file and compare it to an unencrypted version of that file to determine the password used to encrypt it with. For example: the Firefox icon. If you have a Firefox icon that is excrypted with bitlocker and one that is not, could you theoretically scan and compare the 2 files to find the original password used to encrypt them? It is encrypted with AES which is essentially just an algorithm that you plug the password into which then generates the rules for encrypting that file or in this case the entire drive. Then with the password in hand you could unencrypt the entire drive. Is this even possible or am I just stupid? Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 3, 2007 Share Posted February 3, 2007 Your are not stupid :P This depends upon how the encryption is implemented. If the implementation is any good it should be impossible to be able to get directory listings let alone get the data for a file. So, while you are correct in one respect (be able to work out the key used to encrypt a file if you have the encrypted file and the unencrypted file) you are (hopefully) wrong in another respect (it should be impossible to distinguish one files data from any other files data on an encrypted volume). Quote Link to comment Share on other sites More sharing options...
careless223 Posted February 3, 2007 Author Share Posted February 3, 2007 Well from what I understand and have read, it does not encrypt the FAT table. So from there could you not go to the physical portion of the disk to get the file if you know that it is so many bits in length? Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 3, 2007 Share Posted February 3, 2007 Well from what I understand and have read, it does not encrypt the FAT table. So from there could you not go to the physical portion of the disk to get the file if you know that it is so many bits in length? If thats true (and I don't know that it is or it isn't) then theoretically you could I suppose. There is probably a good reason that doesn't work that I'm currently blind to lol Quote Link to comment Share on other sites More sharing options...
careless223 Posted February 3, 2007 Author Share Posted February 3, 2007 Well it should be interesting to see how this unfolds. Can you imagine having the switchblade automatically find some files like that so you can later steal the laptop and access all the secret information? Quote Link to comment Share on other sites More sharing options...
Shaun Posted February 3, 2007 Share Posted February 3, 2007 Well from what I understand and have read, it does not encrypt the FAT table. So from there could you not go to the physical portion of the disk to get the file if you know that it is so many bits in length? I don't think that's right, well, I know it's not right. First of all NTFS doesn't have a FAT, it has an MFT and the MFT is encrypted (clicky). Quote Link to comment Share on other sites More sharing options...
sneaky_rupert Posted February 3, 2007 Share Posted February 3, 2007 They're right. With the encryption in place, it encrypts the whole volume...not just on a file to file basis. It looks like random data when it is encrypted. Good thinking though, when you think like that you cross from the realm of being a script kiddie :-). If you have more ideas like this, please feel free to share them with us! I always like to entertain new ideas like this. And who knows, you might stumble on to something that everyone can benefit from! I know I am always adding to my Pen Testing kit, or my overall understanding. Quote Link to comment Share on other sites More sharing options...
Shaun Posted February 3, 2007 Share Posted February 3, 2007 Known plaintext attacks aren't exactly a new idea, they've been used for a very long time. Quote Link to comment Share on other sites More sharing options...
sneaky_rupert Posted February 3, 2007 Share Posted February 3, 2007 Known plaintext attacks aren't exactly a new idea, they've been used for a very long time. Well yes, but easy cracking hard drive encryption is not really mainstream. I wasn't saying it was a NEW idea, but I was applauding his efforts to develop methodology to make a somewhat tedious effort a little easier. Quote Link to comment Share on other sites More sharing options...
mubix Posted February 5, 2007 Share Posted February 5, 2007 Great ideas guys. I actually just posted on http://www.room362.com/ a short blurb about bitlocker. Check it out. Quote Link to comment Share on other sites More sharing options...
twist3r Posted February 5, 2007 Share Posted February 5, 2007 for old hardware would this work? store your keys on your thumbdrive in a truecrypt volume? hrm but this would mean that you already had to be booted into windows... I guess I need to find some more information on bitlocker Quote Link to comment Share on other sites More sharing options...
careless223 Posted February 7, 2007 Author Share Posted February 7, 2007 I just read you blurb and it sorta fills in the holes in my logic. So basically the files are encrypted until you access them right? Could you then maybe steal these files from a laptop or desktop that is logged on with a U3 thumbdrive via a batch script to copy the specific files that you need? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 7, 2007 Share Posted February 7, 2007 yes and no Vista no longer autoruns anything... sorry Quote Link to comment Share on other sites More sharing options...
mubix Posted February 7, 2007 Share Posted February 7, 2007 yes and no Vista no longer autoruns anything... sorry Have you tried the Hacksaw and the Switchblade on Vista? I don't have mine on me right now or I would try. Quote Link to comment Share on other sites More sharing options...
careless223 Posted February 7, 2007 Author Share Posted February 7, 2007 So no autoplaying CDs? That sucks. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 7, 2007 Share Posted February 7, 2007 So no autoplaying CDs? That sucks. Kinda it does what XP dose for USB drives it asks what you would like to do biased on what it finds on the disk. Quote Link to comment Share on other sites More sharing options...
VaKo Posted February 8, 2007 Share Posted February 8, 2007 yes and no Vista no longer autoruns anything... sorry Have you tried the Hacksaw and the Switchblade on Vista? I don't have mine on me right now or I would try. The Amish switchblade kinda works on vista, but it has trouble with the user passwords. Should be ok if someone rejigs it to work with NTLM. Quote Link to comment Share on other sites More sharing options...
careless223 Posted February 8, 2007 Author Share Posted February 8, 2007 Amish is the man. So no U3 for Vista then? :( Quote Link to comment Share on other sites More sharing options...
a5an0 Posted February 9, 2007 Share Posted February 9, 2007 Amish is the man.So no U3 for Vista then? :( Give it time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.