PC Chaos Posted March 18, 2023 Posted March 18, 2023 Hello, I need help with a Bitlockercracker. My Datatransfer was interupted and I can´t read my Data short I can´t open my Dataplate. I think I have a Cryptovirus or had a bruteforce attack before, because of that my key ist lost. And now I need help with the correct path in and to get the path out. And bitlockerhack via GPU. I´ve found a MOD online wich works on TPM. Think that´s needed. I like to put it in here. Think it´s written correct. I have too less knowings about programmings and have consulted a specialist that can´t help me, because his work lays nearly one year in his Storage without beeing over worked. Fucked twice. Would be nice when some could fullfill the rest of the Mod or write a small Help how to. For example If String before define or or. """This module implements BitLocker key extractor analyzer for Saleae Logic 2 needed for Rubber ducky Installation: I think "define" at first is ok isn´t it? (This MOD is of a Stefan from his Homepage) Add the analyzer by selecting Load Existing Extension from Logic 2's extensions tab. """ from enum import Enum import re from saleae.analyzers import HighLevelAnalyzer, AnalyzerFrame OPERATION_MASK = 0x80 ADDRESS_MASK = 0x3f WAIT_MASK = 0x01 WAIT_END = 0x01 TPM_DATA_FIFO_0 = 0xd40024 WINDOW_SIZE = 0x2c class Operation(Enum): """Enum for a TPM transaction type""" READ = 0x80 WRITE = 0x00 class TransactionState(Enum): """Different states for the decofing state machine""" READ_OPERATION = 1 READ_ADDRESS = 2 WAIT = 3 TRANSFER_BYTE = 4 class Transaction: """Capsulates one TPM SPI transaction Args: start_time: A timestamp when the first byte in this transatcion captured. operation: Transaction type. size: The number of data bytes. Attributes: start_time: A timestamp when the first byte in this transatcion captured. end_time: A timestamp when the last byte in this transatcion captured. operation (Operation): Transaction type. address (bytearray): The target address in the transatcion. (big-endian). data (bytearray): The data in the transatcion. size (int): The number of data bytes. wait_count (int): Holds the number of wait states between the address and data . """ start_time: float end_time: float operation: Operation address: bytearray data: bytearray size: int wait_count: int def __init__(self, start_time, operation, size): self.start_time = start_time self.end_time = None self.operation = operation self.address = bytearray() self.data = bytearray() self.size = size self.wait_count = 0 def is_complete(self): """Return True if this transaction is complete. A transaction is complete when all address and data bytes are capture""" return self.is_address_complete() and self.is_data_complete() def is_data_complete(self): """Return True if all data bytes are captured.""" return len(self.data) == self.size def is_address_complete(self): """Return True if all three address bytes are captured.""" return len(self.address) == 3 class Hla(HighLevelAnalyzer): """Implements the BitLocker key extractor Attributes: state (TransactionState): The current state of the state machine current_transaction (Transaction): Contains the transaction to be decoded window (bytearray): the last WINDOW_SIZE bytes from transactions. Used to search the key """ result_types = {} state = TransactionState.READ_OPERATION current_transaction = None window = b'' def __init__(self): pass def decode(self, frame: AnalyzerFrame): if frame.type == 'enable': self._reset_state_machine() elif frame.type == 'disable': self._reset_state_machine() elif frame.type == 'result': mosi = frame.data['mosi'][0] miso = frame.data['miso'][0] self._state_machine(mosi, miso, frame) def _reset_state_machine(self): self.state = TransactionState.READ_OPERATION def _state_machine(self, mosi, miso, frame): machine = { TransactionState.READ_OPERATION: self._read_state, TransactionState.READ_ADDRESS: self._read_address_state, TransactionState.WAIT: self._wait_state, TransactionState.TRANSFER_BYTE: self._transfer_byte_state } return machine[self.state](mosi, miso, frame) def _read_state(self, mosi, miso, frame): operation = Operation(mosi & OPERATION_MASK) size_of_transfer = (mosi & ADDRESS_MASK) + 1 self.current_transaction = Transaction( frame.start_time, operation, size_of_transfer) self.state = TransactionState.READ_ADDRESS def _read_address_state(self, mosi, miso, frame): self.current_transaction.address += mosi.to_bytes(1, byteorder='big') address_complete = self.current_transaction.is_address_complete() if address_complete and not miso & WAIT_MASK: self.state = TransactionState.WAIT elif address_complete: self.state = TransactionState.TRANSFER_BYTE def _wait_state(self, mosi, miso, frame): self.current_transaction.wait_count += 1 if miso == WAIT_END: self.state = TransactionState.TRANSFER_BYTE def _transfer_byte_state(self, mosi, miso, frame): if self.current_transaction.operation == Operation.READ: self.current_transaction.data += miso.to_bytes(1, byteorder='big') elif self.current_transaction.operation == Operation.WRITE: self.current_transaction.data += mosi.to_bytes(1, byteorder='big') if self.current_transaction.is_complete(): self.current_transaction.end_time = frame.end_time self._reset_state_machine() self._append_transaction() key = self._find_key() if key: print(f'[+] Found BitLocker key: {key}') self.window = b'' if len(self.window) >= WINDOW_SIZE: self.window = self.window[-WINDOW_SIZE:] def _append_transaction(self): if int.from_bytes(self.current_transaction.address, "big") != TPM_DATA_FIFO_0: return self.window += self.current_transaction.data def _find_key(self): data = self.window.hex() key = re.findall( r'2c000[0-6]000[1-9]000[0-1]000[0-5]200000(\w{64})', data) if key: return key[0] return None
dark_pyrro Posted March 18, 2023 Posted March 18, 2023 Posting about the same thing twice will not help you
0phoi5 Posted March 18, 2023 Posted March 18, 2023 1.) "My Datatransfer was interupted and I can´t read my Data short I can´t open my Dataplate. I think I have a Cryptovirus or had a bruteforce attack before, because of that my key ist lost" makes absolutely no sense whatsoever, not just on a written language level, but also on a logical level. 2.) "have consulted a specialist that can´t help me, because his work lays nearly one year in his Storage without beeing over worked" also makes absolutely no sense whatsoever, not just on a written language level, but also on a logical level. 3.) New account, no previous reputation Ergo, I smell BS. Sorry, you won't get that kind of help here. If you want to try and crack in to other people's Bitlocker databases, try somewhere nefarious. This is not that place. You haven't lost your own Bitlocker access, because all excuses you gave are absolutely terrible.
PC Chaos Posted March 23, 2023 Author Posted March 23, 2023 Nope my own ivwas attacked and am a running Goal since that time. I have all recipes that Shows the truth. But thanks.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.