e-ago / bitcracker Goto Github PK

BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker

License: GNU General Public License v2.0

Makefile 0.10% C 88.73% Cuda 10.74% Shell 0.43%

bitlocker password-cracker cuda cryptography gpgpu windows microsoft attack opencl hash john-the-ripper gpu cracking passwords decryption-algorithm bitcracker

bitcracker's Introduction

BitCracker

BitCracker is the first open source password cracking tool for storage devices (Hard Disk, USB Pendrive, SD card, etc...) encrypted with BitLocker, an encryption feature available on Windows Vista, 7, 8.1 and 10 (Ultimate, Pro and Enterprise editions). BitLocker offers a number of different authentication methods to encrypt a storage device like Trusted Platform Module (TPM), Smart Card, Recovery Password, User supplied password.

By means of a dictionary attack, BitCracker tries to find the correct User Password or Recovery Password to decrypt the encrypted storage device. It has been implemented in CUDA and OpenCL.

Paper

Several journals delayed the publication of our BitCracker paper (almost 3 years, with final rejection after several revisions) which explains the details of our attack, the BitLocker Drive Encryption (BDE) volume format and possible weaknesses in the encryption/decryption procedure. Finally, we published the paper here: https://arxiv.org/abs/1901.01337 . Please feel free to comment and share.

Requirements

To run the BitCracker-CUDA, minimal requirements are:

an NVIDIA GPU with CC 3.5 or later
CUDA 7.5 or newer

To run the BitCracker-OpenCL, minimal requirements are any GPU or CPU supporting OpenCL (you can find some help here.

BitCracker requires at least 260 MB of device memory.

We strongly recommend to run your attack on a GPU rather than CPU for performance reasons (see section Performance).

Build

Running the build.sh script generates 4 executables inside the build directory: bitcracker_hash, bitcracker_rpgen, bitcracker_cuda, bitcracker_opencl.

In order to build bitcracker_cuda coherently with your NVIDIA GPU and CUDA version, you need to modify the src_CUDA/Makefile chosing the correct SM version. As a reference, you can use the following table:

GPU Architecture	Suggested CUDA	Makefile
Kepler	CUDA 7.5	arch=compute_35,code=sm_35
Maxwell	CUDA 8.0	arch=compute_52,code=sm_52
Pascal	CUDA 9.0	arch=compute_60,code=sm_60
Volta	CUDA 9.0	arch=compute_70,code=sm_70

Prepare the attack

You need to create the image of your storage device encrypted with BitLocker using, as an example, the dd command:

sudo dd if=/dev/disk2 of=/path/to/imageEncrypted.img conv=noerror,sync
4030464+0 records in
4030464+0 records out
2063597568 bytes transferred in 292.749849 secs (7049013 bytes/sec)

Then you need to run the bitcracker_hash executable on your imageEncrypted.img in order to:

check if the image has a valid format and can be attacked by BitCracker
check if the the original storage device hash been encrypted with an User Password or a Recovery Password
extract the hash describing the image

If the execution completes correctly, bitcracker_hash produces 1 or 2 output files:

hash_user_pass.txt : if the device was encrypted with a User Password, this file contains the hash you need to start the User Password attack mode.
hash_recv_pass.txt : the hash you need to start the Recovery Password attack mode

BDE encrypted volumes could have different formats for different authentication methods. If bitcracker_hash is not able to find the Recovery Password on your encrypted image, please open an issue or contact me

An example:

/build/bitcracker_hash -o test_hash -i ./Images/imgWin7

---------> BitCracker Hash Extractor <---------
Opening file ./Images/imgWin7

....

Signature found at 0x02208000
Version: 2 (Windows 7 or later)

VMK entry found at 0x022080bc
VMK encrypted with user password found!
VMK encrypted with AES-CCM

VMK entry found at 0x0220819c
VMK encrypted with Recovery key found!
VMK encrypted with AES-CCM

User Password hash:
$bitlocker$0$16$89a5bad722db4a729d3c7b9ee8e76a29$1048576$12$304a4ac192a2cf0103000000$60$24de9a6128e8f8ffb97ac72d21de40f63dbc44acf101e68ac0f7e52ecb1be4a8ee30ca1e69fbe98400707ba3977d5f09b14e388c885f312edc5c85c2

Recovery Key hash:
$bitlocker$2$16$8b7be4f7802275ffbdad3766c7f7fa4a$1048576$12$304a4ac192a2cf0106000000$60$6e72f6ef6ba688e72211b8cf8cc722affd308882965dc195f85614846f5eb7d9037d4d63bcc1d6e904f0030cf2e3a95b3e1067447b089b7467f86688

Output file for user password attack: "hash_user_pass.txt"
Output file for recovery password attack: "hash_recv_pass.txt"

User Password Attack

You can use this type of attack if the storage device has been encrypted with an user supplied password as shown in the following image. BitCracker performs a dictionary attack, thus you need to provide a wordlist of possibile user passwords.

To start the attack you need:

the hash_user_pass.txt file
a wordlist of possibile user passwords (you need to provide it by yourself)

A command line example:

./build/bitcracker_cuda -f hash_user_pass.txt -d wordlist.txt -t 1 -b 1 -g 0 -u

Where:

-f : path to the hash_user_pass.txt file
-d : path to your wordlist
-t : number of passwords processed by each CUDA thread
-b : number of CUDA blocks
-g : NVIDIA GPU device ID
-u : specify your want an user password attack

For all the available options, type ./build/bitcracker_cuda -h. In order to have the best performance, please refer to the table in Performance section to properly set the t and b options according to your NVIDIA GPU.

Same considerations can be applied for the bitcracker_opencl executable.

An output example:

====================================
Selected device: GPU Tesla K80 (ID: 0)
====================================
....
Reading hash file "hash_user_pass.txt"
$bitlocker$0$16$0a8b9d0655d3900e9f67280adc27b5d7$1048576$12$b0599ad6c6a1cf0103000000$60$c16658f54140b3d90be6de9e03b1fe90033a2c7df7127bcd16cb013cf778c12072142c484c9c291a496fc0ebd8c21c33b595a9c1587acfc6d8bb9663

====================================
Attack
====================================

Type of attack: User Password
CUDA Threads: 1024
CUDA Blocks: 1
Psw per thread: 1
Max Psw per kernel: 1024
Dictionary: wordlist.txt
Strict Check (-s): No
MAC Comparison (-m): No

CUDA Kernel execution:
	Stream 0
	Effective number psw: 12
	Passwords Range:
		abcdefshhf
		.....
		blablalbalbalbla12
	Time: 28.651947 sec
	Passwords x second:     0.42 pw/sec

================================================
....
Password found: paperino
================================================

Currently BitCracker is able to process input passwords with a length between 8 and 55 characters.

Recovery Password Attack

During the encryption of a storage device, (regardless the authentication method) BitLocker asks the user to store somewhere a Recovery Password that can be used to restore the access to the encrypted storage device in the event that she/he can't unlock the drive normally. Thus the Recovery Password is a kind of passe-partout for all the authentication methods and it consists of a 48-digit key like this:

236808-089419-192665-495704-618299-073414-538373-542366

See Microsoft docs for further details.

As for the user password, BitCracker is able to perform a dictionary attack to find the correct Recovery Password generated by BitLocker to encrypt the storage device. Please note that currently we are able to attack the Recovery Password only if the storage device hasn't been encrypted with the TPM.

To start the attack you need:

the hash_recv_pass.txt file
a wordlist of possibile recovery passwords

Generate and store all the possibile passwords it's an hard problem. For this reason, we created a Recovery Password generator named bitcracker_rpgen. With this tool you can create a bunch of Recovery Passwords wordlists you can use for your attacks. As an example:

./build/bitcracker_rpgen -n 300 -p 10000000 -s 000000-000011-000022-000033-000044-000055-008459-015180

This generates:

-n : number of wordlists
-p : number of Recovery Passwords per wordlist
-s : generate Recovery Passwords starting from this one

You can use the default configuration running without options:

./build/bitcracker_rpgen

************* BitCracker Recovery Password wordlists generator *************

Running with this configuration:
### Create 100 wordlists
### Recovery Passwords per wordlist=5000000
### Allow duplicates=No
### Generate starting from=000000-000011-000022-000033-000044-000055-000066-000077

Creating wordlist "bitcracker_wlrp_0.txt" with 5000000 passwords
First password=000000-000011-000022-000033-000044-000055-000066-000077
Last password= 000000-000011-000022-000033-000044-000055-000902-217822
...

Note that the -s option can be used to restart the generation from your last generated Recovery Password (instead of restarting everytime from the initial one). The -d option enables the possibility to have duplicates in the same Recovery Password. For example: 000000-000011-000055-000055-000044-000055-000902-217822

For all the available options, type ./build/bitcracker_rpgen -h.

NOTE: Please note that the amount of possible Recovery Passwords is huge:
recovery password = 65536 x 65536 x 65536 x 65536 x 65536 x 65536 x 65536 x 65536
According to our research, the password distribution is uniform and there is no way to find "more probable" numbers. So far, we didn't find a rule to reduce the amount of possible candidates. This means that the Recovery Password attack could take forever (the User Passwod attack is always the preferred one). Soon we'll modify the bitcracker_rpgen tool to generate Recovery Password in a casual way rather than in ordered sequence.

A command line example:

./build/bitcracker_cuda -f hash_recv_pass.txt -d bitcracker_wlrp_0.txt -t 1 -b 1 -g 0 -r

Where options are the same as in case of User Password but instead of -u you need to specify -r. An output example:

====================================
Selected device: GPU Tesla K80 (ID: 0)
====================================

...
Reading hash file "hash_recv_pass.txt"
$bitlocker$2$16$432dd19f37dd413a88552225628c8ae5$1048576$12$a0da3fc75f6cd30106000000$60$3e57c68216ef3d2b8139fdb0ec74254bdf453e688401e89b41cae7c250739a8b36edd4fe86a597b5823cf3e0f41c98f623b528960a4bee00c42131ef


====================================
Attack
====================================

Type of attack: Recovery Password
CUDA Threads: 1024
CUDA Blocks: 1
Psw per thread: 8
Max Psw per kernel: 8192
Dictionary: wordlist.txt
Strict Check (-s): No
MAC Comparison (-m): No

CUDA Kernel execution:
	Effective passwords: 6014
	Passwords Range:
		390775-218680-136708-700645-433191-416240-153241-612216
		.....
		090134-625383-540826-613283-563497-710369-160182-661364
	Time: 193.358937 sec
	Passwords x second:    31.10 pw/sec


================================================
CUDA attack completed
Passwords evaluated: 6014
Password found: 111683-110022-683298-209352-468105-648483-571252-334455
================================================

False Positives

By default, BitCracker does a fast attack (for both User and Recovery password modes) which may return some false positive. In this case you can re-run your attack with the -m option which enables the MAC verification (slower solution).

Examples

To test BitCracker on your system before starting the real attack, we provided several images of encrypted storage devices.

imgWin7: BitLocker on Windows 7 Enteprise edition OS
imgWin8: BitLocker on Windows 8 Enteprise edition OS
imgWin10Compat.vhd: BitLocker (compatible mode) on Windows 10 Pro edition OS
imgWin10NotCompat.vhd: BitLocker (not compatible mode) on Windows 10 Pro edition OS
imgWin10NotCompatLongPsw.vhd : BitLocker (not compatible mode) on Windows 10 Pro edition OS with a longer user password

You can attack those images with both User and Recovery password modes, using the wordlists stored in the Dictionary folder.

Performance

Here we report the best BitCracker performances in case of fast attack (default) to the User Password (-u option).

GPU Acronim	GPU	Arch	CC	# SM	Clock	CUDA
GFT	GeForce Titan	Kepler	3.5	14	835	7.0
GTK80	Tesla K80	Kepler	3.5	13	875	7.5
GFTX	GeForce Titan X	Maxwell	5.2	24	1001	7.5
GTP100	Tesla P100	Pascal	6.1	56	1328	8.0
GTV100	Tesla V100	Volta	7.0	80	1290	9.0
AMDM	Radeon Malta	-	-	-	-	-

Performance:

Version	GPU	-t	-b	Passwords x kernel	Passwords/sec	Hash/sec
CUDA	GFT	8	13	106.496	303	635 MH/s
CUDA	GTK80	8	14	114.688	370	775 MH/s
CUDA	GFTX	8	24	106.608	933	1.957 MH/s
CUDA	GTP100	1	56	57.344	1.418	2.973 MH/s
CUDA	GTV100	1	80	81.920	3.252	6.820 MH/s
OpenCL	AMDM	32	64	524.288	241	505 MH/s
OpenCL	GFTX	8	24	196.608	884	1.853 MH/s

N.B. Each password requires about 2.097.152 SHA-256

John The Ripper

We released BitCracker as the OpenCL-BitLocker format in John The Ripper (--format=bitlocker-opencl). The hash files generated by bitcracker_hash (see How To section) are fully compatible with the John format.
On the GTV100 password rate is about 3150p/s. JtR team developed the CPU version of this attack (--format=bitlocker); on a CPU Intel(R) Xeon(R) v4 2.20GHz, password rate is about 78p/s.

Hashcat

This is a work in progress...

Changelog

Nov 2021: Code updated to run on NVIDIA GPU Ampere using CUDA 11.x

What's next

Provide a multi-GPU implementation
Provide a Qt interface

References, credits and contacts

Plase share and test our project: we need your feedback!

Special thanks to the John The Ripper team, Dislocker and LibBDE projects.

This is a research project in collaboration with the National Research Council of Italy released under GPLv2 license.
Copyright (C) 2013-2021 Elena Ago (elena dot ago at gmail dot com) and Massimo Bernaschi (massimo dot bernaschi at gmail dot com)
We will provide some additional info about BitCracker's attack in a future paper.

Although we use the GPLv2 licence, we are open to collaborations. For any additional info, collaborations or bug report please contact us or open an issue

bitcracker's People

Contributors

Stargazers

Watchers

Forkers

cys3c moriarty2016 minkione antichown securitywarrior techlord-rce y0d4a goofwear expertasif kaicastledine defcon201 angeloobeta kcsec dp4ng woozoo86 tuyendothanh maskup ykankaya tututu-patch crackercat peges seabreg stevenliuit quanvy turbofiesta jdiazmx leon-avalos meesong lovebair2022 killvxk mkll 5up3rc keyman9848 ivanwork bestprojects salmanumar007 slooppe w7yuu jangelesg sistemmsn tobey123 azmmat raimundojimenez yaba netredo chubbymaggie axltfytx thx0701 0patch n4rr34n6 jesusninoc orf53975 torrycrass jock312452 hashbrown1013 pdeforge l9sk johndoex1 qiygan peheaven modulexcite jamiejackherer noclu2 anarquias mkm02h jkx0101 code1107 akingseu joker594302831 shnja zzkiy marciopocebon m00zh33 gavz superdong0 3th1c0n3 luwangg pandapentest wqsemc gammatrue rostin pbutler6163 csetanmayjain 5l1v3r1 c0axx hackyjack805 mmillerxyz anthonymark33 barney5127 cemilakkoc coinlegit clayne ramikan dev0p0 toycitizen gh0st0ne heldermagalhaes marbelvega arman1388 pu55yf3r

bitcracker's Issues

Cuda error in file 'cuda_attack.cu' in line 168 : invalid texture reference.

Hi there,
When I run the run_tests.sh I consistently get the error: Cuda error in file 'cuda_attack.cu' in line 168 : invalid texture reference. The same goes for when I try to use bitcracker_cuda. My system is listed below. I noticed a discrepancy in the version of CUDA and CUDA compiler, and I am not sure whether it supports CUDA 11. What should be my next step?

Computer
Processor: Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
Memory: 65464MB (11085MB used)
Operating System: Ubuntu 20.04.1 LTS
OpenGL Renderer GeForce GTX 1650 with Max-Q Design/PCIe/SSE2

OS:
Kernel: Linux 5.4.0-52-generic (x86_64)
Version: #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020
C Library: GNU C Library / (Ubuntu GLIBC 2.31-0ubuntu9.1) 2.31
Distribution: Ubuntu 20.04.1 LTS

And as far as CUDA goes..:
nvcc: NVIDIA (R) Cuda compiler driver
Copyright (c) 2005-2019 NVIDIA Corporation
Built on Sun_Jul_28_19:07:16_PDT_2019
Cuda compilation tools, release 10.1, V10.1.243

If I use nvidia-smi I get:
NVIDIA-SMI 450.80.02 Driver Version: 450.80.02 CUDA Version: 11.0

Thanks in advance!

run_test failure

Hi there
I just can't make it work! run_test.sh gives me following result:

CUDA attack completed
Passwords evaluated: 6014
Password not found!

my setup seems clean but it's bit newer than discussed here:

root@kali:/media/root/Sauvegarde/tmp/bitcracker# cat /etc/os-release
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2019.4"
VERSION_ID="2019.4"
VERSION_CODENAME="kali-rolling"
oot@kali:/media/root/Sauvegarde/tmp/bitcracker# nvidia-smi
Fri Oct 11 19:24:06 2019
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 430.50 Driver Version: 430.50 CUDA Version: 10.1 |
|-------------------------------+----------------------+----------------------+
| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC |
| Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. |
|===============================+======================+======================|
| 0 GeForce GT 1030 Off | 00000000:02:00.0 On | N/A |
| 0% 42C P8 N/A / 30W | 227MiB / 2000MiB | 0% Default |
+-------------------------------+----------------------+----------------------+

+-----------------------------------------------------------------------------+
| Processes: GPU Memory |
| GPU PID Type Process name Usage |
|=============================================================================|
| 0 736 G /usr/lib/xorg/Xorg 16MiB |
| 0 1309 G /usr/lib/xorg/Xorg 89MiB |
| 0 1514 G /usr/bin/gnome-shell 97MiB |
| 0 2389 G /usr/lib/firefox-esr/firefox-esr 1MiB |
| 0 2906 G /usr/lib/firefox-esr/firefox-esr 1MiB |
| 0 3716 G /usr/lib/firefox-esr/firefox-esr 1MiB |
+-----------------------------------------------------------------------------+

I've modifyed the Makefile in different ways ending with:

-arch=sm_50 \
-gencode=arch=compute_50,code=sm_50 \
-gencode=arch=compute_52,code=sm_52 \
-gencode=arch=compute_60,code=sm_60 \
-gencode=arch=compute_61,code=sm_61 \
-gencode=arch=compute_70,code=sm_70 \
-gencode=arch=compute_75,code=sm_75
-gencode=arch=compute_75,code=compute_75

Any help appreciated!

Cuda error in file 'main.cu' in line 66 : unknown error.

Hi,

I successfully compiled bitcracker_cuda using the instructions in the readme, yet when I try to run bitcracker_cuda, I always get the same error: Cuda error in file 'main.cu' in line 66 : unknown error. This is referring to the file ./src_CUDA/main.cu

Please let me know if I can provide any additional information to troubleshoot this error. If anyone else has run into this problem and solved it, what did you do to solve it?

Question

This looks like an awesome project but I am confused on the process. What is an encrypted memory unit and exactly how do I get it. Assume I am looking at a PC right now what software/commands will I use to collect it?

The next step would be to run bitcracker_hash against it and then finally bitcracker_cuda?

error in creating hash txt files

hi there, when the test has was done, it did not create the hash txt files for attacks

---------> BitCracker Hash Extractor <---------
Encrypted device ./imageEncrypted.img opened, size 249999.00 MB

************ Signature #1 found at 0x3 ************
Version: 8 
Invalid version, looking for a signature with valid version...

************ Signature #2 found at 0x3f00000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x3f00109
VMK encrypted with Startup Key...not supported! (0x3f0012a)

=====> VMK entry found at 0x3f001d9
Encrypted with Recovery Password (0x3f001fa)
Searching for AES-CCM (0x3f00216)...
        Offset 0x3f002a9.... found! :)
======== RP VMK #0 ========
RP Salt: b86e8e07abc539fd30a242174542221a
RP Nonce: 50dfd4c09bd1d5010f000000
RP MAC: 3e548eb70d26327d5eaf2f10fa66cae0
RP VMK: b00cf6c7ad8e4625c5fc0fa6b549abd8f2d9984834fd61fec225ecc42ace6e503b34d4f59bf99b27a47fdaf1

************ Signature #3 found at 0x43f00000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x43f00109
VMK encrypted with Startup Key...not supported! (0x43f0012a)

=====> VMK entry found at 0x43f001d9
Encrypted with Recovery Password (0x43f001fa)
Searching for AES-CCM (0x43f00216)...
        Offset 0x43f002a9.... found! :)

This VMK has been already stored...quitting to avoid infinite loop!
Error creating ./test_hash/hash_recv_pass.txt : No such file or directory

Error while parsing input device image

Hash Not Found

---------> BitCracker Hash Extractor <---------
Encrypted device /home/administrator/Desktop/bitlocker.img opened, size 37442.00 MB

************ Signature #1 found at 0x3 ************
Version: 8 
Invalid version, looking for a signature with valid version...

************ Signature #2 found at 0x7ab8000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x7ab8117
Encrypted with Recovery Password (0x7ab8138)
Searching for AES-CCM (0x7ab8154)...
        Offset 0x7ab81e7.... not found :( (0x0,0x8)
Searching for AES-CCM (0x7ab8168)...
        Offset 0x7ab81fb.... not found :( (0x21,0x80)

************ Signature #3 found at 0xc38c2000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xc38c2117
Encrypted with Recovery Password (0xc38c2138)
Searching for AES-CCM (0xc38c2154)...
        Offset 0xc38c21e7.... not found :( (0x0,0x8)
Searching for AES-CCM (0xc38c2168)...
        Offset 0xc38c21fb.... not found :( (0x21,0x80)

************ Signature #4 found at 0xc38d7000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xc38d7117
Encrypted with Recovery Password (0xc38d7138)
Searching for AES-CCM (0xc38d7154)...
        Offset 0xc38d71e7.... not found :( (0x0,0x8)
Searching for AES-CCM (0xc38d7168)...
        Offset 0xc38d71fb.... not found :( (0x21,0x80)
Error while extracting data: No signature found!

Error while parsing input device image

Trying to decrypt a Windows 7 Bitlocker encrypted drive and while trying to get the hash from the image file it returns the errors above and cannot find anything

build error

i build this project error：
i install xcode and cuda and modify src_cuda makefile is

StevendeiMac:bitcracker stevenbiu$ ./build.sh
====== Build BitCracker Hash Extractor ====== rm -rf *.o
rm -rf ../build/bitcracker_hash
gcc bitcracker_hash.c -o bitcracker_hash
run_tests.sh src_CUDA
run_tests.sh src_CUDA
====== Build BitCracker Recovery Password generator ====== rm -rf *.o
rm -rf ../build/bitcracker_rpgen
gcc bitcracker_rpgen.c -o bitcracker_rpgen
====== Build BitCracker CUDA version ======
rm -rf *.o
rm -rf ../build/bitcracker_cuda
nvcc -gencode arch=compute_70,code=sm_70 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu make: nvcc: No such file or directory
make: *** [bitcracker_cuda] Error 1
====== Build BitCracker OpenCL version ======
rm -rf *.o
rm -rf bitcracker_opencl
gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/usr/local/cuda/include -L/usr/local/cuda/lib64 -cl-std=CL1.2 -O3 -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c -lOpenCL
In file included from main.c:22:
In file included from ./bitcracker.h:22:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:69:
In file included from /usr/include/Availability.h:206: /usr/include/AvailabilityInternal.h:33241:59: error: variadic macros not supported in OpenCL
#define __API_AVAILABLE_GET_MACRO(_1,_2,_3,_4,_5,NAME,...) NAME ^
/usr/include/AvailabilityInternal.h:33272:67: error: variadic macros not supported in OpenCL #define __API_DEPRECATED_MSG_GET_MACRO(_1,_2,_3,_4,_5,_6,NAME,...) NAME
^
/usr/include/AvailabilityInternal.h:33285:67: error: variadic macros not supported in OpenCL
#define __API_DEPRECATED_REP_GET_MACRO(_1,_2,_3,_4,_5,_6,NAME,...) NAME ^
/usr/include/AvailabilityInternal.h:33307:58: error: variadic macros not supported in OpenCL #define __API_UNAVAILABLE_GET_MACRO(_1,_2,_3,_4,NAME,...) NAME
^
/usr/include/AvailabilityInternal.h:33348:47: error: variadic macros not supported in OpenCL
#define __swift_compiler_version_at_least(...) 1 ^
In file included from main.c:22:
In file included from ./bitcracker.h:22:
In file included from /usr/include/stdio.h:64:
In file included from /usr/include/_stdio.h:69:
/usr/include/Availability.h:415:29: error: variadic macros not supported in OpenCL
#define __API_AVAILABLE(...) __API_AVAILABLE_GET_MACRO(VA_ARGS,__API_AVAILABLE5, __API_AVAILABLE4, __API_AVAILABLE3, __API_AVAILABLE2, __API_AVAILAB...

Compile failed ubuntu 16.04

I'm unable to compile the tool using the default ubuntu install even with the packages installed.

 ====== Build BitCracker CUDA version ======
rm -rf *.o
rm -rf ../build/bitcracker_cuda
nvcc -gencode arch=compute_35,code=sm_35 -gencode arch=compute_52,code=sm_52 -gencode arch=compute_60,code=sm_60 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu
nvcc fatal   : Unsupported gpu architecture 'compute_60'
Makefile:2: recipe for target 'bitcracker_cuda' failed
make: *** [bitcracker_cuda] Error 1

====== Build BitCracker OpenCL version ======
rm -rf *.o
rm -rf bitcracker_opencl
gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/usr/local/cuda/include -L/usr/local/cuda/lib64 -cl-std=CL1.2 -O3 -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c -lOpenCL
gcc: error: unrecognized command line option ‘-cl-std=CL1.2’
Makefile:9: recipe for target 'all' failed
make: *** [all] Error 1

[Makefile:2: bitcracker_cuda] Error 127

I cannot build a bitcracker_cuda file because of error 127. I installed the cuda toolkit and nothing has changed. I'm running this in kali on windows 10 and i've just hit this wall. Probably won't even get a response because this is seemingly abandoned but if anyone would answer I would appreciate it.
====== Build BitCracker CUDA version ======
rm -rf *.o
rm -rf ../build/bitcracker_cudacuda
nvcc -gencode arch=compute_35,code=sm_35 -gencode arch=compute_52,code=sm_52 -gencode arch=compute_60,code=sm_60 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu
make: nvcc: No such file or directory
make: *** [Makefile:2: bitcracker_cuda] Error 127

Unknown error.

Hello somebody had this error?

I build without errors and I got bitcracker_hash without problems.
I have a nvidia 1660ti laptop. tryed arch 75 and 80.

Crack hash_recv_pass.txt

Hello guys,

I have Bitlocker encrypted harddrives. Have alredy extracted Recovery key Hash. But i have a little problem. I dont have enough space to make "bitcracker_wlrp_*.txt" files. Also dont have GPU passed for CUDA attack.

I want to ask, is it possible to find Recover key, if i send to you hash_recv_pass.txt?

Thank you in Advance.
Your sincerely Sabier-028

Error while parsing input device image

Hello Experts,
I have tried get the Hash from Encrypted image. but everytime when i execute the bitcracker , endup with "Error while parsing input device image"

Device encrypted : win 10 pro
this image created by the FTK Manager.

+-----------------------------------------------------------------------------+
| Processes: |
| GPU GI CI PID Type Process name GPU Memory |
| ID ID Usage |
|=============================================================================|
| 0 N/A N/A 1265 G /usr/lib/xorg/Xorg 2MiB |
`

`---------> BitCracker Hash Extractor <---------
Encrypted device /media/test/FullImage/backup.dd opened, size 488386.00 MB

************ Signature #1 found at 0x1ef2ecc ************
Version: 12
Invalid version, looking for a signature with valid version...

************ Signature #2 found at 0x1f598e6 ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #3 found at 0x1ff13d8 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #4 found at 0x1ff1528 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #5 found at 0x20315f8 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #6 found at 0x2031750 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #7 found at 0x205aef8 ************
Version: 12
Invalid version, looking for a signature with valid version...

************ Signature #8 found at 0x20d7e3e ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #9 found at 0x21a65f8 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #10 found at 0x21a6750 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #11 found at 0x21cfef8 ************
Version: 12
Invalid version, looking for a signature with valid version...

************ Signature #12 found at 0x224ce3e ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #13 found at 0x2375ec4 ************
Version: 12
Invalid version, looking for a signature with valid version...

************ Signature #14 found at 0x23dc886 ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #15 found at 0x24743e0 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #16 found at 0x2474518 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #17 found at 0x2687968 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #18 found at 0x2687aa0 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #19 found at 0x26afd30 ************
Version: 12
Invalid version, looking for a signature with valid version...

************ Signature #20 found at 0x272a8be ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #21 found at 0x28028ae ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #22 found at 0x28dd958 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #23 found at 0x28ddab0 ************
Version: 0
Invalid version, looking for a signature with valid version...

************ Signature #24 found at 0x2905d10 ************
Version: 12
Invalid version, looking for a signature with valid version...

************ Signature #25 found at 0x298079e ************
Version: 79
Invalid version, looking for a signature with valid version...

************ Signature #26 found at 0x27400003 ************
Version: 8
Invalid version, looking for a signature with valid version...

************ Signature #27 found at 0x7df70000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x7df70445
Encrypted with Recovery Password (0x7df70466)
Searching for AES-CCM (0x7df70482)...
Offset 0x7df70515.... not found :( (0x79,0x4c)
Searching for AES-CCM (0x7df70496)...
Offset 0x7df70529.... not found :( (0x54,0x50)

************ Signature #28 found at 0x7df80000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x7df80445
Encrypted with Recovery Password (0x7df80466)
Searching for AES-CCM (0x7df80482)...
Offset 0x7df80515.... not found :( (0x79,0x4c)
Searching for AES-CCM (0x7df80496)...
Offset 0x7df80529.... not found :( (0x54,0x50)

************ Signature #29 found at 0x11036e000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x11036e445
Encrypted with Recovery Password (0x11036e466)
Searching for AES-CCM (0x11036e482)...
Offset 0x11036e515.... not found :( (0x79,0x4c)
Searching for AES-CCM (0x11036e496)...
Offset 0x11036e529.... not found :( (0x54,0x50)
Error while extracting data: No signature found!

Error while parsing input device image
`
Am i missing anything ? any help would be appreciated.

What is your performances ?

Hello community !

I want to know what's your best performance with this program.
By my side I have reached 49.62 pw/sec foreach GPU.

I have try your project with debian 11, Cuda 11.5 and two Nvidia Ampere GPU.
I run bitcracker_cuda twice for use my both GPU.
I try two password by Thread but it's not faster.
I am in recovery mode.

If you have any recomandation for increase my perfs, please tell me !

no kernel image available

Hoping you can help. I was able to compile the code, I am using CUDA not OpenCL because WSL doesn't support OpenCL, but when I run bitcracker_cuda I get the message: "Cuda error in file 'cuda_attack.cu' in line 249 err 209 : no kernel image is available for execution on the device". I am running Ubuntu 18.04 in WSL2 and version 10.2 of the Cuda toolkit. Attaching output, let me know if you need anything else. Thank you!

error.txt
versions.txt

lost bit locker password & also lost recovry key...

Installation errors

I get 2 errors when trying to install
====== Build BitCracker Hash Extractor ======
rm -rf *.o
rm -rf ../build/bitcracker_hash
gcc bitcracker_hash.c -o bitcracker_hash

====== Build BitCracker Recovery Password generator ======
rm -rf *.o
rm -rf ../build/bitcracker_rpgen
gcc bitcracker_rpgen.c -o bitcracker_rpgen

====== Build BitCracker CUDA version ======
rm -rf *.o
rm -rf ../build/bitcracker_cuda
nvcc -gencode arch=compute_60,code=sm_60 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu
make: nvcc: Command not found
make: *** [Makefile:2: bitcracker_cuda] Error 127

====== Build BitCracker OpenCL version ======
rm -rf *.o
rm -rf bitcracker_opencl
gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/usr/local/cuda/include -L/usr/local/cuda/lib64 -cl-std=CL1.2 -O3 -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c -lOpenCL
gcc: error: unrecognized command line option ‘-cl-std=CL1.2’
make: *** [Makefile:9: all] Error 1

====== Executables in build directory ======

Bitcracker OpenCL Loads of errors on build

I have spend the last 8 days trying to build Bitcracker OpenCL, used different platforms with all the same results...

First, I am not a coder...

The first errors where in the Utils.c file, compared it with the Utils.c from src_Cuda and filled up the missing lines. So it now jumps to Main.c and gives coding errors, compared to Cuda Main, but unclear to me what it means...

====== Build BitCracker OpenCL version ======
rm -rf .o
rm -rf bitcracker_opencl
gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/opt/intel/oneapi/lib/include -L/opt/intel/oneapi/lib/intel64 -lOpenCL -O3 -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c -lOpenCL
In file included from /usr/include/CL/cl.h:20,
from bitcracker.h:37,
from main.c:22:
/usr/include/CL/cl_version.h:22:9: note: ‘#pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)’
22 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)")
| ^~~~~~~
main.c: In function ‘checkDeviceStatistics’:
main.c:101:23: warning: comparison of integer expressions of different signedness: ‘int’ and ‘cl_uint’ {aka ‘unsigned int’} [-Wsign-compare]
101 | for (i = 0; i < platformCount; i++)
| ^
main.c:110:31: warning: comparison of integer expressions of different signedness: ‘int’ and ‘cl_uint’ {aka ‘unsigned int’} [-Wsign-compare]
110 | for (j = 0; j < deviceCount; j++)
| ^
main.c: In function ‘createClCtx’:
main.c:261:9: warning: ‘clCreateCommandQueue’ is deprecated [-Wdeprecated-declarations]
261 | cqCommandQueue = clCreateCommandQueue(cxGPUContext, cdDevices[gpu_id], 0, &clErr);
| ^~~~~~~~~~~~~~
In file included from bitcracker.h:37,
from main.c:22:
/usr/include/CL/cl.h:1906:1: note: declared here
1906 | clCreateCommandQueue(cl_context context,
| ^~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/CL/cl.h:20,
from bitcracker.h:37,
from opencl_attack.c:22:
/usr/include/CL/cl_version.h:22:9: note: ‘#pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)’
22 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)")
| ^~~~~~~
opencl_attack.c: In function ‘opencl_attack’:
opencl_attack.c:278:18: warning: ‘d_macIV’ may be used uninitialized in this function [-Wmaybe-uninitialized]
278 | ciErr1 = clEnqueueWriteBuffer(cqCommandQueue, d_macIV, CL_TRUE, 0, IV_SIZEsizeof(char), macIV, 0, NULL, NULL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
opencl_attack.c:281:18: warning: ‘d_computeMacIV’ may be used uninitialized in this function [-Wmaybe-uninitialized]
281 | ciErr1 = clEnqueueWriteBuffer(cqCommandQueue, d_computeMacIV, CL_TRUE, 0, IV_SIZE*sizeof(char), computeMacIV, 0, NULL, NULL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/CL/cl.h:20,
from bitcracker.h:37,
from utils.c:22:
/usr/include/CL/cl_version.h:22:9: note: ‘#pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)’
22 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)")
| ^~~~~~~
utils.c: In function ‘parse_data’:
utils.c:208:17: warning: ‘fphash’ may be used uninitialized in this function [-Wmaybe-uninitialized]
208 | fclose(fphash);
| ^~~~~~~~~~~~~~
In file included from /usr/include/CL/cl.h:20,
from bitcracker.h:37,
from w_blocks.c:22:
/usr/include/CL/cl_version.h:22:9: note: ‘#pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)’
22 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 300 (OpenCL 3.0)")
| ^~~~~~~
w_blocks.c: In function ‘w_block_precomputed’:
w_blocks.c:160:28: warning: ‘ckKernelWBlocks’ may be used uninitialized in this function [-Wmaybe-uninitialized]
160 | if(ckKernelWBlocks)clReleaseKernel(ckKernelWBlocks);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
w_blocks.c:161:18: warning: ‘cpProgram’ may be used uninitialized in this function [-Wmaybe-uninitialized]
161 | if(cpProgram)clReleaseProgram(cpProgram);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/bin/ld: warning: libsvml.so, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libOpenCL.so, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libirng.so, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libOpenCL.so, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libimf.so, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libOpenCL.so, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libintlc.so.5, needed by /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libOpenCL.so, not found (try using -rpath or -rpath-link)
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/11/../../../x86_64-linux-gnu/libOpenCL.so: undefined reference to `_intel_fast_memset'
collect2: error: ld returned 1 exit status
make: *** [Makefile:9: all] Error 1

Not an issue-sorta...

Bitlocker recovery keys are not random strings. Each of the first 7 groups of 6 characters must be divisible by 11, making the field of possible solutions far smaller than random. In addition, the last group of 6 is a computed checksum of the others-again, not random.

Does your tool narrow the solution field, and thus solution time, by taking this into account?

If you check here: https://wikileaks.org/hbgary-emails//fileid/45244/13483 (a PDF) you will see that M$ documentation is in error.

Implementing BitLocker Drive Encryption for Forensic Analysis
Jesse D. Kornblum, ManTech International Corporation
[email protected]

excerpt:

#5.4 Recovery Password
When BitLocker is installed on a system volume the system encourages the user to create a recovery password. The user can also create a recovery password from the BitLocker Control Panel at any time. The recovery password can either be written directly to a text file or displayed on the screen. The “password” is actually a 48 digit number, eight groups of six digits, with three properties for checksumming described in [6, 7]. These properties are:

Each group of six digits must be divisible by eleven. This check can be used to identify groups mistyped by the user.
Each group of six digits must be less than 720,896, or 216 ∗ 11. Each group contains 16 bits of key information. The eight groups, therefore, hold 16 ∗ 8 or 128 bits of key.
The sixth digit in each group is a checksum digit. If the digits in each group are represented as x1, x2, x3, x4, x5, and x6, then x6 must equal (x1−x2+x3−x4+x5) mod 11. Note that the Microsoft documentation for the check digit calculation is incorrect. In [7] Microsoft claimed that x6 must equal (−x1 +x2 −x3 +x4 −x5) mod 11.

The error may be attributable to the fact that many programming languages do not compute the modulus operator correctly. In C, for example, -5 % 11 yields -5, and not the correct result, 6. A method to compute the check digit correctly in C is: check digit = (11 - (-x1 + x2 - x3 + x4 - x5)) % 11;.

The author believes that whomever wrote the documentation for Microsoft may have relied on the source code. If that source code resembles the version of the checksum above, it would account for the discrepancy in [7].

Wouldn't only supplying the possible characters lower the solution time? Or is the overhead of making each entry valid more than just hitting it with random characters?

Hash Extractor frozen

I'm using Linux Mint Cinnamon 19.2, trying to recover a 500GB drive that was bitlocked in Windows 7. When I run Hash extractor on the image, I get this where it stops:

--------> BitCracker Hash Extractor <---------
Encrypted device ./imageEncrypted.img opened, size 476937.00 MB

************ Signature #1 found at 0x3 ************
Version: 8
Invalid version, looking for a signature with valid version...

************ Signature #2 found at 0xc7bc0000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xc7bc00c9
Encrypted with Recovery Password (0xc7bc00ea)
Searching for AES-CCM (0xc7bc0106)...
Offset 0xc7bc0199.... not found :( (0x0,0x14)
Searching for AES-CCM (0xc7bc011a)...
Offset 0xc7bc01ad.... not found :( (0x0,0x50)

************ Signature #3 found at 0xc7bd0000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xc7bd00c9
Encrypted with Recovery Password (0xc7bd00ea)
Searching for AES-CCM (0xc7bd0106)...
Offset 0xc7bd0199.... not found :( (0x0,0x14)
Searching for AES-CCM (0xc7bd011a)...
Offset 0xc7bd01ad.... not found :( (0x0,0x50)

************ Signature #4 found at 0xc7be0000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xc7be00c9
Encrypted with Recovery Password (0xc7be00ea)
Searching for AES-CCM (0xc7be0106)...
Offset 0xc7be0199.... not found :( (0x0,0x14)
Searching for AES-CCM (0xc7be011a)...
Offset 0xc7be01ad.... not found :( (0x0,0x50)

It has sat there for several hours as I work on other projects (on another computer) and it never progresses. Any help, suggestions, would be appreciated.

crack other PCs

how to crack driver/ partitions of other PCs over ethernet cable?

BitLocker: need a key but I never installed it

Hi all,

I've a problem with bitlocker, that is this one:

https://www.dell.com/community/Windows-10/BitLocker-need-a-key-but-I-never-installed-it/td-p/6019486

I tried any of the suggested tips but none of them worked for me.
This is a laptop from a friend of mine and the problem raised up after a DELL update that included an update of the BIOS, that generated the problem.

We triend to reflash the BIOS and check what suggested here:

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan

No way to bypass or retrieve the recovery key.

So I gave a go to bitcracker through Bitlocker2John and I was able to find out an hash:

Signature found at 0x76dfd1db1c
Version: 0
Invalid version, looking for a signature with valid version...
Hash type: Recovery Password fast attack
$bitlocker$2$16$4b21696d29d29e7cb1507f378c8a9470$1048576$12$20989b195717d7018b000000$60$ce0f388d0f292ffe297e453672161c772c87f0eddd73e346494a450a357ecd7f304e4876a7fd2b74bd0565df620680d5403aacbb20768c7070712718
Hash type: Recovery Password with MAC verification (slower solution, no false positives)
$bitlocker$3$16$4b21696d29d29e7cb1507f378c8a9470$1048576$12$20989b195717d7018b000000$60$ce0f388d0f292ffe297e453672161c772c87f0eddd73e346494a450a357ecd7f304e4876a7fd2b74bd0565df620680d5403aacbb20768c7070712718

the second step now is to run the attack like:

john.exe --format=bitlocker-opencl --mask=?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d hash_to_crack.txt

the problem is that they key space is 1.0E48 so I don't think that is doable in a resonable time.

I was wondering if you can suggest me some tip or there is another way to access this hard drive.

A recovery data company asked to my friend 1000€ for the work so I'm wondering what kind of attack they gonna run too

Thanks for any reply or support

utils.c does not build

in src_OpenCL/utils.c at the end of line 186 a } has been put in that does not belong there and causes the build to fail

(*mac)[j] |= p[i+1] <= '9' ? p[i+1] - '0' : toupper(p[i+1]) - 'A' + 10; }

build.sh: make: not found

Helllo
I've tried to use build.sh to build bitcracker but it ends up with errors and empty builds directory:

sudo sh build.sh
[sudo] password for *****: 

====== Build BitCracker Hash Extractor ======
build.sh: 6: build.sh: make: not found

====== Build BitCracker Recovery Password generator ======
build.sh: 11: build.sh: make: not found

====== Build BitCracker CUDA version ======
build.sh: 16: build.sh: make: not found

====== Build BitCracker OpenCL version ======
build.sh: 21: build.sh: make: not found

====== Executables in build directory ======

whats wrong?
I'm using xubuntu 18,0,4 LTS
Thanks.

Is TPM Recovery password not supported

I've been trying to get recovery password hashes to unlock a disk protected with TPM + Recovery password, after multiple runs, it appears the tool cannot find the hash in my image. I remember seeing one of the issue you mentioned TPM will cause the offset to be a bit random to find these hashes. I am wondering is there a way to manually extract the hashes if the tool failed to extract the hash?

Thank you

Error on cuda_attack.cu on line 210 (ubuntu) and line 66 (fedora)

Hi!
I am using ubuntu 15 with GCC 4.9 and cuda 7.5. Card is GeForce GTX 780. And constantly I get same error when running run_test.sh. When I was using fedora then it was on cuda_attack.cu line 66 and with ubuntu on line 210. What can I try to fix it?

Invalid version issue

I run the coe below and get an invalid version. Any help please?

./build/bitcracker_hash -i enc.img -o /output/

---------> BitCracker Hash Extractor <---------
Encrypted device enc.img opened, size 731MB

Signature found at 0x17eab10
Version: 204
Invalid version, looking for a signature with valid version...
Error while extracting data: No signature found!

Error while parsing input device image

Support for WinMagic SecureDoc?

This is probably an awful place to ask or propose this topic, but here goes (I suppose it could be considered a "request for enhancement"):
I'm curious to know if there is any work being done in bitcracker or any other tool for cracking whole-disk encryption keys / passphrases?

VMK not encrypted with AES-CCM

Hello,

I am trying to find the hash for a disk volume I made, it says however,

`Signature found at 0x00000003
Version: 8
Invalid version, looking for a signature with valid version...

Signature found at 0x16dad000
Version: 1 (Windows Vista)

VMK entry found at 0x16dad177
VMK encrypted with Recovery Password found at 0x16dad198
Searching AES-CCM from 0x16dad198
Salt: 5b2eb594d822bcd2e20cf10a0e1da4c5
Error: VMK not encrypted with AES-CCM (0,8)
Searching AES-CCM from 0x16dad198
Salt: 05000100008b543179bccb0129000000
Error: VMK not encrypted with AES-CCM (74,ffffff90)
`

It has hung for the moment, I will wait for anything else to happen.

Is there any way to still retrieve the hash for the disk?

Extract image file

I use the command to extract all the images of the disk to generate the hash, or do I need to extract the part to generate the hash?

Failed to Load Kernel

I'm trying to run the OpenCl version because my computer can't run the CUDA one. Same issue #31
but when I try to run Bitcracker it gives me an error Failed to load kernel. after Dictionary attack

here is the complete log

---------> BitCracker: BitLocker password cracking tool <---------

# Platform: 0, # Devices: 1

====================================
Selected device: GeForce GTX 750 Ti (ID: 0) properties
====================================

OpenCL version supported: OpenCL 1.2 CUDA
Software version: 455.38
OpenCL C version: OpenCL C 1.2
Max Global Memory Size: 2096168960
Max Global Memory Alloc Size: 524042240
Max Const Memory Buffer Size: 65536
Device Address Bits: 64
Parallel compute units: 5
Max Workgroup Size: 1024
Vendor: NVIDIA Corporation
CC: 5.0
Registers per block: 65536
Warp Size: 32
Overlap Memory and Kernel: 1

For this session, BitCracker requires at least 268435456 bytes of memory

Setting context on Platform 0, Device 'GeForce GTX 750 Ti' (ID: 0)

====================================
Extracting data from disk image
====================================

Reading hash file "hash/hash_recv_pass.txt"
$bitlocker$2$16$da34bf70a76e40eda1c82e3e076f55de$1048576$12$c0bfe051f1abd60112010000$60$f53089d9e60bc4bd619a833031f113b44479348062ff0c2b7b5c30dbeef9ddbb1fca93e5ba3d7bf539c7f7269ce663bc764a798040eec0b794cf0163


====================================
Dictionary attack
====================================

Failed to load kernel.
Words error... exit!

I'm using Arch Linux, the CUDA and OpenCl are installed in /opt/cuda/; I fixed the Makefile and it compiles with no errors, but can't run 😔

run_tests.sh ... Password not found!

Now i try BitCracker on different system.

nvidia-smi

+-----------------------------------------------------------------------------+
| NVIDIA-SMI 390.48                 Driver Version: 390.48                    |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
|===============================+======================+======================|
|   0  GeForce GTX 970     Off  | 00000000:05:00.0  On |                  N/A |
| 41%   44C    P8    17W / 160W |    452MiB /  4041MiB |      0%      Default |
+-------------------------------+----------------------+----------------------+

nvcc --version

nvcc: NVIDIA (R) Cuda compiler driver
Copyright (c) 2005-2017 NVIDIA Corporation
Built on Fri_Nov__3_21:07:56_CDT_2017
Cuda compilation tools, release 9.1, V9.1.85

I changed Makefiles to:

Makefile file "src-CUDA"

bitcracker_cuda:
	nvcc -gencode arch=compute_52,code=sm_52 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu

clean:
	rm -rf *.o
	rm -rf ../build/bitcracker_cuda

Makefile file "src_OpenCL"

#!/bin/bash

FLAGS=-Wextra
NVIDIA_INCLUDE=-I/usr/local/cuda/include -L/usr/local/cuda/lib64
COMMON_INCLUDE=-I/usr/include -L/usr/lib64 -L/usr/lib
MAKE_INCLUDE=$(COMMON_INCLUDE) $(NVIDIA_INCLUDE) -cl-std=CL1.2 -O3

all:
	gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/usr/local/cuda-9.2/include -L/usr/local/cuda-9.2/lib64 -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c -lOpenCL
#	clang -framework OpenCL -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c


clean:
	rm -rf *.o
	rm -rf bitcracker_opencl

Then I build Bitcracker and run the tests.
./run_tests.sh
and I get message "Password not found" in all tests

====================================
Selected device: GPU GeForce GTX 970 (ID: 0)
====================================

Compute capability: 5.2
Clock rate: 1215500
Clock rate: 1216 MHz (1.22 GHz)
Memory Clock Rate (KHz): 3505000
Memory Bus Width (bits): 256
Peak Memory Bandwidth (GB/s): 224.320000
Device copy overlap: Enabled
Async memory engine count: 2
Concurrent kernels: 1
Kernel execition timeout: Enabled
Total global mem:  4238016512 bytes
Free memory: 3596484608 bytes
Texture Alignment:  512
Multiprocessor count:  13
Shared mem per mp:  49152
Registers per mp:  65536
Threads in warp:  32
Max threads per block:  1024
Max thread dimensions:  (1024, 1024, 64)
Max grid dimensions:  (2147483647, 65535, 65535)

For this session, BitCracker requires at least 268566528 bytes of memory

====================================
Retrieving Info
====================================

Reading hash file "./test_hash/imgWin8_user_password.txt"
$bitlocker$0$16$0a8b9d0655d3900e9f67280adc27b5d7$1048576$12$b0599ad6c6a1cf0103000000$60$c16658f54140b3d90be6de9e03b1fe90033a2c7df7127bcd16cb013cf778c12072142c484c9c291a496fc0ebd8c21c33b595a9c1587acfc6d8bb9663


====================================
Attack
====================================

Type of attack: User Password
CUDA Threads: 1024
CUDA Blocks: 1
Psw per thread: 1
Max Psw per kernel: 1024
Dictionary: ./Dictionary/user_passwords.txt
Strict Check (-s): No
MAC Comparison (-m): No

CUDA Kernel execution:
	Effective passwords: 16
	Passwords Range:
		abcdefshhf
		.....
		blablablablabla
	Time: 8.626421 sec
	Passwords x second:     1.85 pw/sec


================================================
CUDA attack completed
Passwords evaluated: 16
Password not found!
================================================

Question about false positives

Hi,

I am using bitcracker to crack the password of encrypted external HDDs. Surprisingly, for 4 volumes I found one false positive result for each in a one-week run (on a GTX1080). Removing the false positive words from the dictionary and resuming the attack leads to other false positive results.

Attacking the same volumes using the same dictionary with passware does not lead to false positive results.

I started out by using the bitcracker plugin in John Jumbo but also verified, that the same happens using the latest bitcracker version (cloned today).

Can you advise in this case? Is it expected to find many false positives? I wanted to start out by asking you before digging into the code by myself.

Thanks for your help!

trouble with building bitcracker openCL version

not sure what I'm doing wrong but I'm getting several errors and warnings.
The cuda, hash and rpgen seems to build without issue.

Thanks!

====== Build BitCracker OpenCL version ======
rm -rf *.o
rm -rf bitcracker_opencl
gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/usr/local/cuda/include -L/usr/local/cuda/lib64 -lOpenCL -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c
In file included from /usr/include/CL/cl.h:32,
                 from bitcracker.h:37,
                 from main.c:22:
/usr/include/CL/cl_version.h:34:9: note: #pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)
   34 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)")
      |         ^~~~~~~
main.c: In function ‘checkDeviceStatistics’:
main.c:101:16: warning: comparison of integer expressions of different signedness: ‘int’ and ‘cl_uint’ {aka ‘unsigned int’} [-Wsign-compare]
  101 |  for (i = 0; i < platformCount; i++)
      |                ^
main.c:110:17: warning: comparison of integer expressions of different signedness: ‘int’ and ‘cl_uint’ {aka ‘unsigned int’} [-Wsign-compare]
  110 |   for (j = 0; j < deviceCount; j++)
      |                 ^
main.c:149:39: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘cl_ulong’ {aka ‘long unsigned int’} [-Wformat=]
  149 |    printf("Max Global Memory Size: %lld\n", maxAllocSize);
      |                                    ~~~^     ~~~~~~~~~~~~
      |                                       |     |
      |                                       |     cl_ulong {aka long unsigned int}
      |                                       long long int
      |                                    %ld
main.c:153:45: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘cl_ulong’ {aka ‘long unsigned int’} [-Wformat=]
  153 |    printf("Max Global Memory Alloc Size: %lld\n", maxAllocSize);
      |                                          ~~~^     ~~~~~~~~~~~~
      |                                             |     |
      |                                             |     cl_ulong {aka long unsigned int}
      |                                             long long int
      |                                          %ld
main.c:157:45: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 2 has type ‘cl_ulong’ {aka ‘long unsigned int’} [-Wformat=]
  157 |    printf("Max Const Memory Buffer Size: %lld\n", maxConstBufSize);
      |                                          ~~~^     ~~~~~~~~~~~~~~~
      |                                             |     |
      |                                             |     cl_ulong {aka long unsigned int}
      |                                             long long int
      |                                          %ld
main.c: In function ‘createClCtx’:
main.c:261:2: warning: ‘clCreateCommandQueue’ is deprecated [-Wdeprecated-declarations]
  261 |  cqCommandQueue = clCreateCommandQueue(cxGPUContext, cdDevices[gpu_id], 0, &clErr);
      |  ^~~~~~~~~~~~~~
In file included from bitcracker.h:37,
                 from main.c:22:
/usr/include/CL/cl.h:1781:1: note: declared here
 1781 | clCreateCommandQueue(cl_context                     context,
      | ^~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/CL/cl.h:32,
                 from bitcracker.h:37,
                 from opencl_attack.c:22:
/usr/include/CL/cl_version.h:34:9: note: #pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)
   34 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)")
      |         ^~~~~~~
In file included from /usr/include/CL/cl.h:32,
                 from bitcracker.h:37,
                 from utils.c:22:
/usr/include/CL/cl_version.h:34:9: note: #pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)
   34 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)")
      |         ^~~~~~~
utils.c: In function ‘parse_data’:
utils.c:179:3: error: label ‘out’ used but not defined
  179 |   goto out;
      |   ^~~~
utils.c: At top level:
utils.c:189:2: error: expected identifier or ‘(’ before ‘if’
  189 |  if(mac_comparison == 1 && !memcmp((*mac), zero_string, MAC_SIZE))
      |  ^~
utils.c:195:2: error: expected identifier or ‘(’ before ‘for’
  195 |  for (j=0; i < vmk_size*2; i+=2, j++)
      |  ^~~
utils.c:195:14: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘<’ token
  195 |  for (j=0; i < vmk_size*2; i+=2, j++)
      |              ^
utils.c:195:29: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘+=’ token
  195 |  for (j=0; i < vmk_size*2; i+=2, j++)
      |                             ^~
utils.c:201:2: warning: data definition has no type or storage class
  201 |  fclose(fphash);
      |  ^~~~~~
utils.c:201:2: warning: type defaults to ‘int’ in declaration of ‘fclose’ [-Wimplicit-int]
utils.c:201:2: warning: parameter names (without types) in function declaration
utils.c:203:2: error: expected identifier or ‘(’ before ‘return’
  203 |  return BIT_SUCCESS;
      |  ^~~~~~
utils.c:205:5: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘:’ token
  205 |  out:
      |     ^
utils.c:207:8: error: expected declaration specifiers or ‘...’ before ‘*’ token
  207 |   free(*salt);
      |        ^
utils.c:208:8: error: expected declaration specifiers or ‘...’ before ‘*’ token
  208 |   free(*nonce);
      |        ^
utils.c:209:8: error: expected declaration specifiers or ‘...’ before ‘*’ token
  209 |   free(*vmk);
      |        ^
utils.c:210:8: error: expected declaration specifiers or ‘...’ before ‘*’ token
  210 |   free(*mac);
      |        ^
utils.c:212:3: error: expected identifier or ‘(’ before ‘return’
  212 |   return BIT_FAILURE;
      |   ^~~~~~
utils.c:213:1: error: expected identifier or ‘(’ before ‘}’ token
  213 | }
      | ^
In file included from /usr/include/CL/cl.h:32,
                 from bitcracker.h:37,
                 from w_blocks.c:22:
/usr/include/CL/cl_version.h:34:9: note: #pragma message: cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)
   34 | #pragma message("cl_version.h: CL_TARGET_OPENCL_VERSION is not defined. Defaulting to 220 (OpenCL 2.2)")
      |         ^~~~~~~
make: *** [Makefile:9: all] Error 1

====== Executables in build directory ======

Building to run on Windows 10

I am having a very difficult time getting this to build on Windows. I have set the path to the make.exe file and the cl.exe file and it still will not work. I have also tried putting them into the src_XX folder and then running make and it fails when running. I have installed Cygwin to get the make and gcc executables. I have installed Visual Studio 2017 and the CUDA toolkit version 10. Anything else I may be missing (other than a decent Linux computer on hand?)?

Thanks,

Forgot my Password and Cannot get access to my Recovery Code

Hi,
So one of my USB drives has a BitLocker and unfortunately, I have forgotten he password for it and have no access to the Recovery Code.
Would anyone be able to unlcok the USB Drive or at least try to retrieve the Recovery Code for me?
Thank you

.

Bitcracker_CUDA not being made

Running on Ubuntu Mate 1.12.1

run the Build.sh and i only get bitcracker_hash and _rpgen. no _cuda or _opencl

am i doing something wrong? any suggestions?

thank you

Is there any hope?

Just wondering.. is there any hope?

---------> BitCracker Hash Extractor <---------
Encrypted device ../backup/imageEncrypted.img opened, size 935975MB

Signature found at 0x3
Version: 8 
Invalid version, looking for a signature with valid version...

Signature found at 0xbff77000
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xbff77157
Encrypted with Recovery Password (0xbff77178)
Searching AES-CCM (0xbff77194)
Trying offset 0xbff77227.... AES-CCM encryption found!!
======== RP VMK #0 ========
RP Salt: 0f4582ebb27e2e79ff9baa0be9bb8260
RP Nonce: 10bb6317b64bd4019d000000
RP MAC: a3344636e399f1f760fdae5881e72a58
RP VMK: ec2932cbe58c27e00139ada57a0c4a49b607bfbcd7568bc5fd78355800c87a258250725e0c8c248fb11193a1


=====> VMK entry found at 0xbff77277
VMK encrypted with TPM...not supported! (0xbff77298)

Signature found at 0xbff87000
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xbff87157
Encrypted with Recovery Password (0xbff87178)
Searching AES-CCM (0xbff87194)
Trying offset 0xbff87227.... AES-CCM encryption found!!
This VMK has been already stored... moving forward!

=====> VMK entry found at 0xbff87277
VMK encrypted with TPM...not supported! (0xbff87298)

Signature found at 0xbff97000
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xbff97157
Encrypted with Recovery Password (0xbff97178)
Searching AES-CCM (0xbff97194)
Trying offset 0xbff97227.... AES-CCM encryption found!!
This VMK has been already stored... moving forward!

=====> VMK entry found at 0xbff97277
VMK encrypted with TPM...not supported! (0xbff97298)

=====> VMK entry found at 0x113fa1be5

=====> VMK entry found at 0x3c46804cc

=====> VMK entry found at 0x5d12847e9

=====> VMK entry found at 0x60f9c606b

=====> VMK entry found at 0x67fd5c00e

=====> VMK entry found at 0x7721e6899

=====> VMK entry found at 0x7c7de2334

=====> VMK entry found at 0x93cbafed1

=====> VMK entry found at 0x9477ecf95

=====> VMK entry found at 0xaef700faa

=====> VMK entry found at 0xd2400e895

=====> VMK entry found at 0xea711da09

=====> VMK entry found at 0x111962a966

=====> VMK entry found at 0x1188e43f9a
...

Also, how long can it takes..

Cuda error in file 'cuda_attack.cu' in line 168 : invalid texture reference.

I'm interested in your project and I want to try it out, but have the problem.

My system:

Ubuntu 18.04.1 LTS
Intel® Core™ i7-2600K CPU @ 3.40GHz × 8 
GeForce GTX 560 Ti/PCIe/SSE2

First of all, I install the video card driver

nvidia-smi

+-----------------------------------------------------------------------------+
| NVIDIA-SMI 390.48                 Driver Version: 390.48                    |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
|===============================+======================+
|   0  GeForce GTX 560 Ti  Off  | 00000000:01:00.0 N/A |                  N/A |
| 36%   52C    P0    N/A /  N/A |    267MiB /   957MiB |     N/A      Default |
+-------------------------------+----------------------+----------------------+

Then I install cuda-toolkit
sudo apt install nvidia-cuda-toolkit
nvcc --version

nvcc: NVIDIA (R) Cuda compiler driver
Copyright (c) 2005-2017 NVIDIA Corporation
Built on Fri_Nov__3_21:07:56_CDT_2017
Cuda compilation tools, release 9.1, V9.1.85

Then I download Bitcracker
git clone https://github.com/e-ago/bitcracker.git

Then I build Bitcracker
./build.sh

====== Build BitCracker Hash Extractor ======
rm -rf *.o
rm -rf ../build/bitcracker_hash
gcc bitcracker_hash.c -o bitcracker_hash

====== Build BitCracker Recovery Password generator ======
rm -rf *.o
rm -rf ../build/bitcracker_rpgen
gcc bitcracker_rpgen.c -o bitcracker_rpgen

====== Build BitCracker CUDA version ======
rm -rf *.o
rm -rf ../build/bitcracker_cuda
nvcc -gencode arch=compute_35,code=sm_35 -gencode arch=compute_52,code=sm_52 -gencode arch=compute_60,code=sm_60 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : Compiling entry function '_Z20decrypt_vmk_with_maciPiPhS0_S0_S0_S0_iiiijjjji' for 'sm_35'
ptxas info    : Function properties for _Z20decrypt_vmk_with_maciPiPhS0_S0_S0_S0_iiiijjjji
    400 bytes stack frame, 472 bytes spill stores, 664 bytes spill loads
ptxas info    : Used 64 registers, 420 bytes cmem[0], 8 bytes cmem[2], 2 textures
ptxas info    : Compiling entry function '_Z11decrypt_vmkiPiPhS0_iiiiijjjji' for 'sm_35'
ptxas info    : Function properties for _Z11decrypt_vmkiPiPhS0_iiiiijjjji
    0 bytes stack frame, 0 bytes spill stores, 0 bytes spill loads
ptxas info    : Used 64 registers, 400 bytes cmem[0], 12 bytes cmem[2], 2 textures
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : Compiling entry function '_Z20decrypt_vmk_with_maciPiPhS0_S0_S0_S0_iiiijjjji' for 'sm_52'
ptxas info    : Function properties for _Z20decrypt_vmk_with_maciPiPhS0_S0_S0_S0_iiiijjjji
    392 bytes stack frame, 480 bytes spill stores, 736 bytes spill loads
ptxas info    : Used 64 registers, 420 bytes cmem[0], 324 bytes cmem[2], 2 textures
ptxas info    : Compiling entry function '_Z11decrypt_vmkiPiPhS0_iiiiijjjji' for 'sm_52'
ptxas info    : Function properties for _Z11decrypt_vmkiPiPhS0_iiiiijjjji
    0 bytes stack frame, 0 bytes spill stores, 0 bytes spill loads
ptxas info    : Used 64 registers, 400 bytes cmem[0], 324 bytes cmem[2], 2 textures
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : Compiling entry function '_Z20decrypt_vmk_with_maciPiPhS0_S0_S0_S0_iiiijjjji' for 'sm_60'
ptxas info    : Function properties for _Z20decrypt_vmk_with_maciPiPhS0_S0_S0_S0_iiiijjjji
    392 bytes stack frame, 480 bytes spill stores, 736 bytes spill loads
ptxas info    : Used 64 registers, 420 bytes cmem[0], 324 bytes cmem[2], 2 textures
ptxas info    : Compiling entry function '_Z11decrypt_vmkiPiPhS0_iiiiijjjji' for 'sm_60'
ptxas info    : Function properties for _Z11decrypt_vmkiPiPhS0_iiiiijjjji
    0 bytes stack frame, 0 bytes spill stores, 0 bytes spill loads
ptxas info    : Used 64 registers, 400 bytes cmem[0], 324 bytes cmem[2], 2 textures
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : Compiling entry function '_Z16w_block_evaluatePhiS_Pj' for 'sm_35'
ptxas info    : Function properties for _Z16w_block_evaluatePhiS_Pj
    0 bytes stack frame, 0 bytes spill stores, 0 bytes spill loads
ptxas info    : Used 64 registers, 352 bytes cmem[0], 4 bytes cmem[2]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : Compiling entry function '_Z16w_block_evaluatePhiS_Pj' for 'sm_52'
ptxas info    : Function properties for _Z16w_block_evaluatePhiS_Pj
    0 bytes stack frame, 0 bytes spill stores, 0 bytes spill loads
ptxas info    : Used 64 registers, 352 bytes cmem[0], 4 bytes cmem[2]
ptxas info    : 0 bytes gmem, 12584 bytes cmem[3]
ptxas info    : Compiling entry function '_Z16w_block_evaluatePhiS_Pj' for 'sm_60'
ptxas info    : Function properties for _Z16w_block_evaluatePhiS_Pj
    0 bytes stack frame, 0 bytes spill stores, 0 bytes spill loads
ptxas info    : Used 64 registers, 352 bytes cmem[0], 4 bytes cmem[2]

====== Build BitCracker OpenCL version ======
rm -rf *.o
rm -rf bitcracker_opencl
gcc -I/usr/include -L/usr/lib64 -L/usr/lib -I/usr/local/cuda/include -L/usr/local/cuda/lib64 -cl-std=CL1.2 -O3 -Wextra -o bitcracker_opencl main.c opencl_attack.c utils.c w_blocks.c -lOpenCL
gcc: error: unrecognized command line option ‘-cl-std=CL1.2’; did you mean ‘--std=c11’?
Makefile:9: recipe for target 'all' failed
make: *** [all] Error 1

====== Executables in build directory ======

Then I run the tests
./run_tests.sh

And then I get Error (Cuda error in file 'cuda_attack.cu' in line 168 : invalid texture reference.)

====================================
Selected device: GPU GeForce GTX 560 Ti (ID: 0)
====================================

Compute capability: 2.1
Clock rate: 1800000
Clock rate: 1800 MHz (1.80 GHz)
Memory Clock Rate (KHz): 2100000
Memory Bus Width (bits): 256
Peak Memory Bandwidth (GB/s): 134.400000
Device copy overlap: Enabled
Async memory engine count: 1
Concurrent kernels: 1
Kernel execition timeout: Enabled
Total global mem:  1003618304 bytes
Free memory: 570359808 bytes
Texture Alignment:  512
Multiprocessor count:  8
Shared mem per mp:  49152
Registers per mp:  32768
Threads in warp:  32
Max threads per block:  1024
Max thread dimensions:  (1024, 1024, 64)
Max grid dimensions:  (65535, 65535, 65535)

For this session, BitCracker requires at least 268566528 bytes of memory

====================================
Retrieving Info
====================================

Reading hash file "./test_hash/imgWin8_user_password.txt"
$bitlocker$0$16$0a8b9d0655d3900e9f67280adc27b5d7$1048576$12$b0599ad6c6a1cf0103000000$60$c16658f54140b3d90be6de9e03b1fe90033a2c7df7127bcd16cb013cf778c12072142c484c9c291a496fc0ebd8c21c33b595a9c1587acfc6d8bb9663


====================================
Attack
====================================

Cuda error in file 'cuda_attack.cu' in line 168 : invalid texture reference.
+ ./build/bitcracker_cuda -f ./test_hash/imgWin8_user_password.txt -d ./Dictionary/user_passwords.txt -t 1 -b 1 -g 0 -m -u

Where is the problem? What do I do wrong? Maybe my hardware is unsupported?
Thanks

Image creation failed

Hello,

I'm trying to create a disk image as per your instructions. The dd command "./dd if=\.\F: of=D:\BL\Encrypted.img conv=noerror,sync" (I'm using dd for windows) returns an error that the drive is locked with bitlocker and to unlock it from the control panel. How can I proceed?

Thanks for any help,
G

测试(破解)过程优化

可以尝试通过添加指定参数的方式（-w）将已测试过得密码从密码包中删除

请告诉我们预计测试(破解)密码还有多长时间

opencl没有使用到多核心CPU资源！

Another run_tests.sh Password not found!

I am using

OS: Ubuntu 19.04
Card: 1080 Ti
Driver Version: 418.56
CUDA Versions: 9.2 and 10.1

bitcracker compiles, but tests are failing with "Password not found". Please assist.

$ cuda-memcheck ./build/bitcracker_cuda -f ./test_hash/imgWin8_user_password.txt -d ./Dictionary/user_passwords.txt -t 1 -b 1 -g 0 -u
========= CUDA-MEMCHECK

---------> BitCracker: BitLocker password cracking tool <---------


====================================
Selected device: GPU GeForce GTX 1080 Ti (ID: 0)
====================================

Compute capability: 6.1
Clock rate: 1632500
Clock rate: 1633 MHz (1.63 GHz)
Memory Clock Rate (KHz): 5505000
Memory Bus Width (bits): 352
Peak Memory Bandwidth (GB/s): 484.440000
Device copy overlap: Enabled
Async memory engine count: 2
Concurrent kernels: 1
Kernel execition timeout: Enabled
Total global mem:  11713052672 bytes
Free memory: 11332616192 bytes
Texture Alignment:  512
Multiprocessor count:  28
Shared mem per mp:  49152
Registers per mp:  65536
Threads in warp:  32
Max threads per block:  1024
Max thread dimensions:  (1024, 1024, 64)
Max grid dimensions:  (2147483647, 65535, 65535)

For this session, BitCracker requires at least 268566528 bytes of memory

====================================
Retrieving Info
====================================

Reading hash file "./test_hash/imgWin8_user_password.txt"
$bitlocker$0$16$0a8b9d0655d3900e9f67280adc27b5d7$1048576$12$b0599ad6c6a1cf0103000000$60$c16658f54140b3d90be6de9e03b1fe90033a2c7df7127bcd16cb013cf778c12072142c484c9c291a496fc0ebd8c21c33b595a9c1587acfc6d8bb9663


====================================
Attack
====================================

Type of attack: User Password
CUDA Threads: 1024
CUDA Blocks: 1
Psw per thread: 1
Max Psw per kernel: 1024
Dictionary: ./Dictionary/user_passwords.txt
Strict Check (-s): No
MAC Comparison (-m): No

CUDA Kernel execution:
        Effective passwords: 16
        Passwords Range:
                abcdefshhf
                .....
                blablablablabla
        Time: 6.312177 sec
        Passwords x second:     2.53 pw/sec


================================================
CUDA attack completed
Passwords evaluated: 16
Password not found!
================================================


========= ERROR SUMMARY: 0 errors

Error while parsing input device image

Hi,

When I run the command
./bitcracker-master/build/bitcracker_hash -o test_hash -i ./img-encrypted/imgwinlenovo.img
I got
`---------> BitCracker Hash Extractor <---------
Encrypted device ./img-encrypted/imgwinlenovo.img opened, size 171403.00 MB

************ Signature #1 found at 0x3 ************
Version: 8
Invalid version, looking for a signature with valid version...

************ Signature #2 found at 0x471c000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0x471c8f5
Encrypted with Recovery Password (0x471c916)
Searching for AES-CCM (0x471c932)...
Offset 0x471c9c5.... not found :( (0x12,0xd)
Searching for AES-CCM (0x471c946)...
Offset 0x471c9d9.... not found :( (0x0,0x8)

************ Signature #3 found at 0xe86d0000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xe86d08f5
Encrypted with Recovery Password (0xe86d0916)
Searching for AES-CCM (0xe86d0932)...
Offset 0xe86d09c5.... not found :( (0x12,0xd)
Searching for AES-CCM (0xe86d0946)...
Offset 0xe86d09d9.... not found :( (0x0,0x8)

************ Signature #4 found at 0xfe489000 ************
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xfe4898f5
Encrypted with Recovery Password (0xfe489916)
Searching for AES-CCM (0xfe489932)...
Offset 0xfe4899c5.... not found :( (0x12,0xd)
Searching for AES-CCM (0xfe489946)...
Offset 0xfe4899d9.... not found :( (0x0,0x8)
Error while extracting data: No signature found!

Error while parsing input device image
`

Sorry, I'm not very comfortable with all the process, does it mean that the recovery password cannot be retrieved ?

Thanks !

HELP Is there any chance ???

I have an error in the make a file

gcc: error: unrecognized command-line option ‘-cl-std=CL1.2’

also i have a $2$16$57debb77a3b130a92397f8c063049274$1048576$12$20cfa3155178d70198020000$60$ad91090585684fe3da68e053c0cbfdaae24e8bd5c6b50978790b964d3b2a808c3394a833c690cc9c99c0364d9df1fac40bdcadcd2b987a7d780bfdc3 recovery key and is there any chance

Thank you!

2 questions about software

Question # 1

When I run bitcracker_hash I get 1 file back recv. I see in the output there is TPM, so does this indicate the tool would never find a solution?

Question # 2

I have generated a random set of keys, all of which are divisible by 11. When I attempt to use the generated dictionary, It says 75973 are "Effective", but no solution found, however using the rpgen generating the same number it says there are 196608 Effective several times then 65536 but no solution. I understood effective to be a combination of 8 sets of 6 digits divisible by 11. What did I miss?

BitlockerToGo

I have a USB drive encrypted with BitlockerToGo, can you confirm if this is supported?

I have been looking around for examples on how to try attack this but the examples I have come across dont quite sound like the same as the scenario I find myself in.

The drive does have an excutable called "BitLockerToGo.exe" amoungst various other files, and executing this exe on a Windows machines prompts the user for a password to unlock the drive. So I would assume a password attack is well suited. It seems creating an image of the drive and attempting to launch this via VM software such as fusion fails.

I also attempted to ID any signatures via the jtr release but the conversion to John failes as it can not find any sigures.

So I am wondering if bitcracker supports this encrypted drive or not.

Questions.

1, is that possible to recover the password using the recovery key?

2, how long does it take to crack the recovery key? (with 1080 and whats the hashrate?)

3, what a concept would u go for, would u attack the password which is much slower. (1k~ per sec) or go for the recovery key

4, if i have a bitlocker encrypted 2tb hdd drive , is that possible to dd just a part of it and not all of it, for example the first bytes of the sectors ? like in truecrypt/veracrypt(first 512bytes)?

5, related to question 2 just want to make it right, doing the calculation , 10 powered by 48 thats 1000000000000000000000000000000000000000000000000 options.

if each 1080 theoretically does 3MHs and i have 5 rigs with 8 1080 in each which mean 40 1080 cards
i could do 120MHs

1000000000000000000000000000000000000000000000000 / 120000000 = 8333333333333333333333333333333333333333 seconds

8333333333333333333333333333333333333333 = 138888888888888888888888888888888888888 minutes = 2314814814814814814814814814814814815 hours = 96450617283950617283950617283950617 days.

which make it impossible to BF it, is that right ?

@e-ago thanks for answering all of these questions :)

Password not found!

I put the recovery key in the dictionary.txt and executed the bitcracker_cuda, but can't find the password.

Hashcat integration

First off, great work. I wanted to check and see if you have any intention on trying to integrate this into hashcat. I already have a distributed GPU cluster running hashcat and it would be nice to use that power and wordlists I have integrated.

Thanks

编译失败

root@kali:~/Desktop/bitcracker-master# ./build.sh

====== Build BitCracker Hash Extractor ======
rm -rf *.o
rm -rf ../build/bitcracker_hash
gcc bitcracker_hash.c -o bitcracker_hash

====== Build BitCracker Recovery Password generator ======
rm -rf *.o
rm -rf ../build/bitcracker_rpgen
gcc bitcracker_rpgen.c -o bitcracker_rpgen

====== Build BitCracker CUDA version ======
rm -rf *.o
rm -rf ../build/bitcracker_cuda
nvcc -gencode arch=compute_35,code=sm_35 -gencode arch=compute_52,code=sm_52 -gencode arch=compute_60,code=sm_60 -Xptxas -v -o bitcracker_cuda main.cu cuda_attack.cu utils.cu w_blocks.cu
ERROR: No supported gcc/g++ host compiler found, but clang-8 is available.
Use 'nvcc -ccbin clang-8' to use that instead.
make: *** [Makefile:2：bitcracker_cuda] 错误 1

没有接触过linux，但是对您的项目非常有兴趣，根据您的步骤，到这里就失败了，请帮忙看看哪里的问题，感谢

e-ago / bitcracker Goto Github PK

bitcracker's Introduction

BitCracker

Paper

Requirements

Build

Prepare the attack

User Password Attack

Recovery Password Attack

False Positives

Examples

Performance

John The Ripper

Hashcat

Changelog

What's next

References, credits and contacts

bitcracker's People

Contributors

Stargazers

Watchers

Forkers

bitcracker's Issues

Recommend Projects

Recommend Topics

Recommend Org