bitlocker-spi-toolkit icon indicating copy to clipboard operation
bitlocker-spi-toolkit copied to clipboard
verified publisher icon WithSecureLabs

adding pin encrypted key extraction

Open idarlund opened this issue 1 year ago • 3 comments

https://blog.scrt.ch/2024/10/28/privilege-escalation-through-tpm-sniffing-when-bitlocker-pin-is-enabled/

idarlund avatar Oct 30 '24 14:10 idarlund

Hello, for some reason the code as in this PR does not extract the blob for TPM +pin. The one available in https://github.com/en4rab/SPITkey/tree/main/logic2-plugins does.

DidierA avatar Mar 04 '25 12:03 DidierA

Hello, for some reason the code as in this PR does not extract the blob for TPM +pin. The one available in https://github.com/en4rab/SPITkey/tree/main/logic2-plugins does.

increase the parameter "WINDOW_SIZE = 0x2c" and everything should work

SalkovAA avatar May 20 '25 14:05 SalkovAA

To capture the encrypted VMK that TPMandPIN mode uses change the window to "WINDOW_SIZE = 0x50" as the regex to find the blob is looking for 80 bytes (the header 5000000005000000 then the 72 bytes of the encrypted VMK

en4rab avatar May 20 '25 14:05 en4rab