First of all, brute forcing BitLocker drive with adequate password is definitely a no go. Modern CPU / GPU based attack vectors will take stellar amount of time to break the encryption. But if you still want to hit your head to the wall, be my quest!
Installing the Dislocker tool
Although Kali Linux includes plenty of different security tools it still misses Dislocker (as written 31/7/2017). This tutorial covers the steps needed to install Dislocker in Kali and Ubuntu derivates. If you are using different distribution the procedure may be different. First we need to install prerequisites for compiling dislocker.
apt-get install gcc make cmake ruby-dev libmbedtls-dev libfuse-dev # Install prerequisites
wget http://www.hsc.fr/ressources/outils/dislocker/download/dislocker-0.7.1.tar.gz # Download dislocker tar xzvf dislocker-0.7.1.tar.gz # Decompress and extract tgz
cd dislocker-0.7.1/ # Change directory to dislocker dir cmake . # <-- Dot is important
make # Compile make install # Install it to system
Download our dislocker-dict script from here. Extract and decompress it in your home dir (or preferred location).
tar xzvf dislocker-dict.tar.gz
Change your working directory to dislocker-dict directory and run the script to the test it.
cd dislocker-dict ./dislocker-dict
If you get error message “Error: dislocker-fuse not found. Please make sure it is installed.” the dislocker installation has problems and you need to address those first.
Usage of dislocker-dict
Dislocker-dict (the Very Inefficient Way Of Using Dictionary Attack Against BitLocker) is slow and inefficient dictionary based brute force cracker for BitLocker. It has been made purely as proof of concept and testing.
Dislocker-dict requires 3 parameters to work. First parameter is the BitLocker encrypted partition. You can find it using dislocker-find utility. Second parameter is empty directory as destination mount point for dislocker-fuse to mount it. Third parameter is the dictionary file. Dislocker-dict first tests every word in dictionary file in the first pass and then combination of every word against every other in the second pass.
Example dictionary file:
Abanic abannition Abantes abapical abaptiston abaptistum Abarambo Abarbarea Abaris abarthrosis abarticular abarticulation Abas abase abased abasedly abasedness abasement abasements abaser abasers abases Abasgi abash abashed abashedly abashedness abashes abashing abashless abashlessly abashment abashments abasia abasias abasic abasing abasio abask abassi Abassieh Abassin abastard abastardize abastral abatable abatage Abate ...
./dislocker-dict -v /dev/sda2 -m /mnt/decrypted -d dict.txt