First of all, brute forcing BitLocker drive with adequate password is definitely a no go. Modern CPU / GPU based attack vectors will take stellar amount of time to break the encryption. But if you still want to hit your head to the wall, be my quest!
First download dislocker tools from here. I am using Kali Linux booted in Live CD mode as my work environment. Setup for a different Linux distros may be different.
Installing the Dislocker tool
Although Kali Linux includes plenty of different security tools it still misses Dislocker (as written 31/7/2017). This tutorial covers the steps needed to install Dislocker in Kali and Ubuntu derivates. If you are using different distribution the procedure may be different. First we need to install prerequisites for compiling dislocker.
apt-get install gcc make cmake ruby-dev libmbedtls-dev libfuse-dev # Install prerequisites
wget http://www.hsc.fr/ressources/outils/dislocker/download/dislocker-0.7.1.tar.gz # Download dislocker tar xzvf dislocker-0.7.1.tar.gz # Decompress and extract tgz
cd dislocker-0.7.1/ # Change directory to dislocker dir cmake . # <-- Dot is important
make # Compile make install # Install it to system
Install dislocker-dict
Download our dislocker-dict script from here. Extract and decompress it in your home dir (or preferred location).
tar xzvf dislocker-dict.tar.gz
Change your working directory to dislocker-dict directory and run the script to the test it.
cd dislocker-dict ./dislocker-dict
If you get error message “Error: dislocker-fuse not found. Please make sure it is installed.” the dislocker installation has problems and you need to address those first.
Usage of dislocker-dict
Dislocker-dict (the Very Inefficient Way Of Using Dictionary Attack Against BitLocker) is slow and inefficient dictionary based brute force cracker for BitLocker. It has been made purely as proof of concept and testing.
Dislocker-dict requires 3 parameters to work. First parameter is the BitLocker encrypted partition. You can find it using dislocker-find utility. Second parameter is empty directory as destination mount point for dislocker-fuse to mount it. Third parameter is the dictionary file. Dislocker-dict first tests every word in dictionary file in the first pass and then combination of every word against every other in the second pass.
Example dictionary file:
Abanic abannition Abantes abapical abaptiston abaptistum Abarambo Abarbarea Abaris abarthrosis abarticular abarticulation Abas abase abased abasedly abasedness abasement abasements abaser abasers abases Abasgi abash abashed abashedly abashedness abashes abashing abashless abashlessly abashment abashments abasia abasias abasic abasing abasio abask abassi Abassieh Abassin abastard abastardize abastral abatable abatage Abate ...
Example parameters:
./dislocker-dict -v /dev/sda2 -m /mnt/decrypted -d dict.txt
Hello, why such passwords jkTP53pasS work and such Zaq44Xsw99Cde is not present? Thanks.
so my bitlocker device isl all numbers
More or less 🙂