First of all, brute forcing BitLocker drive with adequate password is definitely a no go. Modern CPU / GPU based attack vectors will take stellar amount of time to break the encryption. But if you still want to hit your head to the wall, be my quest!

First download dislocker tools from here. I am using Kali Linux booted in Live CD mode as my work environment. Setup for a different Linux distros may be different.

Installing the Dislocker tool

Although Kali Linux includes plenty of different security tools it still misses Dislocker (as written 31/7/2017). This tutorial covers the steps needed to install Dislocker in Kali and Ubuntu derivates. If you are using different distribution the procedure may be different. First we need to install prerequisites for compiling dislocker.

apt-get install gcc make cmake ruby-dev libmbedtls-dev libfuse-dev # Install prerequisites
Installing Dislocker prerequisities.
wget http://www.hsc.fr/ressources/outils/dislocker/download/dislocker-0.7.1.tar.gz # Download dislocker
tar xzvf dislocker-0.7.1.tar.gz # Decompress and extract tgz
Download of dislocker and decompressing it to the disk (in reality it is saving the data in to the memory because we are using Live CD).
cd dislocker-0.7.1/ # Change directory to dislocker dir
cmake . # <-- Dot is important
Generation of Makefile files using cmake.
make # Compile
make install # Install it to system
Compiling the dislocker (make) and installing it (make install).

Install dislocker-dict

Download our dislocker-dict script from here. Extract and decompress it in your home dir (or preferred location).

tar xzvf dislocker-dict.tar.gz

Change your working directory to dislocker-dict directory and run the script to the test it.

cd dislocker-dict
./dislocker-dict
Check that dislocker-dict launches OK.

If you get error message “Error: dislocker-fuse not found. Please make sure it is installed.” the dislocker installation has problems and you need to address those first.

Usage of dislocker-dict

Dislocker-dict (the Very Inefficient Way Of Using Dictionary Attack Against BitLocker) is slow and inefficient dictionary based brute force cracker for BitLocker. It has been made purely as proof of concept and testing.

Dislocker-dict requires 3 parameters to work. First parameter is the BitLocker encrypted partition. You can find it using dislocker-find utility. Second parameter is empty directory as destination mount point for dislocker-fuse to mount it. Third parameter is the dictionary file. Dislocker-dict first tests every word in dictionary file in the first pass and then combination of every word against every other in the second pass.

Example dictionary file:

Abanic
abannition
Abantes
abapical
abaptiston
abaptistum
Abarambo
Abarbarea
Abaris
abarthrosis
abarticular
abarticulation
Abas
abase
abased
abasedly
abasedness
abasement
abasements
abaser
abasers
abases
Abasgi
abash
abashed
abashedly
abashedness
abashes
abashing
abashless
abashlessly
abashment
abashments
abasia
abasias
abasic
abasing
abasio
abask
abassi
Abassieh
Abassin
abastard
abastardize
abastral
abatable
abatage
Abate
...

Example parameters:

./dislocker-dict -v /dev/sda2 -m /mnt/decrypted -d dict.txt
Starting up dislocker-dict BitLocker brute force cracker.
Dislocker-dict has found correct decryption password!

3 Replies to “Brute Force Dictionary Attack Against BitLocker”

Leave a Reply

Your email address will not be published. Required fields are marked *