Jump to content

Bypassing BitLocker in TPM-only (basic) mode...?

Guest groffg

By Guest groffg
in Techno Babble

 Share

Recommended Posts

Guest groffg

Guest groffg

Posted
Posted

Anyone had any experience bypassing BitLocker (basic mode) using the

recovery console (i.e., booting to the Windows DVD or rescue CD)? Based

on the documentation, seems like it would work (provided BIOS is

configured to boot to CD/DVD drive before the HDD).

 

Having said that, would M$ allow such an obvious attack vector? I don't

have a machine w/ a TPM right now, so I can't test this myself. Anyone

tried this out?

 

 

--

groffg

Posted via http://www.vistaheads.com

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Richard G. Harper

Guest Richard G. Harper

Posted
Posted

You can boot with a CD/DVD/bootable device - but since the contents of the

hard drive are encrypted (all but a small startup stub) it doesn't do you

any good anyway.

 

"groffg" <groffg.3qg204@no-mx.forums.vistaheads.com> wrote in message

news:groffg.3qg204@no-mx.forums.vistaheads.com...<span style="color:blue">

>

> Anyone had any experience bypassing BitLocker (basic mode) using the

> recovery console (i.e., booting to the Windows DVD or rescue CD)? Based

> on the documentation, seems like it would work (provided BIOS is

> configured to boot to CD/DVD drive before the HDD).

>

> Having said that, would M$ allow such an obvious attack vector? I don't

> have a machine w/ a TPM right now, so I can't test this myself. Anyone

> tried this out?</span>

Guest groffg

Guest groffg

Posted
Posted

But I thought the Windows recovery CD/DVD was "bitlocker compatible,"

meaning that if you boot to the CD/DVD, and bitlocker is detected, then

it would allow you to authenticate first (which would happen

transparently in the event you were using basic mode/TPM).

 

 

Richard G. Harper;1221716 Wrote: <span style="color:blue">

> You can boot with a CD/DVD/bootable device - but since the contents of

> the

> hard drive are encrypted (all but a small startup stub) it doesn't do

> you

> any good anyway.

>

> "groffg" <groffg.3qg204@no-mx.forums.vistaheads.com> wrote in message

> news:groffg.3qg204@no-mx.forums.vistaheads.com...<span style="color:green">

> >

> > Anyone had any experience bypassing BitLocker (basic mode) using the

> > recovery console (i.e., booting to the Windows DVD or rescue CD)?</span>

> Based<span style="color:green">

> > on the documentation, seems like it would work (provided BIOS is

> > configured to boot to CD/DVD drive before the HDD).

> >

> > Having said that, would M$ allow such an obvious attack vector? I</span>

> don't<span style="color:green">

> > have a machine w/ a TPM right now, so I can't test this myself.</span>

> Anyone<span style="color:green">

> > tried this out?</span></span>

 

 

--

groffg

Posted via http://www.vistaheads.com

Guest Robert Kochem

Guest Robert Kochem

Posted
Posted

groffg wrote:

<span style="color:blue">

> But I thought the Windows recovery CD/DVD was "bitlocker compatible,"

> meaning that if you boot to the CD/DVD, and bitlocker is detected, then

> it would allow you to authenticate first (which would happen

> transparently in the event you were using basic mode/TPM).</span>

 

No, that doesn't work as you expect it. If not boot from your HDD the boot

code is different and therefore the TPM is blocked.

Bitlocker volumes can be access from the Vista installation environment

AFAIR only by entering the Bitlocker recovery key (the "numerical monster")

or by providing a saved key on an usb drive.

 

Robert

Guest groffg

Guest groffg

Posted
Posted

Ahh, makes sense. Thank you Robert.

 

Robert Kochem;1227468 Wrote: <span style="color:blue">

> groffg wrote:

> <span style="color:green">

> > But I thought the Windows recovery CD/DVD was "bitlocker</span>

> compatible,"<span style="color:green">

> > meaning that if you boot to the CD/DVD, and bitlocker is detected,</span>

> then<span style="color:green">

> > it would allow you to authenticate first (which would happen

> > transparently in the event you were using basic mode/TPM).</span>

>

> No, that doesn't work as you expect it. If not boot from your HDD the

> boot

> code is different and therefore the TPM is blocked.

> Bitlocker volumes can be access from the Vista installation

> environment

> AFAIR only by entering the Bitlocker recovery key (the "numerical

> monster")

> or by providing a saved key on an usb drive.

>

> Robert</span>

 

 

--

groffg

Posted via http://www.vistaheads.com

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...