±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36489
New Yesterday: 5 Visitors: 157

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Nokia 920 - Bitlocker

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

the_Grinch
Senior Member
 

Nokia 920 - Bitlocker

Post Posted: Jan 09, 20 22:54

Got a Nokia 920 running Windows 8 with an unknown passcode. I was able to get a physical of the device with Cellbrite, but no data was parsed out. Attempted importing it with XRY and got the same result. In looking through the bin I can can see the partition imgs and noticed that the OS and Userdata were encrypted via Bitlocker. It's a four digit passcode and I found software that lets me mount the partitions (prompts for the password), but typing 10000 possible combinations is not in the cards. Any info on how I could automate the password tries to unlock the data?  
 
  

DCS1094
Senior Member
 

Re: Nokia 920 - Bitlocker

Post Posted: Jan 10, 20 08:55

Dump the hash, salt and length then crack the passcode using wp8-sha256-pin-finder.py. After, manually access settings and disable bitlocker encryption. Make sure you leave it turned on to allow it to unencrypt the volume. Then carry out the physical extraction again in an unencrypted state. I don't think the encryption is tied to the passcode as its possible to activate encryption without the passcode.  
 
  

jaclaz
Senior Member
 

Re: Nokia 920 - Bitlocker

Post Posted: Jan 10, 20 10:14

I am not sure if the question is "how to type all 10000 possible PIN's" Question , if it is you can use *any* scripting engine, but there are "brute force" password creators.

Of course it depends on which OS you are running and what is the "software" you are inputting the password(s) in.

If the range is just 0000 to 9999, even on a slow responding interface, 3 seconds per PIN, is 30000 seconds, or 500 minutes or 8.33 hours, slowish but doable.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

JGilmour
Newbie
 

Re: Nokia 920 - Bitlocker

Post Posted: Jan 10, 20 11:07

I've always been led to believe that the Bitlocker key is securely stored in the processor and cannot be recovered. The PIN code is also stored in the encrypted userdata partition, so that can't be brute forced either.  
 
  

Rich2005
Senior Member
 

Re: Nokia 920 - Bitlocker

Post Posted: Jan 10, 20 12:33

- jaclaz
I am not sure if the question is "how to type all 10000 possible PIN's" Question , if it is you can use *any* scripting engine, but there are "brute force" password creators.

Of course it depends on which OS you are running and what is the "software" you are inputting the password(s) in.

If the range is just 0000 to 9999, even on a slow responding interface, 3 seconds per PIN, is 30000 seconds, or 500 minutes or 8.33 hours, slowish but doable.

jaclaz


I reckon he might choose the scripted option above rather than spending doing 8 hours doing that! Laughing
(if that's possible and doesn't lock out or increase time between attempts)  
 
  

jaclaz
Senior Member
 

Re: Nokia 920 - Bitlocker

Post Posted: Jan 10, 20 14:47

- Rich2005


I reckon he might choose the scripted option above rather than spending doing 8 hours doing that! Laughing
(if that's possible and doesn't lock out or increase time between attempts)


Sure, never thought of actually typing that, I was talking of the time needed using the scripted option, time depends on how responsive is the input interface, if there is some delay (for checking the pin, etc.).

And of course the script may take into account countermeasures such as increasing time for next attempt or resettting/rebooting every n attempts, etc. that will increase meeded time.

I was trying to convey the idea that even if slow, a 4 figures 0-9 PIN is doable, i.e. can be simply bruteforced in a reasonable amount of time.

Even (if needed) using a "fake" keyboard, like a USB RubberDucky or similar, example:

1024kb.co.nz/hack-a-mac-again/

in this case overall time is 17 seconds per attempt as there is the need to reset periodically.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

the_Grinch
Senior Member
 

Re: Nokia 920 - Bitlocker

Post Posted: Jan 11, 20 00:50

I would be doing it on the physical image of the device, not the device itself. The software I have mounts the drive and prompts for a password. Type the code, fails with a box, hit ok, clear the code, enter new code. But I'll see if I can find the hash and then run the script...would definitely save a lot of time.  
 

Page 1 of 2
Page 1, 2  Next