Question

How can I create a text file from bitlocker-encrypted data, for PRTK to attack and possibly retrieve a password?

 

Answer

Copy out the first 256 bytes, or 512 bytes of raw physical data from the bitlocker-encrypted partition, and save as a text file. Load that text file into PRTK.

If PRTK does not recognize the file as compatible for password recovery, then copy more data, e.g. double the amount of bytes copied. In our experience, from 50 mb to maximum 100 mb worth of data should be enough to ensure that the bitlocker values are available in the text file for attack.

 

Important Note:

The only scenario where PRTK has hope of performing a successful attack is if access to the bitlocker-encrypted partition was provided via a user-selected password.

If the access to that bitlocker-encrypted data was normally through the TPM of that target computer, a startup-key on a USB drive, or a (machine-generated) "recovery password", then PRTK can do nothing for password recovery.

 

Applies To

PRTK