In this video we will use a hardware attack to bypass TPM-based Bitlocker encryption as used on most Microsoft Windows devices.

Errata:
– PIN can also be enabled using manage-bde, not just using group policies

Questions:
– Does this work on TPM2.0? Yes, at least on some: https://pulsesecurity.co.nz/articles/TPM-sniffing

Links:
– https://hextree.io/
– Pascal Gujer: https://twitter.com/pascal_gujer / https://hands-on-security.com
– Enabling Bitlocker PIN: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/
– Hardware & source-code: https://github.com/stacksmashing/pico-tpmsniffer
– LPC Clockless Analyzer for Saleae: https://github.com/stacksmashing/LPCClocklessAnalyzer

Me:
– Twitter: https://twitter.com/ghidraninja
– Patreon: https://patreon.com/stacksmashing

Posts about sniffing bitlocker:
– https://labs.withsecure.com/publications/sniff-there-leaks-my-bitlocker-key
– https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
– https://blog.scrt.ch/2021/11/15/tpm-sniffing/
– https://pulsesecurity.co.nz/articles/TPM-sniffing

Please take the opportunity to connect and share this video with your friends and family if you find it useful.