Windows Encryption Threat Analysis

Windows Encryption Threat Analysis
SOC10101: Honors Project
Submitted in partial fulfilment of the requirements of Napier University for the
degree of Bachelor of Science with Honours in Networked Computing
Adrian Vergin
08008480
BSc (Hons) Network Computing
Supervisor:
Prof. William Buchanan
Second Marker:
Dr. Robert Ludwiniak
April 2010
School of Computing
Author: 08008480
11/05/2010
1
Abstract
New versions of Windows come equipped with mechanisms, such as EFS and BitLocker,
which are capable of encrypting data to an industrial standard on a Personal Computer.
This creates problems if the computer in question contains electronic evidence. BitLocker,
for instance, provides a secure way for an individual to hide the contents of their entire
disk, but as with most technologies, there are bound to be weaknesses and threats to the
security of the encrypted data. It is conceivable that this technology, while appearing
robust and secure, may contain flaws, which would jeopardize the integrity of the whole
system. As more people encrypt their hard drives, it will become harder and harder for
forensic investigators to recover data from Personal Computers. By analyzing Windows
encryption, the author intends to produce automated tools to aid investigators in gaining
access to this data, as well as contribute to the progression of Windows encryption
standards.
Over the course of this document, the author outlines both encryption systems and points
out potential vulnerabilities in them. While presenting his findings, the author also provides
tips and suggestions on how to use EFS and BitLocker in order to optimize their efficiency
and make the best use of their strengths. This project also delivers software solutions
designed to help compromise the integrity of these systems.
The ultimate finding of this project is that in order to keep data at rest optimally secure,
both EFS and BitLocker should be used in tandem, or they should be used in conjunction
with other encryption solutions. Neither of these solutions is completely impenetrable on
it's own, but when combined with other forms of encryption, they provide a layer of
defense that's sufficiently hard to crack.
Author: 08008480
11/05/2010
2
Authorship Declaration
I, Adrian Vergin confirm that this dissertation and the work presented in it are my own
achievement.
Where I have consulted the published work of others this is always clearly attributed;
Where I have quoted from the work of others the source is always given. With the
exception of such quotations this dissertation is entirely my own work;
I have acknowledged all main sources of help;
If my research follows on from previous work or is part of a larger collaborative research
project I have made clear exactly what was done by others and what I have contributed
myself;
I have read and understand the penalties associated with Academic Misconduct.
I also confirm that I have obtained informed consent from all people I have involved in
the work in this dissertation following the School's ethical guidelines.
Signed:
Date:
Matriculation no:
PLEASE NOTE that in signing this page you are aware of the consequences of doing this
fraudulently as explained at http://www.napier.ac.uk/ed/plagiarism/homepage.htm
Author: 08008480
11/05/2010
3
Data Protection Declaration
Under the 1998 Data Protection Act, The University cannot disclose your grade to an
unauthorised person. However, other students benefit from studying dissertations that
have their grades attached.
Please sign your name below one of the options below to state your preference.
The University may make this dissertation, with indicative grade, available to others.
The University may make this dissertation available to others, but the grade may not be
disclosed.
The University may not make this dissertation available to others.
Author: 08008480
11/05/2010
4
Acknowledgments
The author would like to extend special thanks to the following people, whithout whom
completing this project would not have been possible:
To Bill Buchanan for his vital advice, ideas and guidance over the course of this module.
To Mike Dickson, who helped brainstorm methodologies for the project software.
To Richard Laing for providing sample data required to test the project software.
Author: 08008480
11/05/2010
5
Table of Contents
Abstract ................................................................................................................................................ 2
1. Project Overview .............................................................................................................................. 8
1.1 Background and Relevance ........................................................................................................... 8
1.2 Objectives .................................................................................................................................... 10
1.3 Report Structure ...........................................................................................................................11
2. Literature Review ........................................................................................................................... 12
2.1 Encrypting File System ............................................................................................................... 12
2.1.1 Overview ................................................................................................................................... 12
2.1.2 How it Works ........................................................................................................................... 13
2.1.3 Potential Vulnerabilities ............................................................................................................ 13
2.2 BitLocker Drive Encryption ........................................................................................................ 15
2.2.1 Overview ................................................................................................................................... 15
2.2.2 How it Works ........................................................................................................................... 17
2.2.3 Potential Vulnerabilities ............................................................................................................ 17
2.3 Section Review ............................................................................................................................ 19
2.4 Best Practice Guidelines for Windows Encryption ..................................................................... 21
3. Vulnerability Exploitations............................................................................................................. 23
3.1 CertCrack ..................................................................................................................................... 23
3.1.1 Introduction ............................................................................................................................... 23
3.1.2 Background ............................................................................................................................... 23
3.1.3 Design ....................................................................................................................................... 24
3.1.4 Methodology ............................................................................................................................. 25
3.1.5 Usage ........................................................................................................................................ 25
3.1.6 Future Work and Shortcomings ................................................................................................ 27
3.1.7 Evaluation ................................................................................................................................. 27
3.1.8 Source Code .............................................................................................................................. 28
3.2 Distributed BitLocker Cracker .................................................................................................... 28
3.2.1 Introduction ............................................................................................................................... 28
3.1.2 Background ............................................................................................................................... 29
3.2.3 Design ....................................................................................................................................... 30
3.2.4 Methodology ............................................................................................................................. 31
3.2.5 Usage ........................................................................................................................................ 32
3.2.6 Future Work and Shortcomings ................................................................................................ 34
3.2.7 Evaluation ................................................................................................................................. 38
3.2.8 Source Code .............................................................................................................................. 39
4. Project Evaluation .......................................................................................................................... 40
4.1 Milestones .................................................................................................................................... 40
4.2 Time Management ....................................................................................................................... 41
4.3 Reflections ................................................................................................................................... 41
Appendix ............................................................................................................................................ 42
1. Initial Project Overview ................................................................................................................. 43
2. Interim Review Form ..................................................................................................................... 45
3. Project Diary .................................................................................................................................. 46
a) Trimester 1 ..................................................................................................................................... 46
b) Trimester 2 ..................................................................................................................................... 58
4. Schedule ........................................................................................................................................ 70
a) Trimester 1 ..................................................................................................................................... 70
b) Trimester 2 ..................................................................................................................................... 70
Author: 08008480
11/05/2010
6
5. CertCrack ...................................................................................................................................... 71
a) Figure 1: Program ......................................................................................................................... 71
b) Figure 1.1: Dictionary .................................................................................................................... 72
c) Figure 1.2: Brute Force .................................................................................................................. 73
d) Source Code: Program .................................................................................................................. 74
e) Screenshots..................................................................................................................................... 92
6. Distributed BitLocker Cracker – Server ....................................................................................... 97
a) Figure 1: Main ............................................................................................................................... 97
b) Figure 1.1: SectorSender................................................................................................................ 98
c) Figure 1.2: Send/Receive Keys ...................................................................................................... 99
d) Source Code: Server .................................................................................................................... 100
e) Source Code: SectorSender .......................................................................................................... 104
f) Source Code: Encrypt .................................................................................................................. 108
g) Screenshots .................................................................................................................................. 109
7. Distributed BitLocker Cracker – Client ...................................................................................... 111
a) Figure 2: Main ............................................................................................................................. 111
b) Figure 2.1: Decrypt ..................................................................................................................... 112
c) Source Code: Program ................................................................................................................ 113
d) Source Code: Decrypt ................................................................................................................. 119
e) Source Code: KeySender ............................................................................................................. 123
f) Screenshots ................................................................................................................................... 124
8. Distributed BitLocker Cracker – Client-Server Protocol............................................................. 125
References ........................................................................................................................................ 126
1. Project Overview
1.1 Background and Relevance
In this day and age, encryption is a very important part of everyone's daily life.
Any time we buy something online, top up our mobile phones, register with a
social networking site, information is stored about us on a remote computer. In
order to preserve consumer privacy, data on such a computer should be
encrypted. But what happens when a user is working on some bit of sensitive
information on their own computer, or a company laptop?
Microsoft Windows has adopted different methods of protecting users' private
data and implemented them in various versions of the operating system. Since
Windows 2000, an encryption mechanism called Encrypting File System (EFS)
has enabled users to encrypt files and directories, protecting them from other
users of the workstation, Active Directory server, or another remote-encryption
enabled machine (Encrypting File System overview, Microsoft Corporation). In
EFS for Windows 2000, only DESX was used for encryption services. In Windows
XP, the option to use 3DES was added. In Windows XP SP1, AES became the
default encryption algorithm, while the other two algorithm options could be
selected by changing values in the Windows registry (Encrypting File System
(EFS), TopBits.com). In Windows 7, Microsoft have added the use of ECC, and “a
"mixed-mode" operation of ECC and RSA algorithms” (Changes in EFS, Microsoft
Corporation) for backwards compatibility with algorithms supported in earlier
versions of Windows.
Another method of encryption, which started with the release of Windows Vista, is
called BitLocker. The main difference between BitLocker and EFS is that
“BitLocker is full-disk encryption, not per-file encryption.” (Windows Vista Secrets
SP1 Edition, Paul Thurrott 2008) When BitLocker is turned on, it encrypts the
contents of the entire computer, rather than just specific files selected by the user,
effectively eliminating some of the shortcomings EFS had when dealing with an
attacker with physical access to the computer. BitLocker, by default, uses AES in
CBC mode with a 128-bit key, after first scrambling the plaintext with the Elephant
Author: 08008480
11/05/2010
8
Diffuser. Other modes of operation include variations of 128 and 256 bit AES
ciphers with the diffuser turned on or off (NVbit: Accessing BitLocker volumes
from linux, Kumar Nitin, Kumar Vipin 2008). There are several ways that a user
can set a BitLocker volume to be unlocked: TPM, USB, TPM+PIN, TPM+USB,
TPM+USB+PIN; where USB is a flash disk containing the encryption key, the
TPM is the Trusted Platform Module, and the PIN is a user-defined number
passed to the TPM, which then unlocks the encryption key (AES-CBC + Elephant
diffuser, Niels Ferguson 2006).
Both these systems are very helpful to corporations, but can be extremely
detrimental to the pursuit of justice. If a computer acquired for the purpose of
retrieving evidence is encrypted, it may be impossible for investigators to obtain
any usable data from it. It is very easy to use these Windows encryption systems
to mask criminal activity, and obstruct the course of justice by hiding vital
evidence in an encrypted file system. The purpose of this project is to find ways to
surpass these systems, and provide ways for forensic investigators to access the
data.
The author would like to point out, that this report aims to expose weaknesses
and vulnerabilities in personal-use adaptations of Windows encryption standards.
Large-scale or corporate implementations of EFS, for instance, make use of
different key management tactics, and sometimes rely on the use of a centralized
key management services (Microsoft® Windows® Internals, Fourth Edition:
Microsoft Windows Server™ 2003, Windows XP and Windows 2000.
Russinovich, Solomon 2005). BitLocker, when used within a corporate network,
stores the encryption key in Active Directory (Hacking and Breaking Bitlocker.
Morrill 2008). With these centralized key management systems, access to
particular folders and files may be gained when possessing different group
authorizations. Because of the need for organizations to access their data,
certain conditions may require back doors in the key management system, or
some sort of administrative override scenario “if the key used to encrypt these
records becomes unavailable (e.g., through the accidental death of the key
holder).” (Key Management in an Encrypting File System. Blaze 1994) In most
cases, however, within a corporate system, access to encrypted data can be
Author: 08008480
11/05/2010
9
obtained from the system administrator. A system administrator is defined as:
“The individual who has legitimate supervisory rights over a computer system.
The administrator maintains the highest access to the system. Also can be known
as sysop, sysadmin, and system operator.” (Forensic Examination of Digital
Evidence: A Guide for Law Enforcement. National Institute of Justice 2004) These
topics are outside the scope of this project.
The parties who may benefit from this report include the police and any other
government agencies interested in retrieving encrypted content from seized
computers, the Microsoft System Integrity Team, who may review these products
and devise countermeasures against the attacks proposed in this report, and the
Research Community.
1.2 Objectives
The most crucial objective of this report is to deliver a list of potential
vulnerabilities associated with encryption in modern Windows systems. It is the
aim of this project to find weaknesses in BitLocker and EFS by considering the
work of others and the documentation produced by Microsoft, mainly to aid
forensic examiners in extracting information from systems equipped with such
features, but also to contribute to the betterment of future generations of this
encryption software.
The secondary objective is to take a practical approach to cracking BitLocker by
obtaining a copy of any of the keys, key unlockers, or passwords, and to
compromise EFS by cracking a digital certificate produced by exporting a user's
private and public key in accordance with the Best Practice Guidelines outlined by
Microsoft; and achieving all this with focus on delivering results in the least
amount of time. The author aspires to design and implement software methods of
exploiting some of the weaknesses found over the course of this project.
The last objective of this project is to give suggestions to the users of either or
both of these encryption technologies as to how best to protect themselves from
these vulnerabilities. This will be a small academic contribution of this project.
Author: 08008480
11/05/2010
10
1.3 Report Structure
In accordance with the stated Objectives (Section 1.2), the Literature Review
(Section 2) provides a detailed analysis of the encryption features of Windows,
including a general summary, and an elaborate list of potential vulnerabilities.
After listing the weaknesses in each of the encryption systems, the report covers
software solutions aimed at using some of the outlined weaknesses in order to
gain access to a system protected with each of the Windows encryption
technologies in turn, in Section 3, Vulnerability Exploitations. Each software
solution is contained in a structure resembling a separate report, complete with
Introduction, Background, Design, Methodology, Usage, Future Work and
Shortcomings, an Evaluation sections focused only on the software solution
discussed in each section.
Lastly, this report contains and Evaluation section, which is the author's selfassessment and reflections on the project.
Author: 08008480
11/05/2010
11
2. Literature Review
2.1 Encrypting File System
2.1.1 Overview
The Encrypting File System feature of Windows was created as a measure to
increase security within the system past the capabilities of the NTFS user
privilege system. EFS protects data from being read by users who do not possess
the Public Key associated with the encrypted data, and the only person who can
modify the encrypted data is the person possessing the Private Key. According to
the Microsoft Corporation, “using EFS is similar to using permissions on files and
folders. Both methods can be used to restrict access to data. However, an
intruder who gains unauthorized physical access to encrypted files or folders will
be prevented from reading them. If the intruder tries to open or copy your
encrypted file or folder he receives an access denied message. Permissions on
files and folders do not protect against unauthorized physical attacks.“ (Encrypting
File System Overview, Microsoft Corporation) Microsoft also boasts that
encrypting files using EFS is transparent to the user, and other than clicking a
check box, the user does not have to perform any manual tasks in order to use
the encrypted data. However, a command line program, called “Cipher”, has been
provided to allow users to manually encrypt and decrypt data.
Currently, EFS supports industry-standard algorithms, including Advanced
Encryption Standard (AES), Secure Hash Algorithm (SHA), Elliptic Curve
Cryptography (ECC), and smart-card based encryption. Key sizes in EFS range
from 1,024-bit to 16,384-bit RSA, and 256-bit to 521-bit ECC, but key length can
only be specified by the user when using self-signed certificates (Changes in
EFS, Microsoft Corporation 2009). Self-signed certificates are usually considered
untrusted, because they cannot be verified by a trusted third party, such as a
Certification Authority. EFS does, however, make it easier to send encrypted
interpersonal communications when circumstances are lax enough to allow for
self-signed certificates, such as personal email.
Author: 08008480
11/05/2010
12
2.1.2 How it Works
EFS allows users to encrypt individual files and directories in Windows by ticking
the “encrypted” box in the advanced properties of the given file or directory. When
a user selects a file or directory for encryption, Windows contacts a trusted
authority or creates a self-signed digital certificate containing the user's private
key with which the data will be encrypted. The certificate is stored in the user's
private X509 Store on the workstation. In Encrypting File System (EFS) files
appear corrupted when you open them (Microsoft Corporation 2007) it is
described that the EFS standard is able to use 3DES, DESX, and AES as the
encryption algorithm for files. Recently, though, changes have been made to EFS
to accommodate Elliptic Curve Cryptography, and longer RSA keys up to 16,384
bits (Changes in EFS, Microsoft Corporation). As new technologies become
available, and encryption standards are amended, EFS keeps up with the current
standards by incorporating new algorithms, while trying to maintain backwards
compatibility with older versions and configurations.
2.1.3 Potential Vulnerabilities
When looking at the overall robustness of a system, one must consider the
realistic ramifications of modern day technology. For instance, it would be
extremely difficult to crack a 16,384-bit RSA key fast enough to be of any use.
The attacker would have to have a small army of dedicated machines at his or her
disposal. It is better and easier to break the chain by attacking it's weakest link,
metaphorically speaking. It is the author's belief, that in this case, the weakest link
is the use of passwords, which have the ability to unlock an exported certificate or
a user's personal X509 store.
It is also important to remain aware that, by default, certificates containing only
the public key enabling a user to read the encrypted data are exported with no
password; only certificates containing a user's private key, which enables them to
encrypt the data or modify the data already encrypted are stored with a password.
In order to trully compromise EFS, the digital certificate containing the private key
must be cracked, unless the intention of the forensic analyst is only to look at the
encrypted data.
Author: 08008480
11/05/2010
13
In Best practices for the Encrypting File System (Microsoft Corporation 2009) the
Microsoft Corporation advises companies using EFS to instruct their employees
to keep copies of the digital certificates used to produce the ciphertext exported to
.pfx files with a strong password. This in itself creates vulnerabilities, as users
tend not to be creative with their strong passwords, and even if a password they
have created is particularly strong, chances are they are using it in a number of
different applications with varying degrees of security measures against attack. In
reality, an attacker might steal a laptop and break the user account password, and
find the user's desktop riddled with .pfx certificates with the same password. In
fact, since with EFS, the certificates containing encryption keys are stored within
the user's X509 Certificate Store, an attacker can gain access to them by simply
cracking the user's password, and exporting the certificates to file.
According to Encrypting File System overview (Microsoft Corporation), another
weakness of EFS is that data can be unexpectedly decrypted without the user's
knowledge. When the data is moved from an NTFS volume onto any other file
system, or when it is sent across a network, the data will automatically be
decrypted and then processed in plaintext. This implies that a user sending files
to a remote-encryption enabled server should use an encrypted tunnel (IPSec,
SSH) when sending the sensitive information across a network. If users are not
tunneling to the server, this becomes a perfect scenario for an attacker simply
sniffing sensitive packets, or using a man-in-the-middle attack.
If an attacker has physical access to the machine with EFS-encrypted content,
there are a number of exploitations that can be performed, which take advantage
of various weaknesses in Windows security. In their book, Hacking Exposed:
Network Security Secrets and Solutions, authors Kurtz, McClure, and Scambray
(2009) explain in detail the weaknesses which allow an attacker to gain access to
encrypted data. For example, in order to prevent complete lack of access to files
in case of user account files becoming lost or damaged, or the user deleting their
certificate from their X509 store, EFS mandates that a Recovery Agent (RA) be
appointed so that the files can still be accessed and decrypted. That Recovery
Agent, on personal workstations is, by default, the local Administrator account; if
Author: 08008480
11/05/2010
14
the workstation is part of a domain, then the domain's administrative account
becomes the default Recovery Agent. Based on this information, it becomes
apparent, that an attacker is able to gain access to the Administrator account by a
method similar to accessing the NTFS volume in a different operating system,
and removing the SAM files associated with the Administrator password, as
outlined in a paper by James J. Grace and Thomas S. V. Bartlett III (July 25,
1999), which, unfortunately, is no longer available for download. The attacker
would then be able to obtain the decryption key from the Data Recovery Field
attribute in the files themselves, or could simply remove the password from the
account of the user who encrypted the files, giving them access to the digital
certificate containing the private and public keys associated with the encrypted
files.
This supports the claim, that with physical access to a machine, and in-depth
knowledge of Windows security features, an attacker is able to gain access to
nearly everything within the Windows system. On the other hand, a feature like
BitLocker is extremely effective at protecting data at rest, and would render the
attack mentioned previously quite useless by preventing an attacker from
tampering with the Administrator account.
2.2 BitLocker Drive Encryption
2.2.1 Overview
BitLocker is a new feature available in some versions of Windows Vista and 7,
which encrypts the entire contents of the system volume it's on, effectively making
the hard drive unusable if taken out of it's host machine. As mentioned before,
BitLocker prevents a potential attacker from tampering with the system, because
the entire hard disk containing the vital system files, which the attacker would
have to access, is encrypted. Without the appropriate keys to decrypt the hard
disk, the attacker cannot even begin to attempt to circumvent Windows security.
In BitLocker™ Drive Encryption Security Policy (Microsoft Corporation 2008), the
Microsoft team explain security features of BitLocker used to ensure that no
startup files have been tampered with before the system boots up. The paper
Author: 08008480
11/05/2010
15
also lists the files checked prior to boot. This is a very important feature,
especially that, because of the Elephant Diffuser, an attacker can only alter the
plaintext in unpredictable ways; this means that even though the changes made
to the ciphertext may not have the desired effect, they could affect system stability
by damaging system files. BitLocker will not load altered files.
By default, BitLocker uses AES in CBC mode with a 128 bit key, and an Elephant
Diffuser, which Niels Ferguson describes in AES-CBC + Elephant diffuser
(Ferguson 2006) to increase the risk of doing irreparable and random damage to
the plaintext if an attacker attempts to change the ciphertext in an effort to
weaken Windows security. Ferguson also describes some key strengths of
BitLocker, such as it's ability to encrypt and decrypt with a performance loss of
only about 5%, as the encryption process and diffuser work faster than the peak
data rate of a hard disk. He also admits, however, that, „as a pure block cipher
[their] construction has many weaknesses when analyzed in the standard block
cipher attack model.” (Ferguson 2006) Lastly, but most importantly to this project,
Ferguson outlines potential attack scenarios and rules them out based on the
features of BitLocker. He explains how because of the diffusers, BitLocker makes
it impossible to match pairs of plaintext and ciphertext, as one traditionally would
when attempting to break code. An attacker attempting to compare plaintext to
ciphertext would find, that the plaintext is obstructed by an exlusive or function
using a sector key derived from encrypting the sector number with the AES key,
and the two diffusers, making the comparison a very time-consuming task.
The Elephant Diffuser was developed especially for BitLocker. In AES-CBC +
Elephant diffuser (Ferguson 2006) Niels Ferguson goes into detail about the
selection process of the encryption algorithm for BitLocker, and why no existing
cipher satisfied the requirements, and thus an existing cipher had to be
augmented with the functionality of a diffuser. The Elephant Diffuser is actually
comprised of two diffusers working similarly in opposite directions, which rotate
every other consecutive bit a predefined amount. This system was designed
simply to strengthen the already robust AES cipher, and to add an extra layer of
security on top of the cipher.
Author: 08008480
11/05/2010
16
2.2.2 How it Works
In Implementing BitLocker Drive Encryption for forensic analysis (Kornblum
2009), Jesse D. Kornblum talks about where and how BitLocker keys are stored.
To the author's surprise, the Full Volume Encryption Key (FVEK) is stored on the
protected volume, itself, along with a series of other keys and key unlockers. The
number of keys stored in the drive's metadata depends on the number of access
mechanisms that can be used to access the drive, such as the Trusted Platform
Module (TPM), USB key, recovery password, etc. For each access mechanism,
BitLocker creates a copy of the Volume Master Key (VMK) encrypted using AESCCM with the access mechanism's key, along with the reverse, the access
mechanism's key encrypted with the VMK. This approach allows an access
mechanism to be used to decrypt the VMK, which is then used to encrypt one of
the redundant copies of the FVEK encrypted using AES-CCM with the VMK. The
whole system operates on the assumption that an attacker cannot get access to
any of the keys from any external sources. If an attacker gains access to one of
the keys, he or she will in theory be able to decrypt all the others.
When encrypting, BitLocker takes each sector of the disk and performs an
exclusive-or (XOR) operation on it, using the sector key, derived from two
variations of encrypting the sector number with AES-CBC. The product of the
XOR operation is then passed through both the clockwise and counterclockwise
diffusers. Next, BitLocker computes the Initialization Vector (IV) for the AES-CBC
function by mapping the sector number into a unique 16-byte value and
encrypting that with AES-CBC. Finally, BitLocker encrypts the sector contents
using the IV and the Full Volume Encryption Key. When decrypting, BitLocker
performs the same functions in reverse order. (AES-CBC + Elephant diffuser,
Ferguson 2006)
2.2.3 Potential Vulnerabilities
Obtaining keys from external sources could be as simple as looking around for
anything resembling keys or passwords, but could also include things like data
scavenging, TPM bus eavesdropping, or a number of other techniques, most of
which do not require specialized equipment, but rely heavily on lucky coincidence.
Author: 08008480
11/05/2010
17
For example, if the computer's owner wrote down the password to disable
BitLocker, and just happened to put it in plain sight; or if the forensic analyst
somehow managed to get an unencrypted copy of the computer's hibernation
dump file. In a paper called, Analyzing Trusted Platform Communication (n.d.),
Kursawe, Schellekens, and Preneel explain a vulnerability found in the Trusted
Platform Apparatus. According to their research, the TPM is quite secure and
tamper-proof, however the bus that data travels on to and from the TPM is not
secure. The explain that it would take a lot of time to make sense of the data
gathered by observing this bus, but in theory, the BitLocker keys could be
obtained, however, the eavesdropping device would have to be present during a
successful boot-up.
A few commercial products claim to be able to circumvent BitLocker or to be able
to find the keys used in the encryption. In a Windows Security Blog entry named,
Windows BitLocker Claims (Cooke, 2009), Paul Cooke explains how these
programs work, and the folly in their design. Some of these programs seem to
rely on the concepts outlined in Lest We Remember: Cold Boot Attacks on
Encryption Keys by Halderman et al (2008), who were able to recover encryption
keys from a machine by taking a memory image from the target machine, and
finding the keys within it. One such site advertising a program, which allegedly
“cracks BitLocker” published an update explaining that their program, like other
drive encryption programs, needs “a physical memory image file” of the target
computer, which relies completely on the machine continuing to run until the
attack was carried out. In his blog, Paul Cooke says that BitLocker is meant to
protect data at rest, which means while the computer is off, and says that users
are warned of the dangers of leaving a computer on in BitLocker's Best Practice
guidelines.
Other programs, which claim to be able to break through BitLocker security rely
on having physical access to the target machine on several occasions. Paul
Cooke describes this as a very unlikely scenario, and dismissing it as a low risk to
real-life BitLocker users. He says, “Even with BitLocker's multi-authentication
configurations, an attacker could spoof the pre-OS collection of the user's PIN,
store this PIN for later retrieval, and then reboot into the authentic collection of the
Author: 08008480
11/05/2010
18
user's PIN. The attacker would then be required to gain physical access to the
laptop for a second time in order to retrieve the user's PIN and complete the
attack scheme. These sorts of targeted threats are not new and are something
we've addressed in the past; in 2006 we discussed similar attacks, where we've
been straightforward with customers and partners that BitLocker does not protect
against these unlikely, targeted attacks.” (Windows BitLocker Claims, Cooke
2009)
All these potential methods of circumventing BitLocker are completely
circumstantial, in that they rely on conditions outside the attacker's control. For
instance, the aforementioned method can only work if the machine in question
uses the PIN as an unlocking mechanism; if the machine uses only the TPM and
USB key as unlockers, then this method cannot work. There is a method, which
could obtain a copy of the target machine's memory image and allow the attacker
to harvest the AES keys from it, but it would be practically impossible to maintain
transparency with this method because of the security features included in
Windows. If an attacker infected the target machine with a program, which would
perform a memory dump on the target machine while it's logged in and running,
and send the dump file back to the attacker over the network, the attacker would
only have to have physical access to the machine once. This attack is still a bit far
fetched, because the user of the target machine would have to download and run
the program on the target machine, and the program would have to go to great
lengths to suppress the Windows Defender warnings, which would undoubtedly
pop up during it's operation. Furthermore, Paul Cooke explains in Windows
BitLocker Claims (2009) that memory dumps can only be performed with
administrative privileges or by using Direct Memory Access.
Overall, BitLocker is protected quite strongly against many forms of attack, and a
brute force attack on a any part of the system, be it the keys themselves, or the
recovery password would take an immensely long time to perform.
2.3 Section Review
EFS and BitLocker are both relatively strong encryption systems, and truly
Author: 08008480
11/05/2010
19
breaking them would take creativity and effort. It does, however, seem easier to
invent ways to bypass the systems by using their own protective features against
loss and forgetfulness.
EFS seems to be the weaker of the two, as it encourages users to store digital
certificates with easily crackable passwords. The keys used in EFS to encrypt the
data are very strong and would take a long time to break, so a head-on approach
seems a bit futile – an investigator should pay close attention to removable media
during forensic acquisition, as it may contain digital certificates related to
encrypted data. Also, since the certificates are stored in the user's X509 store, an
intruder may gain access to the encrypted data simply by logging onto the user's
account or the Administrator account on the target machine.
BitLocker is quite a bit more tricky, on account of it's multiple access mechanisms.
The keys related to each mechanism, however, are stored on the protected
volume, itself, which seems to imply, that with enough time and CPU cycles, the
system could be broken. Since checksums derived from running startup code are
needed to unlock the key within the TPM (Implementing BitLocker Drive
Encryption for Forensic Analysts, Kornblum 2009) and a single change to the
running code could result in complete data loss, BitLocker seems to make
security a bit more lax when critical system updates are installed on the machine
by introducing a password which completely disables the system. Investigators
should look for the presence of this password in the volume metadata. The
password being present on the volume could imply that the user has also written
the plaintext password down somewhere, as the password is too long and
complex to remember.
Microsoft are aware of the vulnerabilities in both of these encryption systems, and
they maintain that neither should be used on it's own (Windows BitLocker Claims,
Cooke 2009). Working in unison, however, these systems provide a very robust
barrier against intrusion, and make it very difficult for anybody to gain access to
the encrypted data. For example, all the weaknesses in EFS related to a user
gaining access to the administrative account on the target machine are no longer
a threat if the entire disk is encrypted, as access to data at rest is blocked by
Author: 08008480
11/05/2010
20
BitLocker. Using both mechanisms in conjunction severely limits the ways in
which an intruder might gain access to the data even if they were able to find a
key or password written down near the target machine – they would still have to
defeat other security measures in order to gain enough access to the machine to
make use of their find. It is, therefore, safest to use both encryption methods
simultaneously to best protect the data stored on the machine.
2.4 Best Practice Guidelines for Windows Encryption
As stated previously, because the effectiveness and reliability of EFS relies on
Windows authentication, it is best to use it in conjunction with BitLocker. BitLocker
will protect the hard disk, and the operating system settings contained on it while
the computer is off. In order to reset the Administrator account password to null,
an attacker would have to physically remove the hard disk, mount it in a foreign
(non-Windows) system, and remove the SAM files from the disk; BitLocker makes
this attack much more difficult by making the hard disk illegible to the foreign
machine without the appropriate keys.
When using BitLocker, it is advisable to turn the computer off completely each
time the machine will be left unattended. BitLocker stores the only plaintext copy
of the encryption key in RAM memory while the computer is running, and the only
attack scenario, which compromises BitLocker in a timely manner makes use of
exactly that weakness. BitLocker is designed to protect data at rest, meaning that
even the creators of the encryption software acknowledge that the system is
vulnerable if left on.
Lastly, a user exporting EFS certificates should store them in a safe place, and
ensure, that a strong password is put on files containing that user's private key.
EFS encryption can sometimes be used as a method of authentication, because,
unless the private key has been attained by an impostor, the owner of the digital
certificate should be the only one able to encrypt data with that particular key;
because the public key corresponds to only one private key, people holding the
public key can ascertain that the data was in fact encrypted by that person.
Author: 08008480
11/05/2010
21
Although keeping the private key safe is paramount, if an intruder gains access to
the public key, they can still read the encrypted data, rendering the encryption
process useless.
Author: 08008480
11/05/2010
22
3. Vulnerability Exploitations
3.1 CertCrack
Exported EFS Digital Certificate Password Cracker
3.1.1 Introduction
CertCrack is a C# solution which tackles the problem of breaking into digital
certificates associated with encrypted file system content in Windows machines
for forensic purposes. This solution is meant for digital forensic investigators
attempting to break into encrypted content on seized computers or removable
media.
3.1.2 Background
When a digital certificate is exported, the user is asked to give it a password in
order to protect the keys stored within. A certificate password has a maximum
length of 32 characters. Windows does not attempt to correct the user when they
enter a weak password, nor does it impose any minimum length limits on the
password – the user is free to enter anything he or she wants. In fact, when
tested, the certificate export wizard allows even a one or two character password
when exporting a private key certificate; public key certificates are saved with no
password at all. Not many average users would enter a strong password for very
simple reasons, like not being able to remember it later.
A dictionary attack is an attack using a bank of weak passwords that users
frequently use, such as the word „password” or the key combination „qwerty”. A
dictionary attacks simply tires every weak password in order to try to gain access
to something. If a weak password is suspected, this attack strategy is preferable
to a brute force attack as it takes less time than brute force. However, the
downside of using a dictionary attack may be that the password, however weak,
may simply not be included in the pool of weak passwords in the given dictionary.
Author: 08008480
11/05/2010
23
A brute force attack is quite time-consuming, but theoretically, a well mounted
brute force attack cannot fail as it tires every single possible combination of
supplied characters possible until the password is cracked. The main
disadvantage of the brute force method is it's time consumption – in a trial,
CertCrack took 19 minutes and 31 seconds to crack the password „fred” using a
pool of lowercase letters and numbers. This is not an ideal method and should be
used as a last resort. Since CertCrack is meant to automatically obtain the
password from the digital certificate by brute force, which means it takes an array
of characters (which could range from a-z, A-Z, 0-9; and can include non-standard
foreign characters such as ą, ę, ó, ż, ź, etc) and strings them together in a loop
using every possible permutation of those characters to form a password of up to
32 characters, it's operation could be quite time consuming, and potentially futile if
the character set the program is using does not contain the characters used in the
password. There is a certain risk in using brute force, as the more characters are
in the array, the longer it will take for the program to find the password, but if the
password contains special characters not contained in the array, the password will
never be discovered. This is why it is important for the analyst using CertCrack to
choose a character set wisely – for example, if the computer on which the
certificate was found has a French copy of Windows, it might be wise to include
French language characters in the character array.
3.1.3 Design
The design of this solution progressed through various stages before the looping
sequence that generates the password string was perfected. Even though the
program still operates using a series of 32 nested loops to reflect the maximum
length of the digital certificate password, it now features a system in which,
instead of ascending through ASCII values, it now cycles through predefined sets
of characters. This allows the user to choose easily between character sets, and
even create custom ones.
Appendix 5a, shows a basic representation of the program's startup functions and
user interaction. The menus which appear in front of the user are a simple design,
as the program should stay modest yet functional. The author would also suggest
Author: 08008480
11/05/2010
24
removing the visual indicators, which display the current password being tried by
the program – displaying things on screen takes up unnecessary processor
cycles, which are vital when cracking passwords. Appendix 5b, shows the
program flow when using Dictionary mode. A convenient feature of this program is
that in the eventuality of not obtaining the password using Dictionary mode, the
program will ask the user to start Brute Force mode, shown in Appendix 5c,
instead, using the same parameters, so the user does not have to retype the file
path.
3.1.4 Methodology
This solution assumes a scenario in which the investigator has access to the
media containing the encrypted data and a copy of the exported digital certificate
created when the data was encrypted. The main weakness of this method of
encryption is that the digital certificate is protected by a password; CertCrack is
designed to exploit that weakness. CertCrack has can employ two methods to
break the password – a dictionary attack, and a brute force attack. The
benchmarks for both of those methods depend on the size of the password for the
brute force attack, and the existence and placement of the password in the
dictionary for the dictionary attack.
3.1.5 Usage
When CertCrack is turned on, it asks the user to choose a cracking method,
display the information page, or exit. See Appendix 5e, Figure 1. Methods include
1. Dictionary, and 2. Brute force. Each of the aforementioned options responds
with the appropriate method, which will be described later on. If successful, each
method displays the resulting successful password, the time it took to obtain the
password, and prompts the user to add the unlocked certificate to the Personal
certificate store on the current machine. Importing the certificate is optional, so
the user may quit at that point and import the certificate elsewhere with the
obtained password. See Appendix 5e, Figures 2.3 and 3.3.
The cracking methods are as follows:
Author: 08008480
11/05/2010
25
Dictionary (Appendix 5b)
The user is prompted to input the location of the certificate file (see Appendix 5e,
Figure 2.1) and then given the choice to either use the embedded dictionary or
load up a custom dictionary file (see Appendix 5e, Figure 2.2). The embedded
dictionary contains weak alphanumeric passwords in English. The custom
dictionary option exists primarily to load more complex dictionaries, or ones more
catered to the target system, such as ones compiled based on the certificate
creator's birth date, anniversary dates, or kids' birthdays, combined with their
favorite sports figures or activities. The native dictionary takes about 30 seconds
to work through, and it's a good first line of offense for vulnerability testing.
Once both the file location and the dictionary are loaded into memory, the
program attempts to open the certificate using each password supplied until a
successful password is found or until the end of the pool of passwords is reached.
If successful, CertCrack displays the password and the content of the certificate
(see Appendix 5e, Figure 2.3), and goes on to ask the user if he or she wants to
import it to the current machine. If unsuccessful, the user is prompted to use brute
force instead.
Brute Force (Appendix 5c)
Upon initiating the brute force method, the user is asked for the location of the
digital certificate (see Appendix 5e, Figure 3.1) and a menu appears with a series
of predefined character sets (or alphabets) and an option to input a custom
character set (see Appendix 5e, Figure 3.2). The predefined options are different
permutations of English alphanumeric characters with or without numbers and
capital letters.
The solution then starts a series of 32 loops, which cycle through all the
characters in the pool one at a time in order to produce every possible
combination of those characters. The first character is blank, which allows the
program to create attempted passwords which are less than 32 characters long.
Author: 08008480
11/05/2010
26
If successful, CertCrack displays the password and the content of the certificate.
and goes on to ask the user if he or she wants to import it to the current machine
(see Appendix 5e, Figure 3.3). If unsuccessful, it displays a message to the user
to add to the pool of characters, as the certificate password likely contains
characters not native to the English alphabet, or not contained in the chosen
character set.
3.1.6 Future Work and Shortcomings
CertCrack also does not attempt to add characters to the dictionary passwords,
such as trying different number combinations. This means that a dictionary would
have to include not only text passwords, but also text and number passwords,
such as, say „fred1” instead of just „fred.” It would also be advisable to include
such a function in the future.
Another good feature that the solution should have is to be able to save the digital
certificates obtained by cracking the password as exported certificates with no
password. This would improve the ease with which the certificates could then be
deployed on other machines. This can, however, be done manually by importing
the certificate, and then exporting it again with no password.
Finally, and most importantly, this solution should have a way to distribute the
work among different nodes if such are available. Cracking a 32 character
password could take a long time, and this time could be shortened significantly by
sharing the necessary processing among different machines. CertCrack should
be made to operate in a distributed environment.
For the purposes of this demonstration, CertCrack does enough to show its
usefulness and versatility. Most of the suggested changes to this solution can be
added within a very short time.
3.1.7 Evaluation
CertCrack is in all respects a very useful application with much room to grow.
Author: 08008480
11/05/2010
27
Although it is meant to aid in digital forensics, it could also be used by persons
who simply forgot or misplaced the password needed to decrypt some data.
There are many features which could be added to this solution in order to make it
better, simpler, and faster, but the project has a good foundation and can be
easily modified to include those features.
As a tip for EFS users, when exporting a private key laden digital certificate in
accordance with Microsoft's Best Practice Guidelines, the user should pay
particular attention to the length and complexity of their password. A password
with only four lowercase alphanumeric characters can be cracked by CertCrack in
about 20 minutes. Adding one extra character extends that time to about 11 hours
and 30 minutes on a single machine with a 2GHz processor.
3.1.8 Source Code
See Appendix 5d.
3.2 Distributed BitLocker Cracker
Multi-client Distributed AES-CBC Brute Forcer
3.2.1 Introduction
The Distributed BitLocker Cracker is a C# command line solution utilizing a clientserver architecture to produce parallel computing environment to significantly cut
down the time it takes to crack a 128-bit, randomly generated key. The solution is
meant to be run on a host machine directly connected to the BitLocker-encrypted
hard disk and can potentially support thousands of simultaneous clients which,
when combined, have enough processing power to crack a key of that size in a
relatively comparatively short amount of time.
The author would like to point out that the Distributed BitLocker Cracker is not
finished and not ready for industry application. Due to various hardware-related
setbacks over the course of this project, this solution currently only emulates a
BitLocker-encrypted volume by encrypting an NTFS volume sector with AES in
Author: 08008480
11/05/2010
28
CBC mode. The methodology and principles in this demonstration are sound, but
the solution has not been tested or adapted for working with a true BitLocker hard
disk.
3.1.2 Background
In AES-CBC + Elephant diffuser - A Disk Encryption Algorithm for Windows Vista,
Niels Ferguson (2006) explains plausible attack scenarios which an intruder might
use against the BitLocker system, effectively ruling out most conventional
avenues for attack on an encrypted system (such as matching plaintext and
ciphertext pairs or attempting to affect system stability by changing ciphertext
bits), and demonstrates how a more direct and unfortunately hugely resourceconsuming method is needed to break the encryption.
Although actually decrypting a BitLocker volume using this method within our
lifetime is not possible even if we were to utilize all the processing power on the
planet (128-Bit Versus 256-Bit AES Encryption, Seagate 2008), this solution
provides a backbone for a future endeavor to crack the encryption. To realize
exactly the computing power required to break a 128-bit AES key, one must take
into account just how many key combinations exist within that key space.
Accurate to the nearest ten million, the number of unique keys derived from a
128-bit key space, in scientific notation is:
3.4028236692093846346337460743177x1038. In data storage terms, there are
9,903,520,314,283,042,199,192,993,792TB of keys to be tested. Based on this
information, to successfully brute-force the 128-bit AES key, the system would
need to try 10,783,127,828,133,147,806,075,110,339,701 keys per second to
reach the end of the keyspace in one year, or approximately
5,391,563,914,066,573,903,037,555,169,851 keys per second to successfully
brute-force they key in one year (since on average half the keyspace has to be
tested before finding the correct key). The effectiveness of this method relies
heavily on Moore's Law, which states that the processing power of computers
doubles every year, as well as the number of client machines working in tandem
to crack the encryption.
Author: 08008480
11/05/2010
29
On the other hand, earlier this year, the 768-bit RSA cipher has successfully been
brute-forced (Researchers crack 768-bit RSA, Halfacree 2010). In Factorization of
a 768-bit RSA modulus, Aoki et al (2010) outline their methods of cracking the
768-bit key, which is significantly larger than the 128-bit or 256-bit keys used by
BitLocker. According to the report, the sieving process alone took almost two
years using “many hundreds of machines”, but the fact that it has been done
gives hope to cracking the AES cipher in a timely manner. Realistically, the two
encryption methods are, however, quite different – RSA relies on factorization of
prime numbers, meaning that not all the keys in it's 768-bit key space will be
useful; AES on the other hand does not have such a limitation, making it
significantly harder to brute force.
3.2.3 Design
This solution is designed to work with one server and multiple clients in close
proximity, as it could cause a lot of network traffic. The communication protocol
between the client and the server can be seen in Appendix 8.
To a certain extent, this application is still in it's design stages. This program can
never be applied commercially, until a proper key distribution system is invented.
Furthermore, due to technical difficulties (see Time Management), the author was
not able to implement all the required mechanisms in order to allow the Server
program to read BitLocker volumes. At the moment, the Server can only act like
it's reading an encrypted volume by encrypting the first sector of the NTFS
volume with AES in CBC mode, in a similar way to BitLocker.
These two applications also went through different stages of design. For instance,
the key management method in this solution has changed several times, starting
from being a Client-side file containing base64 passwords to now being a Serverside randomly dispensing algorithm.
Server
Appendix 6a, describes the server program's startup functions and interactions
Author: 08008480
11/05/2010
30
with the user and the client program. At the moment, other than prompting the
user for the location of the encrypted hard disk at the beginning, the server
program does not interact with the user. Further interaction happens with client
programs, when they ask the server either for a copy of the initialization data or a
set of keys to try.. If the client program requests the initialization data, the server
starts the SectorSender class and sends the requested information (see Appendix
6e). At this point in time, since the Server cannot actually mount BitLocker
volumes, it needs to first encrypt the first sector of the NTFS (see Appendix 6f).
The server program is expected to stay on until the end of the key pool is
reached. The server does not have any user control that turns it off, and must be
turned off using the key combination, CTRL+C.
Client
Appendix 7c shows the core functions of the Client program. After connecting to
the Server, the Client program goes through an incrementing loop, which counts
to three, incrementing from the function which gets the sector from the Server
program, through the function responsible for decrypting it as well as acquiring
more keys, should it run out (see Appendix 7d), until it finally reaches the third
and final function, which disconnects it from the Server.
3.2.4 Methodology
It is very difficult, if not impossible, to guess a randomly generated AES key or
even decrease the key sample size without running extensive tests on the
machine it was generated by and knowing in-depth details of the randomizer
used; and even then, if a fault exists in the randomizer, a single hardware change
may sometimes offset the random values generated. The focus of this solution is
to provide an effective solution for cracking the AES cipher that will produce
results in the least amount of time. The only way to achieve that is to use as much
processing power as possible, and since even the 128-bit key space is too much
for a single processor to go through, a distributed system is the only feasible
answer; though admittedly, the computing power available to the author is not
sufficient to successfully crack AES at this time.
Author: 08008480
11/05/2010
31
The Distributed BitLocker Cracker uses a threaded server architecture to allow
multiple clients to connect to it and take on a portion of the key space and begin
attempting to brute-force it. In order to achieve the benchmark figures discussed
in the previous subsection, thousands of clients need to connect to the server at
the same time. In theory, with a threaded server, should be able to handle this
amount of connections, but in practice the server itself needs to be a very
powerful machine with a huge network card buffer that won't overflow causing a
potential false negative based on a hardware failure. For the purposes of testing
this solution with a small, predefined key sample base, it is sufficient to run the
server on a home PC.
One of the biggest challenges in using a multiple client architecture is keeping
track of the keys which were already checked. Since there's
9,903,520,314,283,042,199,192,993,792TB of keys, they cannot simply be stored
in a file and distributed to the clients on demand. The design implemented to date
involves the server sending the client 24 bytes of key material, and the client
attempting to brute force the remaining bytes. For the purpose of demonstration,
the server currently has five hard-coded 24-byte key samples in an array list.
Tested key samples are removed from the array list. This is not a good system,
however, as if we were working with a real 128-bit key space, then there would be
a vast number of keys that the server would have to store in memory; if we don't
have the storage capabilities to store these keys on hard drives, a single server's
memory modules definitely will not suffice.
3.2.5 Usage
The Distributed BitLocker Cracker is an interdependent client-server program,
which means that neither program will actually accomplish anything without the
other running. In order for both programs to work correctly, the user must first
connect the hard drive they intend to test to the machine with the server program,
run the server, and point it to the appropriate hard drive (see Appendix 6g, Figure
1). When the server program indicates that it has successfully initialized, client
programs may begin to work from other machines on the network.
Author: 08008480
11/05/2010
32
The following are the individual program flow descriptions for the client and
server.
Server (Appendix 6)
As mentioned before, the server must be started and initialized first. When the
program is started, it queries the operating system to find out what disks are
currently plugged into the computer. The program displays a menu asking the
user to pick a hard disk based on their hardware descriptions (see Appendix 6g,
Figure 1). In case of doubt, the user can check the Storage snap-in in Computer
Management to find out which hard disk contains the BitLocker partition. Once a
hard disk is selected, the program starts the threaded server and awaits client
connections.
When a client has connected, the server sends the client the sector size of the
chosen hard drive, followed by the first sector directly from the disk, containing
raw, unencrypted data (see Appendix 6g, Figure 2). The server then waits for the
client to request a sample key range. When it receives the request, the server
sends a 24-byte key sample to the client. The server then waits for input from the
client, which could be either a key, which the client believes could successfully
decrypt the data, or an instruction for what to do next. If the server receives a
potential successful key, it stores it in an array list (see Appendix 6g, Figure 4)
and to “C:\Successful BitLocker Keys.txt” (see Appendix 6g, Figure 5) for future
processing. At the moment, this path is not modifiable, and exists only for testing
purposes. In order to avoid server-side storage issues, the program does not
accept blank keys (those comprising of all zeros) in case an error occurs and the
client sends bad data. The instructions the client could send instead of a key are
a request for another key segment, or a notification of the client quitting. The
server either sends another 24-byte key segment or doesn't, depending on the
instruction sent. If the end of the key pool is reached, the server disconnects from
all clients.
If the Client unexpectedly quits, the key the Client was currently working on gets
added back to the key pool by the server (see Appendix 6g, Figure 3).
Author: 08008480
11/05/2010
33
Client (Appendix 7)
The client can be turned on either with command line arguments or without. The
valid command line arguments are an IP address and port number of the server. If
these numbers are not supplied when the program is turned on, it asks for them
one by one. When both numbers are obtained, the client attempts to connect to
the server.
Upon successful connection, the client receives the sector size and instantiates a
byte array the size of the sector. Next, it acknowledges success, and receives the
raw sector data (see Appendix 7f, Figure 1) . It is important that the data sent by
the server and the byte array in the client are the same size, otherwise, an
exception could occur, or the byte array would automatically be padded with
zeros, which would offset the decryption process and produce incorrect results.
The client then requests a key segment, and waits for the server to send the 24byte sample. When the sample is sent, the client extends the key size to 32
bytes, pads the remainder with zeros, and attempts to brute-force the key by
cycling through integer values of 0 to 255 on each of the bytes above 24 (see
Appendix 7f, Figure 2). If the client program encounters a key which produces a
successful comparison value between the decrypted disk data and it's
preprogrammed sample, it sends the key to the server. If the client reaches the
end of the sample range, it requests more keys from the server. The server also
accepts an instruction to disconnect from the client without sending more keys,
but this feature is not supported in the client program yet. If the client requests
more keys, and the server notifies it that there are no more, the client disconnects
and notifies the user that the end of the key pool has been reached.
3.2.6 Future Work and Shortcomings
The easiest feature that should be implemented within this solution is the ability
for the client program to pause what it's doing, or quit after completing the current
key space. Without this feature, each client becomes tied up performing one task
until the server notifies the client of the entire 128-bit key space being finished. If
Author: 08008480
11/05/2010
34
the client could stop and disconnect from the server after finishing just a segment
of the key pool, it would make it easier to allow the host computer to be used for
other things, and it would not conflict with the key distribution system, which, at
the moment, cannot save a client's progress or add a 24-byte key sample back to
the array list unless an exception occurs or the client forcibly quits, and all testing
done by that client is lost. It may be necessary to send periodic updates to the
server to notify it that the client has completed a certain stage. This way, perhaps,
if the client quits, the key could be put into a priority queue, and another client
could pick up where the previous client left off.
The server program should be able to save it's own state in case it exits. The
server may not be able to retain all the client connections, but it should be able to
add the unfinished keys back into the pool, and continue on from where it left off.
This would help avoid the problem of the server unexpectedly quitting (for
instance because of a power outage) and losing all the progress done so far.
The most important feature of this solution that still needs work is the key
distribution system. Since there is such a vast number of keys to be tested, the
program needs to keep track of which keys have already been examined, and
which client gets which keys to test. A list of keys cannot be compiled on a single
machine, because of it's stellar proportions, without encountering exactly the
same bottleneck as with attempting to brute-force the AES cipher with a single
machine. It is possible, that a government body would possess enough data
storage space, however, a home user would have to purchase almost ten octillion
1TB hard drives in order to contain every single key permutation in the 128-bit key
space. The problem of storage space also increases exponentially, when
considering client reliability. In order to safeguard against client machines
unexpectedly quitting and costing the operation considerable processing time, the
server should be able to poll a client to ascertain if it's alive and how far along it's
progressed with it's assigned key space, while maintaining exclusivity between
the client and the key space. This implies that each key space would have to be
assigned a state, such as checked, unchecked, and engaged. This also raises the
question of whether the randomizer is a good idea. On one hand brute-forcing the
entire key space randomly could potentially be faster, as there is a higher
Author: 08008480
11/05/2010
35
likelihood of one of the clients receiving a key segment containing the correct key
from the middle or end of the key space early on, but it requires a lot of space,
and huge computational effort to achieve. On the other hand, the thorough
approach of systematically going through each key permutation one after the
other would be far more time consuming, but it may be necessary in order to
avoid the storage issue with the random key method – if the keys are fed
systematically to the clients, then the server may simply need to store a per cent
value representing the progress between key a 128-bit key consisting of all zeros
and a key consisting of all ones. This would require heavy mathematical
computation on the part of the server, but it would eliminate any need for storage
space.
It may also be a good idea to allow the user to set a key sample size that will be
sent to each of the clients. Larger key ranges will take the client nodes longer to
get through and will generate less network traffic. With smaller key sizes,
however, each client could be done much faster, and if the pause and quit feature
discussed earlier is complete, this could be advantageous to the program's ability
to quickly yield the processor to another task. Unfortunately, smaller key sample
ranges would generate a lot of network traffic and would slow down the overall
performance of the system, because network speed would have to be factored
into the overall time it takes the solution to reach success.
At the moment, this solution only supports 128-bit encrypted volumes.
Theoretically, 256-bit encryption key support should be added, however, the 128bit cipher may be beyond our capabilities to break, so to optimistically think that
breaking the 256-bit cipher is attainable would be quite naive.
Since this solution was created for demonstrative purposes, a lot of the features
necessary for it to perform with tangible systems, rather than experimental virtual
machines have been omitted. For instance, the program cannot differentiate
between 256- and 128-bit encrypted disks. If a hard disk was pulled out of a
foreign computer, the analyst would not be aware of the system's BitLocker
configuration. In the future, this solution should be modified to automatically read
in the various options related to BitLocker, including whether or not the system
Author: 08008480
11/05/2010
36
uses the Elephant Diffuser, which is a vital part of decrypting the disk successfully.
Another idea to optimize the process of obtaining the correct key in the least
amount of time is to attempt to obtain part of the key from systems where the key
is divided and stored in different locations, such as a USB stick and the TPM. In
Lest We Remember: Cold Boot Attacks on Encryption Keys, Halderman et al
(2008) talk about their software obtaining a complete AES key from the memory
of a computer which has had it loaded into memory at the time when it was
seized. It is unclear, but certainly seems possible, that if a machine with a split
key is booted up and loads half of the key into memory, a modified version of this
software could obtain that half of the key from memory. This would drastically
decrease the number of total keys and computing power needed to crack the key.
A key space of 64 bits contains 18,446,744,073,709,551,616 total keys, which,
according to the calculations mentioned in Section 3.1.2, means that there would
be only 536,870,912TB of keys to be tested, which is significantly less than
before, and that would need to test 584,554,530,873 keys per second to reach
the end in one year. These figures are a huge motivating factor to seriously
consider implementing this feature.
A feasible and viable approach to cracking the AES cipher that this solution
should also utilize is the parallel processing power of Graphics Processing Units
(GPUs). "GPU architecture [...] currently boasts up to 128 parallel processors."
(O. Harrison, J. Waldron, 2007) Thanks to Software Development Kits such as
CUDA, programmers to access the GPU directly, and developments in the way
GPUs work now give programmers the ability to run defined code directly on
these processors (AES Encryption Implementation and Analysis on Commodity
Graphics Processing Units. Harrison, Waldron. 2007). Graphics Processing Units
are currently used to crack passwords, because they are capable of doing so 25
times faster than a standard CPU – a password that would take a CPU months to
crack can usually be cracked within three to five days by a relatively cheap GPU
(Inexpensive GPUs Pose Security Problems. Gache 2007). It would be wise to
make use of such processing power as a standard feature of this solution.
In the future, the client portion of this solution could be written as a screen saver
Author: 08008480
11/05/2010
37
or another type of background application, which makes use of spare processor
cycles, while not encroaching upon a user's interaction with the host computer.
Because of it's distributed nature, this solution could very easily mimic volunteer
computing, however, because of the fact that this program cracks encrypted hard
drive data, it may be unwise to use processor cycles of machines outside a
trusted area, at least not without extensive testing as to how prone to
eavesdropping this solution might be. If the solution was turned into, for instance,
a screen saver, a lot of planning and effort should go into ensuring continuity of
the testing between screen saver start and finish. It would be ideal if the
application returned to it's previous state when it was turned on again and
continue it's testing. Another area of uncertainty with this approach is how to tell if
a client machine is not responding, or if has simply not been idle and never turned
on it's screen saver.
Finally, the solution needs code to use the potentially successful keys for
something once it obtains them. At the moment, the program simply stores them
in an array list as well as in a file on the hard disk. This is not ideal, as the
BitLocker disk is tied up by the program, and cannot be removed and tested
further using the keys obtained from the program. This means, that even if
potentially successful keys are found, the program needs to wait till it finishes the
entire 128-bit key space before
The suggested changes to the Distributed BitLocker Cracker application should
be made over a higher level degree course with access to adequate hardware,
such as a Beowulf Cluster, or a group of dedicated machines, working for the sole
purpose of cracking the encryption. Amont other problems, testing this solution on
a single machine is rather futile, and the time constraints produced would be
highly speculative.
3.2.7 Evaluation
Although the Distributed BitLocker Cracker is not yet ready for it's intended
application, it demonstrates that it is a feasible method for cracking the BitLocker
AES cipher in the future. If this method is perfected and implemented in a suitable
Author: 08008480
11/05/2010
38
setting, there is no doubt that it would eventually achieve success – the problem
at hand is minimizing the time it would take to do so.
3.2.8 Source Code
Distributed BitLocker Cracker – Server
Server:
see Appendix 6d
SectorSender:
see Appendix 6e
Encrypt:
see Appendix 6f
Distributed BitLocker Cracker – Client
Program:
see Appendix 7c
Decrypt:
see Appendix 7d
KeySender:
see Appendix 7e
Author: 08008480
11/05/2010
39
4. Project Evaluation
4.1 Milestones
The first objective of this report, as listed in Section 1.2, Objectives, is to deliver a
list of potential vulnerabilities associated with encryption in modern Windows
systems. The objective was achieved successfully, and the findings are stated in
Section 2, the Literature Review. The Literature Review covers a wide spectrum
of attack scenarios and provides a comprehensive list of what a forensic analyst
might need to do when encountering each scenario.
The Literature Review also achieves the last objective, by giving tips and
strategies for users of Windows encryption to better protect their data. Bearing in
mind, that if an intruder gets physical access to a machine, they can usually
overcome the security features of that machine, the author is still confident, that
the advice provided in this report is sound and valid.
The secondary objective outlined in Section 1.2 is to take a practical approach to
cracking BitLocker by obtaining a copy of any of the keys, key unlockers, or
passwords, and to compromising EFS by cracking a digital certificate produced by
exporting a user's private and public key in accordance with the Best Practice
Guidelines outlined by Microsoft; and achieving all this with focus on delivering
results in the least amount of time. This was the most difficult objective, which met
with only partial success. Both solutions produced over the course of this project
apply brute-force as a method of cracking their respective targets. This means,
that computing the time it would take to crack an encryption key or password
depends on the length of the key or password, and the processing power
committed to cracking it, and therefore, it is very difficult to estimate with any
degree of accuracy how long the process might take. Since the focus of this
objective was to deliver solutions, which produced fast results, the author cannot
honestly call this a success. It should be taken into account, however, that short
of obtaining BitLocker keys from the memory modules of a live machine, as
outlined in Lest We Remember: Cold Boot Attacks on Encryption Keys
(Halderman, et al 2008), there are no fast solutions, that would crack Windows
Author: 08008480
11/05/2010
40
encryption software - BitLocker and EFS are commercial products developed by
a team of highly trained professionals with plenty of experience, and both of them
use time-tested encryption algorithms with large key sizes. In that respect, the
solutions provided in Section 3, Vulnerability Exploitations, are actually quite valid,
even though they might not be particularly fast.
4.2 Time Management
Due to the technical difficulties experienced over the course of this module, along
with the difficulties with acquiring a version of Windows which featured BitLocker,
the project followed the original schedule quite loosely.
During Trimester 1 (see Appendix 4a), the author was able to keep to the
schedule quite well until the laptop used for this project started breaking; however,
in terms of productivity, Trimester 2 (see Appendix 4b) was a disaster. At one of
the most crucial points in the whole project, the replacement for the laptop which
broke during the first trimester also broke, and the author was forced to abandon
his course in favor of something more computationally light.
4.3 Reflections
Given another chance, the author would attempt to compromise BitLocker by
developing an application, which preemptively searched the target computer's
memory for a key before the forensic acquisition of the target machine was ever
made. This is an unlikely scenario, as the forensic analyst would have to have
prior knowledge of BitLocker's existence within the target system, and the
application would have to be downloaded and opened on the target computer
without arousing suspicion. However, the results could technically be achieved a
lot quicker using this method than attempting to brute-force a 128-bit key space.
Author: 08008480
11/05/2010
41
Appendix
1. Initial Project Overview
Initial Project Overview
SOC10101 Honours Project (40 Credits)
Project Title: Disk Encryption Threat Analysis
Abstract:
BitLocker provides a secure way for an individual to hide the contents of their entire disk,
but as with most technologies, there are bound to be weaknesses and threats to the
security of the encrypted data. It is conceivable, that this technology, while appearing
robust and secure, may contain flaws, which would jeopardize the integrity of the whole
system.
Overview of Project Content and Milestones:
Over the course of this this module, I will attempt to discover and analyse weaknesses in
the BitLocker Disk Encryption technology introduced with Windows Vista and available
with Windows 7 by conducting research on work already undertaken in this field. After
analysing the published works on the topic, I will form strategies to break the encryption
and gain access to the data, and I will rigorously test these strategies and record my
results. In the end, I will create a method of cracking the security measures in the form of a
programming solution. I will also deliver some suggestions of new directions this
technology could take in order to be more secure.
The Main Deliverables:
•
Literature Review on disk encryption standards, and associated
weaknesses/threats.
•
Design of automated implementation of encryption methods, and of evaluation
tools.
•
Implementation of test/evaluation tools for disk encryption analysis, with associated
scripts/interface.
•
Evaluation of threats on disk encryption.
The Target Audience for the Deliverables:
The police, and any other government agencies interested in retrieving encrypted content
from seized computers, the Microsoft System Integrity Team, and the Research
Community.
The Work to be Undertaken:
•
Research the technologies involved, the documentation and white papers from the
creators of BitLocker, the previous work in the field, and detailed documentation of
encryption technology.
•
Analytical chapters of the report containing a summary of the findings along with
theories and potential weaknesses in the BitLocker infrastructure. (Preferably
before the Interim Review Meeting)
•
Design of a solution to extract an encryption key, or to decrypt the disk.
•
Implementation and documentation of said solution.
•
Chapters of the report evaluating the impact in the integrity of Disk Encryption
based on the findings in the analytical portion.
Additional Information / Knowledge Required:
I will need information on the Trusted Platform Module, as most new computers will rely on
this for storage of digital certificates and other data relating to trust and security. I should
also find out how the encrypted data is structured – whether everything is scrambled
randomly from start to finish, or whether there is some form of encapsulation around the
cypherstream pointing to the start, finish, and the locations of individual files within the
encrypted data. I will have to find ways to crack each individual security feature BitLocker
has, such as the TPM, the digital certificate contained on the USB key, and the 4-20 digit
PIN; and I will need to know how long it would take to break the encryption on the disk
without trying to crack the smaller barriers – if the disk is protected by the TPM, the USB
key, and a 20 digit PIN simultaneously, it may be faster to attack the disk itself by trying to
decrypt it using different AES keys until successful. Finally, I will need to extend my
knowledge of cryptographic programming with Visual C# .NET.
Information Sources that Provide a Context for the Project:
The most concise technical information related to the encryption standards used by
BitLocker can be extracted form the documentation produced by Niels Ferguson of
Microsoft. To gain insight into breaking this encryption, I will need to analyse reports of
other students, who have undertaken similar projects. Information explaining how each
particular technology related to disk encryption works can be attained from the United
States Patent Office.
The Importance of the Project:
This project will first and foremost strive to assist the legal system in recovering valuable
information from encrypted disks on computers seized from suspects. If successful, it
could assist in the prosecution of criminals by allowing the police access to otherwise
unobtainable data. This project could also aid in the development of stronger encryption
techniques by shedding light on the shortcomings of the existing system. It could help the
BitLocker development team patch up the security threats, and make the system more
robust; as well as guide them in creating the next generation of disk encryption solutions.
The Key Challenge(s) to be Overcome:
•
Finding weaknesses in the BitLocker technology.
•
Analysing and exploiting those weaknesses.
•
Writing an automated application to exploit those weaknesses and gain access to
decrypted data.
2. Interim Review Form
- Not Available -
3. Project Diary
a) Trimester 1
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 23.09.2009
Last diary date: n/a
Objectives:
put together a comprehensive reading list including published articles by students
write the Initial Project Overview
extend the reading list by scanning bibliographies of articles for relevant information
start reading
establish a rough schedule with events and deadlines relating to the project
install windows 7; encrypt windows 7 partition using bitlocker
compare journal and report data from the reading materials with the actual bitlocker system on
an ongoing basis
Progress:
•
•
•
•
•
an initial reading list has been put together
IPO has been submitted to the school office (23.09.2009)
I'm reading several documents pertaining to the topic
the schedule is roughly established, but contains only tangible dates such as deadlines
windows 7 has been installed, but I have yet to configure bitlocker
Supervisor’s Comments:
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 01.10.2009
Last diary date: 23.09.2009
Objectives:
extend the reading list by scanning bibliographies of articles for relevant information
continue reading
establish a schedule with events and deadlines relating to the project (ongoing)
encrypt windows 7 partition using bitlocker
compare journal and report data from the reading materials with the actual bitlocker system on
an ongoing basis
Progress:
•
•
•
•
Before extending the list, I want to get more acquainted with the subject
I'm continuing on with reading, and will address questions to supervisor
Schedule has been updated
I'm having some laptop problems, so the practical section of the project will wait until after
the lit review
Supervisor’s Comments:
Author: 08008480
11/05/2010
47
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 09.10.2009
Last diary date:
01.10.2009
Objectives:
Currently reading: Jesse D. Kornblum, Implementing BitLocker Drive Encryption for forensic
analysis, 2009 from ScienceDirect
Must-get list:
Microsoft Corporation. Bitlocker drive encryption technical overview. Technical report.
Microsoft Corporation, http://technet2.microsoft.com/WindowsVista/en/library/ce4d5a2e59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true; May 2008a.
Kumar Nitin, Kumar Vipin. Bitlocker and Windows Vista, http://www.nvlabs.in/node/9; May
2008
Progress:
•
•
I'm currently reading some interesting stuff about how BitLocker keeps it's keys in the
Volume Header, encrypted with the Volume Master Key, and vice versa. I struck gold with
the journal I'm currently reading. There is lots of good information there.
I need to get a hold of all the sources referred to in the current text – most are from
Microsoft, and one (Kumar, Kumar) contains source code for a version of bitlocker devised
on the basis of reverse engineering and reading spec papers.
Supervisor’s Comments:
Author: 08008480
11/05/2010
48
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 15.10.2009
Last diary date:
09.10.2009
Objectives:
•
•
•
•
Read through the lit review list
Apply for a student grant for a tester machine that could run a 3-OS bootloader with winXP,
win7, and Linux (see NVLabs paper and Princeton students’ paper and use the same Linux
they did)
Find a program capable of viewing the BitLocker volume metadata as described in
Implementing BitLocker for Digital Forensics.
Start writing draft chapters of the report
Progress:
•
•
•
•
•
•
Got items from last week:
Microsoft Corporation. Bitlocker drive encryption technical overview. Technical report.
Microsoft Corporation, http://technet2.microsoft.com/WindowsVista/en/library/ce4d5a2e59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true; May 2008a.
Kumar Nitin, Kumar Vipin. Bitlocker and Windows Vista, http://www.nvlabs.in/node/9; May
2008
I’m continuing reading through the lit review list
I need a HEX viewer for BitLocker volume metadata in order to analyze the encrypted keys.
I will ask uni instructors to see if they can provide one instead of sifting through potentially
useless junk online.
I got the application form for the student grant, and I’m in the process of submitting it.
Supervisor’s Comments:
Author: 08008480
11/05/2010
49
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 22.10.2009
Last diary date: 15.10.2009
Objectives:
•
•
•
•
•
•
Continue reading
Design and implement certificate cracker
Write chapters
Encrypt disk
Get volume information viewer
Apply for student grant – need help
Progress:
Read:
Kumar Nitin, Kumar Vipin. Bitlocker and Windows Vista, http://www.nvlabs.in/node/9; May 2008
I’m continuing reading through the lit review list
I need a HEX viewer for BitLocker volume metadata in order to analyze the encrypted keys. I
will ask uni instructors to see if they can provide one instead of sifting through potentially
useless junk online.
I got the application form for the student grant, and I’m in the process of submitting it.
I've put together a certificate cracker that uses a predefined dictionary but I need to add brute
force functionality and fully document it. Right now the design is literally on a napkin.
Supervisor’s Comments:
Author: 08008480
11/05/2010
50
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 30.10.2009
Last diary date: 22.10.2009
Objectives:
•
•
•
•
•
•
Continue finding ideas
Document certificate cracker
Write interim review document – get template from Bill
Get volume information viewer
Apply for student grant – need help
Find a copy of windows with BitLocker – ask Gordon Russell
Progress:
Still need a HEX viewer for BitLocker volume metadata in order to analyze the encrypted keys.
I will ask uni instructors to see if they can provide one instead of sifting through potentially
useless junk online.
Application deadline for student grants was October – need to find other funding.
Documentation for CertCrack started – program still needs a few features
Supervisor’s Comments:
Author: 08008480
11/05/2010
51
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 05.11.2009
Last diary date: 30.10.2009
Objectives:
•
•
•
•
•
•
Write interim document
Get a date for the interim review meeting
Continue writing dissertation – can interim document chapters be re-used?
Continue looking for Win7 Ultimate or Vista
Get volume information viewer
Find other funding
Progress:
Not sure how to put the interim review document together – but started writing
Still no hex viewer
Napier has no access to Win7 Ultimate – project hangs on funding at the moment
Need to ask student affairs about project funding
Supervisor’s Comments:
Author: 08008480
11/05/2010
52
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 12.11.2009
Last diary date: 05.11.2009
Objectives:
•
•
•
•
•
Continue reading
Write interim review document
Extend literature review to incorporate all references
Continue to find ways to acquire BitLocker for testing
Get volume information viewer
Progress:
Still a few documents left to read
Interim review document completed, just finishing up references; in-text referencing needs a bit
of work.
Extended lit review will go into the dissertation – review document will contain an abridged
version.
Supervisor’s Comments:
Author: 08008480
11/05/2010
53
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 19.11.2009
Last diary date: 12.11.2009
Objectives:
•
•
•
•
Submit Interim Review Document
Extend literature review to incorporate all references
Continue to find ways to acquire BitLocker for testing
Test information viewers
Progress:
Finished interim review document needs to be submitted; turns out some aesthetic work
doesn't translate from OpenOffice to Microsoft Office – submit in .pdf format.
Several HEX viewers downloaded, but not sure if any of them will show volume information the
way it was visible in the lit review papers.
Try Windows Vista Enterprise available from the MSDN Alliance
Supervisor’s Comments:
Author: 08008480
11/05/2010
54
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 26.11.2009
Last diary date: 19.11.2009
Objectives:
•
•
•
•
•
Submit Interim Review Document
Extend literature review and continue to look for new references
Continue to find ways to acquire BitLocker for testing
Test information viewers
New laptop will come for Christmas
Progress:
Windows Vista Enterprise download didn't work – need to try again from the JKCC onto a USB
stick. Will be done over Christmas break.
Still need to test HEX viewers.
Try Windows Vista Enterprise available from the MSDN Alliance
Waiting on new laptop to arrive as a Christmas gift. Not sure if it has a TPM or what the exact
specs are, but it will be better than the current one. And, if nothing else, it will give me a
chance to take the current one apart and clean it so it doesn't make so much noise.
Supervisor’s Comments:
Author: 08008480
11/05/2010
55
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 03.12.2009
Last diary date: 26.11.2009
Objectives:
•
•
•
•
•
Set up Interim Review Meeting
Extend literature review and continue to look for new references
Continue to find ways to acquire BitLocker for testing
Test information viewers
New laptop will come for Christmas
Progress:
Interim meeting needs to be set up as soon as possible – already weeks overdue
Waiting on new laptop to download the new software and operating systems onto it directly
Still need to test HEX viewers.
BitLocker will be accessible through Windows Vista Enterprise and Windows Server 2008
VMWare image. Windows 7 Ultimate not necessary, though would be nice to have.
At the moment still waiting for the new laptop before any tests can be done.
Supervisor’s Comments:
Author: 08008480
11/05/2010
56
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 10.12.2009
Last diary date:
03.12.2009
Objectives:
•
•
•
•
Attend Interim Review Meeting
Acquire Windows with BitLocker
Test information viewers
Wait for laptop
Progress:
Interim Review Meeting next week
Settled on getting Windows Vista Enterprise from the MSDN Alliance. Once the operating
system is downloaded, the next phase of the project will begin.
Still need to have a look at the HEX viewers, though not sure if the drive needs to be encrypted
before it's looked at with the software.
Supervisor’s Comments:
Author: 08008480
11/05/2010
57
b) Trimester 2
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 01.02.2010
Last diary date:
25.01.2010
Objectives:
Install bitlocker on the new laptop; encrypt partition and examine raw data structure
design key distribution system for bitlocker application
redesign character array for brute force loop in digital certificate application; allow user to input
custom character lists
Progress:
•
•
•
Getting errors from BitLocker saying I need to repartition the disk; Have made several
attempts, but not having any success. Can't find any documentation explaining how the disk
should be partitioned.
BitLocker has quite a big key space, so putting together a list of keys on a single machine
would take almost as long as brute-forcing itself; I'm trying to find a pre-made list.
At the moment, to add extra characters to the brute-force loop, the entire program needs to
be recompiled. There should be a way to add characters from within the program.
Supervisor’s Comments:
Author: 08008480
11/05/2010
58
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 08.02.2010
Last diary date: 01.02.2010
Objectives:
Find alternate option to Windows Vista Enterprise that has BitLocker; ask around uni to see if
the school would give me a Windows 7 Ultimate license
Use MS Visio to turn paper diagrams into technical drawings; produce professional designs
Test CertCrack with certificates generated by other people
Tune CertCrack character lists; document changes
Progress:
•
•
•
•
Still no luck with new laptop's BitLocker settings. According to documentation, Ultimate
version comes with “BitLocker Drive Preparation Tool”
Designs for the first, most basic version of CertCrack is a pencil and paper drawing – I need
to convert it into something I can add to the appendix. Also need to add newest changes to
the designs
I've tested the digital certificate program with certificates I've created, but I've never tried
one where I didn't already know the password. Need to test the application with external
input.
CertCrack still needs a way to modify the character lists for brute force without recompiling
the program. I've added 3 alphabet options (alphanumeric, CAPS alphanumeric, or
lowercase letters) but the application needs something custom
Supervisor’s Comments:
Author: 08008480
11/05/2010
59
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 15.02.2010
Last diary date:
08.02.2010
Objectives:
Finish up custom character lists for brute force in CertCrack
design proper menus in the programs; the current ones look unprofessional
continue with more lit review and start writing dissertation chapters
finish designs for bitlocker application – use brute-force
Progress:
•
•
•
•
I've managed to come up with a way to create user-defined character lists using
String.Split(). As long as the user is forewarned that they must use a certain delimiter and
that the program will only cycle through the characters the user supplies, it should work fine.
The menus made of hash signs don't look too good – must find unicode character codes for
DOS-style menus in command line applications.
My reference list still looks a bit short; granted there don't seem to be very many academic
papers on cracking BitLocker or EFS, but I should dig around for something. Also, I need to
start putting together a dissertation draft.
Because I can't get BitLocker to work, I need to start designing something that should work
based on the information supplied in the Lit Review. Hopefully by the time I design it, I'll get
a functioning copy of the software.
Supervisor’s Comments:
Author: 08008480
11/05/2010
60
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 22.02.2010
Last diary date:
15.02.2010
Objectives:
Find alternate option to Windows Vista Enterprise that has BitLocker; or attempt to
emulate it based on specs in Lit Review
Start putting BitLocker designs together in Visio
Implement native dictionary in CertCrack; add menu to choose from external or
native
Document changes
Progress:
•
•
•
While I can't get BitLocker to work, why not put together an encrypting function, that will
basically do the same thing, but with a static sector key if we're only working with one sector
(use random numbers for a start)
I'm slowly starting to implement some of the Future Work and Shortcomings points from the
Interim Review Document. One of those was to put a basic weak password dictionary into
the program in case the user can't get one. The program now features a dictionary that
contains a few weak passwords, and takes the program 30 seconds to get through on the
current (1.5GHz single core) laptop.
As always, amend the designs to reflect the current state of the CertCrack program.
Supervisor’s Comments:
Author: 08008480
11/05/2010
61
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 01.03.2010
Last diary date:
22.02.2010
Objectives:
•
•
•
•
Finish coding the Encrypt and Decrypt functions in the BitLocker programs. Debug send
and receive code.
Come up with a better way to distribute AES keys.
Continue writing dissertation chapters, using interim review document for a starting place.
Find more Lit Review describing EFS weaknesses
Progress:
I'm having a problem with the code, because it seems to send the encrypted sector, and then
floods the buffer with zeros. Need to find a way to flush the buffer between sends.
At the moment, I've come up with a series of test AES keys in base64 stored in a file on the
client side. I want the server to distribute keys to clients, but I need a list of all the keys, and
a way for the server to read in a few thousand keys from the file, and then send it to a
connecting client.
I spoke with Jim Jackson, and he said to focus on the learning outcomes outlined at the
beginning of the module, so I'm completely revising the document.
BitLocker is pretty well documented in the report so far, but I don't really seem to have any
outsiders' opinions on EFS – so far, all I have are Microsoft technical documents. I need to
find more information from people who have successfully broken it.
Supervisor’s Comments:
Author: 08008480
11/05/2010
62
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 08.03.2010
Last diary date:
01.03.2010
Objectives:
•
•
•
•
Catch up on documentation of BitLocker solution
Implement command line argument interpreters in the client program
Start producing screen shots of CertCrack utility
Set up Windows Server 2008 image and install BitLocker on it
Progress:
I'm deviating quite a lot from the original design of the BitLocker solution, so I need to modify
the designs to match what the program currently does.
At the moment, the client BitLocker program asks for IP address and port number on start, but
it's quite annoying to have to put it in each time the program starts – the program should be
able to run with the IP address and port number as command line arguments. I've got a
general idea of how to do it, just need to work out the bugs.
CertCrack needs to be well documented for the dissertation – I'll be filling the appendix with
screen shots of it working.
Just got the VM image of Server 2008, and installed the BitLocker function on it. Unfortunately,
I'm not sure if I can use the current solution with a virtual hard disk. So far it's only
configured to look for what's plugged into the machine the server program is running on,
and I think if I attempt to read the disk using my program, BitLocker will automatically
decrypt the hard drive sector i'm trying to send.
Supervisor’s Comments:
Author: 08008480
11/05/2010
63
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 15.03.2010
Last diary date:
08.03.2010
Objectives:
•
•
•
•
Attempt to isolate the hard disk file from the VM image and mount it onto the computer
with the server program.
Rewrite the SectorSender class in the BitLocker solution so it doesn't encrypt the sector
Implement authentic BitLocker functions in the decrypting class in the client
Document changes.
Progress:
New laptop just broke – backlight or backlight inverter just burned out. I will have to find an
alternate computer while I get it fixed. I also lost access to VMWare and the Windows
Server 2008 image along with the software to mount virtual disks.
I will most likely have to make do with the encryption emulator version I have backed up.
Supervisor’s Comments:
Author: 08008480
11/05/2010
64
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 22.03.2010
Last diary date:
15.03.2010
Objectives:
•
•
•
Recover backup code version
Bring recovered version to the state outlined in the technical drawings and flowcharts
based on the previous version.
Attempt to fix laptop containing current version
Progress:
The backup code version is quite a bit older than what I was working on before the laptop died.
I need to try to get it back to the state that I had the code on the other computer. At the
moment, the CertCrack program hasn't been affected, but I need to bring the BitLocker
utility back up to spec.
This is a bit difficult as well, because apparently, the computer I'm working on right now doesn't
have much hard disk space and generally isn't very fast. Will do my best, though.
Supervisor’s Comments:
Author: 08008480
11/05/2010
65
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 29.03.2010
Last diary date:
22.03.2010
Objectives:
•
•
•
Continue writing dissertation; abandon VM testing for now, but focus on extending Lit
Review and documenting software solutions to date
Try to come up with a good key distribution design
If possible, implement a demo version of this design
Progress:
Due to the laptop being out of action, I can't continue with the plan to test BitLocker with a VM
hard disk. Unfortunately, this laptop is excruciatingly slow when running it's own operating
system, and I can only imagine what it would be like if it tried running Server 2008 as well.
The BitLocker functions needed to mount the disk with the appropriate key are described in
the report, and, in more detail, in the Niels Ferguson paper from 2006.
I've actually checked the numbers, and there is more key material to deal with than I could
possibly deal with. No wonder a 'file containing all possible combinations' doesn't exist –
that's not remotely realistic. I terribly underestimated the amount of keys there was.
The storage requirements for even keeping track of which keys were checked are immense, so
I'm struggling to provide a working solution.
Supervisor’s Comments:
Author: 08008480
11/05/2010
66
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 05.04.2010
Last diary date:
29.03.2010
Objectives:
•
•
•
•
Implement a temporary key handling strategy, and add the problem to Future Work and
Shortcomings.
Document changes.
Continue working on report; make sure there are no outdated statements or inaccurate
assumptions.
Work on testing the code and finalizing everything.
Progress:
The key handling strategy for demonstrative purposes only will be one where the server sends
a 24-byte key fragment to each client, and each client will brute force the rest of the key
space. There will be five key fragments hard-coded into the server program, and one of the
key fragments will correspond with the key used to encrypt the sector.
I'm making sure that the descriptions of the programs in the report match the newest changes.
So far, it looks like with 8 bytes to brute force, the client program is taking a really long time to
finish even one key fragment. It may be wise to decrease it to 6 or 7 bytes, though it's not
necessary.
Supervisor’s Comments:
Author: 08008480
11/05/2010
67
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 12.04.2010
Last diary date:
05.04.2010
Objectives:
•
•
•
Design and implement a feature that returns unfinished keys back to the key pool in the
BitLocker application.
Start working on project evaluation and start finishing up the report.
Design the poster for the presentation.
Progress:
Before the key return feature, when a client would unexpectedly disconnect from the server, the
key would be lost, and whatever portion of the key space was not tested would be lost. With
this feature in place, instead of discarding the key, the program puts the key back into the
key pool.
I got the email with the poster guidelines. Will start working on the poster, but this means I need
new screen shots for the poster.
Supervisor’s Comments:
Author: 08008480
11/05/2010
68
EDINBURGH NAPIER UNIVERSITY
SCHOOL OF COMPUTING
PROJECT DIARY
Student: Adrian Vergin
Supervisor: Bill Buchanan
Date: 19.04.2010
Last diary date:
12.04.2010
Objectives:
•
•
•
Sign up for poster session
Finish report
Print poster and bind dissertation
Progress:
Making sure everything is done and ready to be turned in.
Supervisor’s Comments:
Author: 08008480
11/05/2010
69
4. Schedule
a) Trimester 1
b) Trimester 2
Author: 08008480
11/05/2010
70
5. CertCrack
a) Figure 1: Program
Author: 08008480
11/05/2010
71
b) Figure 1.1: Dictionary
Author: 08008480
11/05/2010
72
c) Figure 1.2: Brute Force
Author: 08008480
11/05/2010
73
d) Source Code: Program
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Collections;
namespace CertCrack
{
class Program
{
static void Main(string[] args)
{
int menu = 0;
string filePath;
string dictPath;
string result = "";
do
{
Console.WriteLine("\r\n\r\n╔═════════════════════════╗");
Console.WriteLine("║ Choose cracking option: ║");
Console.WriteLine("╠═════════════════════════╣");
Console.WriteLine("║ 1. Dictionary
║");
Console.WriteLine("║ 2. Brute Force
║");
Console.WriteLine("║
║");
Console.WriteLine("║ 9. Exit
║");
Console.WriteLine("║
║");
Console.WriteLine("║ 0. Information
║");
Console.WriteLine("╚═════════════════════════╝");
bool success = false;
do
{
try
{
Console.Write("Option: ");
menu = int.Parse(Console.ReadLine());
success = true;
}
catch
{
Console.Write ("Not a valid number. Try again: ");
}
} while (success != true);
switch (menu)
{
case 0: Console.WriteLine("\r\n\r\nCertCrack v1.0\r\n---------------\r\n");
Console.WriteLine("\r\nAbout:\t\tCertCrack is a forensic tool which cracks X509 certificates\r\n\t\t" +
"used in EFS encryption. This program works with .PFX\r\n\t\t" +
"certificates as they contain both the public and private\r\n\t\t" +
"keys. The program can has two modes of operation, Dictionary\r\n\t\t" +
"and Brute Force.\r\n\r\nModes:\t\tBrute Force mode depends solely on the length of the
password\r\n\t\t" +
"used and the characters used in the password. Dictionary mode\r\n\t\t" +
"is requires the user to provide a dictionary file containing\r\n\t\t" +
Author: 08008480
11/05/2010
74
"weak password samples, formatted one password per line. After\r\n\t\t" +
"successfully determining the password, the program displays the\r\n\t\t" +
"certificate contents and can import the certificate into the\r\n\t\t" +
"X509 store.\r\n\r\n");
result = "!";
break;
case 1: Console.WriteLine("DICTIONARY");
do
{
Console.WriteLine("Where is the certificate?");
filePath = Console.ReadLine();
} while (!System.IO.File.Exists(filePath));
int menuDict = 0;
Console.WriteLine("\r\n\r\n╔════════════════════════════════════╗");
Console.WriteLine("║ Choose dictionary:
║");
Console.WriteLine("╠════════════════════════════════════╣");
Console.WriteLine("║ 1. Native (Embedded)
║");
Console.WriteLine("║ 2. External (Text File)
║");
Console.WriteLine("╚════════════════════════════════════╝");
bool dictSuccess = false;
do
{
try
{
Console.Write("Option: ");
menuDict = int.Parse(Console.ReadLine());
dictSuccess = true;
}
catch
{
Console.Write("Not a valid number. Try again: ");
}
} while (dictSuccess != true && (menuDict == 1 || menuDict == 2));
switch (menuDict)
{
case 1: // special thanks to: http://www.openwall.com/passwords/wordlists/password.lst
ArrayList dictionaryNative = new ArrayList { "12345", "abc123", "computer", "123456", "tigger",
"1234", "a1b2c3", "qwerty", "123", "xxx", "money", "test", "password1",
"carmen", "mickey", "secret", "summer", "internet", "service", "canada",
"hello", "ranger", "shadow", "baseball", "donald", "harley", "hockey",
"letmein", "maggie", "mike", "mustang", "snoopy", "buster", "dragon",
"jordan", "michael", "michelle", "mindy", "patrick", "123abc", "andrew",
"bear", "calvin", "changeme", "diamond", "fuckme", "fuckyou",
"matthew", "miller", "ou812", "tiger", "trustno1", "12345678",
"123456789", "alex", "apple", "avalon", "brandy", "chelsea", "coffee",
"dave", "falcon", "freedom", "gandalf", "golf", "green", "helpme", "linda",
"magic", "merlin", "molson", "newyork", "soccer", "thomas", "wizard",
"Monday", "asdfgh", "bandit", "batman", "boris", "butthead", "dorothy",
"eeyore", "fishing", "football", "george", "happy", "iloveyou", "jennifer",
"jonathan", "love", "marina", "master", "missy", "monday", "monkey",
"natasha", "ncc1701", "newpass", "pamela", "pepper", "piglet",
"poohbear", "pookie", "rabbit", "rachel", "rocket", "rose", "smile",
"sparky", "spring", "steven", "success", "sunshine", "thx1138", "victoria",
"whatever", "zapata", "1", "8675309", "Internet", "amanda", "andy",
"angel", "august", "barney", "biteme", "boomer", "brian", "casey", "coke",
"cowboy", "delta", "doctor", "fisher", "foobar", "island", "john", "joshua",
Author: 08008480
11/05/2010
75
"karen", "marley", "orange", "please", "rascal", "richard", "sarah",
"scooter", "shalom", "silver", "skippy", "stanley", "taylor", "welcome",
"zephyr", "111111", "1928", "aaaaaa", "abc", "access", "albert",
"alexander", "andrea", "anna", "anthony", "asdfjkl;", "ashley", "basf",
"basketball", "beavis", "black", "bob", "booboo", "bradley", "brandon",
"buddy", "caitlin", "camaro", "charlie", "chicken", "chris", "cindy",
"cricket", "dakota", "dallas", "daniel", "david", "debbie", "dolphin",
"elephant", "emily", "fish", "fred", "friend", "fucker", "ginger",
"goodluck", "hammer", "heather", "help", "iceman", "jason", "jessica",
"jesus", "joseph", "jupiter", "justin", "kevin", "knight", "lacrosse", "lakers",
"lizard", "madison", "mary", "mother", "muffin", "murphy", "ncc1701d",
"newuser", "nirvana", "none", "paris", "pat", "pentium", "phoenix",
"picture", "rainbow", "sandy", "saturn", "scott", "shannon", "shithead",
"skeeter", "sophie", "special", "stephanie", "stephen", "steve", "sweetie",
"teacher", "tennis", "test123", "tommy", "topgun", "tristan", "wally",
"william", "wilson", "1q2w3e", "654321", "666666", "777", "a12345",
"a1b2c3d4", "alpha", "amber", "angela", "angie", "archie", "asdf", "blazer",
"bond007", "booger", "charles", "christin", "claire", "control", "danny",
"david1", "dennis", "digital", "disney", "dog", "duck", "duke", "edward",
"elvis", "felix", "flipper", "floyd", "franklin", "frodo", "guest", "honda",
"horses", "hunter", "indigo", "info", "james", "jasper", "jeremy", "joe",
"julian", "kelsey", "killer", "kingfish", "lauren", "marie", "maryjane",
"matrix", "maverick", "mayday", "mercury", "micro", "mitchell",
"morgan", "mountain", "niners", "nothing", "oliver", "peace", "peanut",
"pearljam", "phantom", "popcorn", "princess", "psycho", "pumpkin",
"purple", "randy", "rebecca", "reddog", "robert", "rocky", "roses",
"salmon", "sam", "samson", "sharon", "sierra", "smokey", "startrek",
"steelers", "stimpy", "sunflower", "superman", "support", "sydney",
"techno", "telecom", "test1", "walter", "willie", "willow", "winner",
"ziggy", "zxcvbnm", "7777", "OU812", "a", "absolut", "alaska", "alexis",
"alice", "animal", "apples", "babylon5", "backup", "barbara", "benjamin",
"bill", "billy", "bird33", "blue", "bluebird", "bobby", "bonnie", "bubba",
"camera", "chocolate", "clark", "claudia", "cocacola", "compton",
"connect", "cookie", "cruise", "deliver", "douglas", "dreamer", "dreams",
"duckie", "eagles", "eddie", "einstein", "enter", "explorer", "faith",
"family", "ferrari", "fire", "flamingo", "flip", "flower", "foxtrot", "francis",
"freddy", "friday", "froggy", "galileo", "giants", "gizmo", "global",
"goofy", "gopher", "hansolo", "happy1", "hendrix", "henry", "herman",
"homer", "honey", "house", "houston", "iguana", "indiana", "insane",
"inside", "irish", "ironman", "jake", "jane", "jasmin", "jeanne", "jerry",
"jim", "joey", "justice", "katherine", "kermit", "kitty", "koala", "larry",
"leslie", "logan", "lucky", "mark", "martin", "matt", "minnie", "misty",
"mitch", "mom", "mouse", "nancy", "nascar", "nelson", "netware",
"pantera", "parker", "passwd", "penguin", "peter", "phil", "phish", "piano",
"pizza", "porsche911", "prince", "punkin", "pyramid", "rain", "raymond",
"red", "robin", "roger", "rosebud", "route66", "royal", "running", "sadie",
"sasha", "security", "sergei", "sheena", "sheila", "skiing", "snapple",
"snowball", "sparrow", "spencer", "spike", "star", "stealth", "student",
"sun", "sunny", "sylvia", "tamara", "taurus", "tech", "teresa", "theresa",
"thunderbird", "tigers", "tony", "toyota", "training", "travel", "truck",
"tuesday", "victory", "video", "viper1", "volvo", "wesley", "whisky",
"winnie", "winter", "wolves", "xyz123", "zorro", "!@#$%", "007",
"123123", "1234567", "1969", "5683", "696969", "888888", "Anthony",
"Bond007", "Friday", "Hendrix", "Joshua", "Matthew", "October",
"Taurus", "Tigger", "aaa", "aaron", "abby", "abcdef", "adidas", "adrian",
"alexandr", "alfred", "arthur", "athena", "austin", "awesome", "badger",
"bamboo", "beagle", "bears", "beatles", "beautiful", "beaver", "benny",
"bigmac", "bingo", "bitch", "blonde", "boogie", "boston", "brenda",
"bright", "bubba1", "bubbles", "buffy", "button", "buttons", "cactus",
"candy", "captain", "carlos", "caroline", "carrie", "casper", "catalog",
Author: 08008480
11/05/2010
76
"catch22", "challenge", "chance", "charity", "charlotte", "cheese", "cheryl",
"chloe", "chris1", "clancy", "clipper", "coltrane", "compaq", "conrad",
"cooper", "cooter", "copper", "cosmos", "cougar", "cracker", "crawford",
"crystal", "curtis", "cyclone", "cyrano", "dan", "dance", "dawn", "dean",
"deutsch", "diablo", "dilbert", "dollars", "dookie", "doom", "dumbass",
"dundee", "e-mail", "elizabeth", "eric", "europe", "export", "farmer",
"firebird", "fletcher", "fluffy", "ford", "fountain", "fox", "france", "freak1",
"friends", "frog", "fuckoff", "gabriel", "gabriell", "galaxy", "gambit",
"garden", "garfield", "garlic", "garnet", "genesis", "genius", "godzilla",
"goforit", "golfer", "goober", "grace", "grateful", "greenday", "groovy",
"grover", "guitar", "hacker", "harry", "hazel", "hector", "herbert", "hoops",
"horizon", "hornet", "howard", "icecream", "imagine", "impala",
"informix", "jack", "janice", "jasmine", "jason1", "jeanette", "jeffrey",
"jenifer", "jenni", "jesus1", "jewels", "joker", "password", "julie", "julie1",
"junior", "justin1", "kathleen", "keith", "kelly", "kelly1", "kennedy",
"kevin1", "knicks", "lady", "larry1", "ledzep", "lee", "leonard", "lestat",
"library", "lincoln", "lionking", "london", "louise", "lucky1", "lucy",
"maddog", "mailman", "majordomo", "mantra", "margaret", "mariposa",
"market", "marlboro", "martin1", "marty", "master1", "mazda1",
"mensuck", "mercedes", "metal", "metallic", "midori", "mikey", "millie",
"mirage", "mmm", "molly", "monet", "money1", "monica", "monopoly",
"mookie", "moose", "moroni", "music", "naomi", "nathan", "ncc1701e",
"nesbitt", "news", "nguyen", "nicholas", "nicole", "nimrod", "october",
"olive", "olivia", "one", "online", "open", "oscar", "oxford", "pacific",
"painter", "peaches", "penelope", "pepsi", "pete", "petunia", "philip",
"phoenix1", "photo", "pickle", "player", "poiuyt", "porsche", "porter",
"ppp", "puppy", "python", "quality", "quest", "raquel", "raven",
"remember", "republic", "research", "robbie", "robert1", "roman", "rugby",
"runner", "russell", "ryan", "sailing", "sailor", "samantha", "savage",
"sbdc", "scarlett", "school", "sean", "seven", "shadow1", "sheba", "shelby",
"shit", "shoes", "simba", "simple", "skipper", "smiley", "snake", "snickers",
"sniper", "snoopdog", "snowman", "sonic", "spitfire", "sprite", "spunky",
"starwars", "station", "stella", "stingray", "storm", "stormy", "stupid",
"sumuinen", "sunny1", "sunrise", "supra", "surfer", "susan", "tammy",
"tango", "tanya", "tara", "teddy1", "temp", "testing", "theboss", "theking",
"thumper", "tina", "tintin", "tomcat", "trebor", "trek", "trevor", "tweety",
"unicorn", "valentine", "valerie", "vanilla", "veronica", "victor", "vincent",
"viper", "warrior", "warriors", "weasel", "wheels", "wilbur", "winston",
"wisdom", "wombat", "xanadu", "xavier", "xxxx", "yellow", "zaphod",
"zeppelin", "zeus", "!@#$%^", "!@#$%^&*", "*", "0007", "1022",
"10sne1", "1111", "1212", "1911", "1948", "1973", "1978", "1996",
"1p2o3i", "2000", "2222", "3bears", "5252", "Andrew", "Broadway",
"Champs", "Family", "Fisher", "Friends", "Jeanne", "Killer", "Knight",
"Master", "Michael", "Michelle", "Pentium", "Pepper", "Raistlin", "Sierra",
"Snoopy", "Tennis", "Tuesday", "abacab", "abcd", "abcd1234", "abcdefg",
"abigail", "account", "ace", "acropolis", "adam", "adi", "alex1", "alice1",
"allison", "alpine", "amy", "anders", "andre1", "andrea1", "angel1",
"anita", "annette", "antares", "apache", "apollo", "aragorn", "arizona",
"arnold", "arsenal", "asdfasdf", "asdfg", "asdfghjk", "avenger", "avenir",
"baby", "babydoll", "bach", "bailey", "banana", "barry", "basil", "basket",
"bass", "batman1", "beaner", "beast", "beatrice", "beer", "bella", "ben",
"bertha", "bigben", "bigdog", "biggles", "bigman", "binky", "biology",
"bishop", "bliss", "blondie", "blowfish", "bluefish", "bmw", "bobcat",
"bosco", "boss", "braves", "brazil", "bridges", "bruce", "bruno", "brutus",
"buck", "buffalo", "bugsy", "bull", "bulldog", "bullet", "bullshit", "bunny",
"business", "butch", "butler", "butter", "california", "cannondale", "canon",
"carebear", "carol", "carol1", "carole", "cassie", "castle", "catalina",
"catherine", "catnip", "cccccc", "celine", "center", "champion", "chanel",
"chaos", "chelsea1", "chester1", "chicago", "chico", "chip", "christian",
"christy", "church", "cinder", "civil", "colleen", "colorado", "columbia",
Author: 08008480
11/05/2010
77
"commander", "connie", "content", "cook", "cookies", "cooking",
"cordelia", "corona", "cowboys", "coyote", "crack1", "craig", "creative",
"crow", "cuddles", "cuervo", "cutie", "cyber", "daddy", "daisie", "daisy",
"daniel1", "danielle", "dark1", "database", "davids", "deadhead", "death",
"denali", "denis", "depeche", "derek", "design", "destiny", "diana", "diane",
"dickens", "dickhead", "digger", "dodger", "don", "donna", "dougie",
"draft", "dragonfly", "dylan", "eagle", "eclipse", "electric", "emerald",
"emmitt", "entropy", "etoile", "excalibur", "express", "farout", "farside",
"feedback", "fender", "fidel", "fiona", "fireman", "firenze", "fish1", "flash",
"fletch", "florida", "flowers", "fool", "foster", "fozzie", "francesco",
"francine", "francois", "frank", "french", "fuckface", "fun", "gargoyle",
"gasman", "gemini", "general", "gerald", "germany", "gilbert", "goaway",
"gold", "golden", "goldfish", "goose", "gordon", "graham", "grant",
"graphic", "gregory", "gretchen", "gunner", "hal9000", "hannah", "harold",
"harrison", "harvey", "hawkeye", "heaven", "heidi", "helen", "helena",
"hell", "herzog", "hithere", "hobbit", "huey", "ibanez", "idontknow",
"image", "integra", "intern", "intrepid", "ireland", "irene", "isaac", "isabel",
"jackie", "jackson", "jaguar", "jamaica", "japan", "jeff", "jenny1", "jessie",
"jethrotull", "jkl123", "joel", "johan", "johanna1", "johnny", "joker1",
"jordan23", "judith", "julia", "jumanji", "jussi", "kangaroo", "karen1",
"kathy", "keepout", "keith1", "kenneth", "kidder", "kim", "kimberly",
"king", "kingdom", "kirk", "kitkat", "kramer", "kris", "kristen", "lambda",
"laura", "laurie", "law", "lawrence", "lawyer", "legend", "leon", "liberty",
"light", "lindsay", "lindsey", "lisa", "liverpool", "logical", "lola", "lonely",
"lorrie", "louis", "lovely", "loveme", "lucas", "m", "madonna", "mail",
"major", "malcolm", "malibu", "marathon", "marcel", "maria1", "mariah",
"mariah1", "marilyn", "mariner", "mario", "mark1", "marvin", "maurice",
"max", "maxine", "maxwell", "me", "media", "meggie", "melanie",
"melissa", "melody", "merlot", "mexico", "michael1", "michele",
"midnight", "midway", "mike1", "miki", "mine", "miracle", "misha",
"mishka", "mmouse", "molly1", "monique", "montreal", "moocow",
"moon", "moore", "mopar", "morris", "mort", "mortimer", "mouse1",
"mulder", "nautica", "nellie", "nermal", "new", "newton", "nicarao",
"nick", "nina", "nirvana1", "nissan", "norman", "notebook", "ocean",
"olivier", "ollie", "olsen", "opera", "opus", "oranges", "oregon", "orion",
"overkill", "pacers", "packer", "panda", "pandora", "panther", "passion",
"patricia", "pearl", "peewee", "pencil", "penny", "people", "percy",
"person", "peter1", "petey", "picard", "picasso", "pierre", "pinkfloyd",
"pit", "plus", "polar", "polaris", "police", "polo", "pookie1", "poppy",
"power", "predator", "preston", "primus", "prometheus", "public",
"q1w2e3", "queen", "queenie", "quentin", "radio", "ralph", "random",
"rangers", "raptor", "rastafarian", "reality", "redrum", "remote", "reptile",
"reynolds", "rhonda", "ricardo", "ricardo1", "ricky", "river", "roadrunner",
"rob", "robinhood", "robotech", "rocknroll", "rocky1", "rodeo", "rolex",
"ronald", "rouge", "roxy", "roy", "ruby", "ruthie", "sabrina", "sakura",
"salasana", "sally", "sampson", "samuel", "sandra", "santa", "sapphire",
"scarecrow", "scarlet", "scorpio", "scott1", "scottie", "scout", "scruffy",
"scuba1", "seattle", "serena", "sergey", "shanti", "shark", "shogun",
"simon", "singer", "skibum", "skull", "skunk", "skywalker", "slacker",
"smashing", "smiles", "snowflake", "snowski", "snuffy", "soccer1",
"soleil", "sonny", "sound", "spanky", "speedy", "spider", "spooky",
"stacey", "star69", "start", "starter", "steven1", "sting1", "stinky",
"strawberry", "stuart", "sugar", "sunbird", "sundance", "superfly",
"suzanne", "suzuki", "swimmer", "swimming", "system", "taffy", "tarzan",
"tbird", "teddy", "teddybear", "teflon", "temporal", "terminal", "terry",
"the", "theatre", "thejudge", "thunder", "thursday", "time", "tinker", "toby",
"today", "tokyo", "tootsie", "tornado", "tracy", "tree", "tricia", "trident",
"trojan", "trout", "truman", "trumpet", "tucker", "turtle", "tyler", "utopia",
"vader", "val", "valhalla", "visa", "voyager", "warcraft", "warlock",
"warren", "water", "wayne", "wendy", "williams", "willy", "win95",
Author: 08008480
11/05/2010
78
"windsurf", "winona", "wolf", "wolf1", "woody", "woofwoof", "wrangler",
"wright", "www", "xcountry", "xfiles", "xxxxxx", "y", "yankees", "yoda",
"yukon", "yvonne", "zebra", "zenith", "zigzag", "zombie", "zxc123",
"zxcvb", "zzz", "000000", "007007", "11111", "11111111", "1213", "1214",
"1225", "123321", "1313", "1316", "1332", "1412", "1430", "171717",
"1818", "181818", "1950", "1952", "1953", "1955", "1956", "1960",
"1964", "1975", "1977", "1991", "1a2b3c", "1chris", "1kitty", "1qw23e",
"2001", "2020", "2112", "22", "2200", "2252", "2kids", "3010", "3112",
"3141", "333", "3533", "4055", "4444", "4788", "4854", "4runner",
"5050", "5121", "54321", "55555", "57chevy", "6262", "6301", "6969",
"7777777", "789456", "7dwarfs", "88888888", "Abcdefg", "Alexis",
"Alpha", "Animals", "Ariel", "BOSS", "Bailey", "Bastard", "Beavis",
"Bismillah", "Bonzo", "Booboo", "Boston", "Canucks", "Cardinal",
"Carol", "Celtics", "ChangeMe", "Charlie", "Chris", "Computer",
"Cougar", "Creative", "Curtis", "Daniel", "Darkman", "Denise", "Dragon",
"Eagles", "Elizabeth", "Esther", "Figaro", "Fishing", "Fortune", "Freddy",
"Front242", "Gandalf", "Geronimo", "Gingers", "Golden", "Goober",
"Gretel", "HARLEY", "Hacker", "Hammer", "Harley", "Heather",
"Henry", "Hershey", "Homer", "Jackson", "Janet", "Jennifer", "Jersey",
"Jessica", "Joanna", "Johnson", "Jordan", "KILLER", "Katie", "Kitten",
"Liberty", "Lindsay", "Lizard", "Madeline", "Margaret", "Maxwell",
"Mellon", "Merlot", "Metallic", "Michel1", "Money", "Monster",
"Montreal", "Newton", "Nicholas", "Noriko", "Paladin", "Pamela",
"Password", "Peaches", "Peanuts", "Peter", "Phoenix", "Piglet", "Pookie",
"Princess", "Purple", "Rabbit", "Raiders", "Random", "Rebecca", "Robert",
"Russell", "Sammy", "Saturn", "Service", "Shadow", "Sidekick",
"Skeeter", "Smokey", "Sparky", "Speedy", "Sterling", "Steven",
"Summer", "Sunshine", "Superman", "Sverige", "Swoosh", "Taylor",
"Theresa", "Thomas", "Thunder", "Vernon", "Victoria", "Vincent",
"Waterloo", "Webster", "Willow", "Winnie", "Wolverine", "Woodrow",
"World", "aa", "aaaa", "aardvark", "abbott", "abcd123", "abcde", "accord",
"active", "acura", "adg", "admin", "admin1", "adrock", "aerobics", "africa",
"agent", "airborne", "airwolf", "aki123", "alfaro", "ali", "alicia", "alien",
"aliens", "alina", "aline", "alison", "allegro", "allen", "allstate", "aloha",
"alpha1", "altamira", "althea", "altima", "altima1", "amanda1", "amazing",
"america", "amour", "anderson", "andre", "andrew!", "andrew1",
"andromed", "angels", "angie1", "ann", "anne", "anneli", "annie",
"anything", "apple1", "apple2", "applepie", "april", "aptiva", "aqua",
"aquarius", "ariane", "ariel", "arlene", "arrow", "artemis", "asdf1234",
"asdf;lkj", "asdfjkl", "ashley1", "ashraf", "ashton", "assmunch", "asterix",
"attila", "autumn", "avatar", "ayelet", "aylmer", "babes", "bambi",
"baraka", "barbie", "barn", "barney1", "barnyard", "barrett", "bart",
"bartman", "bball", "beaches", "beanie", "beans", "beasty", "beauty",
"beavis1", "bebe", "becca", "belgium", "belize", "belle", "belmont",
"benji", "benson", "beowulf", "bernardo", "berry", "beryl", "best", "beta",
"betacam", "betsy", "betty", "bharat", "bichon", "bigal", "bigboss",
"bigred", "biker", "bilbo", "bills", "billy1", "bimmer", "bioboy",
"biochem", "birdie", "birdy", "birthday", "biscuit", "bitter", "biz",
"blackjack", "blah", "blanche", "blinds", "blitz", "blood", "blowjob",
"blowme", "blueeyes", "bluejean", "blues", "boat", "bogart", "bogey",
"bogus", "bombay", "boobie", "boots", "bootsie", "boulder", "bourbon",
"boxer", "boxers", "bozo", "brain", "branch", "brandi", "brent", "brewster",
"bridge", "britain", "broker", "bronco", "bronte", "brooke", "brother",
"bryan", "bubble", "bucks", "buddha", "budgie", "buffett", "bugs", "bulls",
"burns", "burton", "butterfly", "buzz", "byron", "c00per", "calendar",
"calgary", "calvin1", "camay", "camel", "camille", "campbell", "camping",
"cancer", "canela", "cannon", "car", "carbon", "carl", "carnage", "carolyn",
"carrot", "cascade", "cat", "catfish", "cathy", "catwoman", "cecile",
"celica", "cement", "cessna", "chad", "chainsaw", "chameleon", "chang",
"change", "chantal", "charger", "chat", "cherry", "chess", "chiara",
Author: 08008480
11/05/2010
79
"chiefs", "china", "chinacat", "chinook", "chouette", "chris123", "christ1",
"christmas", "christopher", "chronos", "chuck", "cicero", "cindy1",
"cinema", "circuit", "cirque", "cirrus", "civic", "clapton", "clarkson",
"class", "claude", "claudel", "cleo", "cliff", "clock", "clueless", "cobain",
"cobra", "cody", "colette", "college", "color", "colors", "colt45", "comet",
"concept", "concorde", "confused", "cool", "coolbean", "cora", "corky",
"cornflake", "corvette", "corwin", "cosmo", "country", "courier", "cows",
"crescent", "cross", "crowley", "crusader", "cthulhu", "cuda",
"cunningham", "cunt", "cupcake", "current", "cutlass", "cynthia",
"daedalus", "dagger", "dagger1", "daily", "dale", "dammit", "damogran",
"dana", "dancer", "daphne", "darkstar", "darren", "darryl", "darwin",
"data1", "datatrain", "daytek", "dead", "deborah", "december", "decker",
"deedee", "deeznuts", "def", "delano", "delete", "demon", "denise",
"denny", "desert", "deskjet", "detroit", "devil", "devine", "devon", "dexter",
"dharma", "dianne", "diesel", "dillweed", "dim", "dipper", "director",
"disco", "dixie", "dixon", "doc", "dodgers", "dogbert", "doggy", "doitnow",
"dollar", "dolly", "dominique", "domino", "dontknow", "doogie", "doors",
"dork", "doudou", "doug", "downtown", "dragon1", "driver", "dude",
"dudley", "dutch", "dutchess", "dwight", "eagle1", "easter", "eastern",
"edith", "edmund", "effie", "eieio", "eight", "element", "elina1", "elissa",
"ella", "ellen", "elliot", "elsie", "empire", "engage", "enigma", "enterprise",
"eric1", "erin", "ernie1", "escort", "escort1", "estelle", "eugene", "evelyn",
"excel", "explore", "eyal", "faculty", "fairview", "family1", "fatboy",
"faust", "felipe", "fenris", "ferguson", "ferret", "ferris", "finance",
"fireball", "first", "fishes", "fishhead", "fishie", "flanders", "fleurs",
"flight", "florida1", "flowerpot", "flute", "fly", "flyboy", "flyer", "forward",
"franka", "freddie", "frederic", "free", "freebird", "freeman", "frisco",
"fritz", "froggie", "froggies", "frogs", "front242", "frontier", "fucku",
"fugazi", "funguy", "funtime", "future", "fuzz", "gabby", "gaby", "gaelic",
"gambler", "games", "gammaphi", "garcia", "garfunkel", "garth", "gary",
"gaston", "gateway", "gateway2", "gator1", "george1", "georgia",
"german", "germany1", "getout", "ggeorge", "ghost", "gibbons", "gibson",
"gigi", "gilgamesh", "giselle", "glider1", "gmoney", "goat", "goblin",
"goblue", "godiva", "goethe", "gofish", "gollum", "gone", "good",
"gramps", "grandma", "gravis", "gray", "greed", "greg", "greg1",
"gremlin", "greta", "gretzky", "grizzly", "grumpy", "guess", "guido",
"guitar1", "gumby", "gustavo", "h2opolo", "haggis", "haha", "hailey",
"hal", "halloween", "hallowell", "hamid", "hamilton", "hamlet", "hank",
"hanna", "hanson", "happy123", "happyday", "hardcore", "harley1",
"haro", "harriet", "harris", "harvard", "hawk", "hawkeye1", "health",
"health1", "heart", "heather1", "heather2", "hedgehog", "heikki", "helene",
"hello1", "hello123", "hello8", "hellohello", "help123", "helper", "hermes",
"heythere", "highland", "hilda", "hillary", "histoire", "history", "hitler",
"hobbes", "holiday", "holly", "homerj", "honda1", "hongkong", "hoosier",
"hootie", "hope", "horse", "hosehead", "hotrod", "huang", "hudson",
"hugh", "hugo", "hummer", "huskies", "hydrogen", "i", "ib6ub9", "idiot",
"if6was9", "iforget", "ilmari", "iloveu", "impact", "indonesia", "ingvar",
"insight", "instruct", "integral", "iomega", "irina", "iris", "irmeli",
"isabelle", "israel", "italia", "italy", "izzy", "j0ker", "j1l2t3", "jackie1",
"jacob", "jakey", "james1", "jamesbond", "jamie", "jamjam", "jan", "jazz",
"jean", "jedi", "jeepster", "jeffrey1", "jennie", "jenny", "jensen", "jer",
"jesse", "jesse1", "jester", "jethro", "jetta1", "jimbob", "jimi", "jimmy",
"joanie", "joanna", "joelle", "john316", "jordie", "jorge", "josee", "josh",
"journey", "joy", "joyce", "jubilee", "juhani", "jules", "julia2", "julien",
"juliet", "jumbo", "jump", "junebug", "juniper", "justdoit", "justice4",
"kalamazo", "kali", "karin", "karine", "karma", "kat", "kate", "katerina",
"katie", "katie1", "kayla", "kcin", "keeper", "keller", "kendall", "kenny",
"kerala", "kerrya", "ketchup", "khan", "kids", "kings", "kissa2", "kissme",
"kitten", "kittycat", "kiwi", "kkkkkk", "kleenex", "kombat", "kristi",
"kristine", "lab1", "labtec", "laddie", "ladybug", "lamer", "lance", "laser",
Author: 08008480
11/05/2010
80
"laserjet", "lassie1", "laurel", "lawson", "leader", "leaf", "leblanc", "legal",
"leland", "lemon", "leo", "lester", "letter", "letters", "lev", "lexus1", "libra",
"life", "lights", "lima", "lionel", "lions", "lissabon", "little", "liz", "lizzy",
"logger", "logos", "loislane", "loki", "lolita", "lonestar", "longer",
"longhorn", "looney", "loren", "lori", "lorna", "loser", "lost", "lotus", "lou",
"lovers", "loveyou", "lucia", "lucifer", "lucky14", "macha", "macross",
"macse30", "maddie", "madmax", "madoka", "magic1", "magnum",
"maiden", "maine", "makeitso", "mallard", "manageme", "manson",
"manuel", "marc", "marcus", "maria", "marielle", "marine", "marino",
"marshall", "mart", "martha", "math", "matti1", "mattingly", "maxmax",
"meatloaf", "mech", "mechanic", "medical", "megan", "meister", "melina",
"memphis", "mercer", "merde", "mermaid", "merrill", "miami", "michal",
"michel", "michigan", "michou", "mickel", "mickey1", "microsoft",
"midvale", "mikael", "milano", "miles", "millenium", "million", "minou",
"miranda", "miriam", "mission", "mmmmmm", "mobile", "mobydick",
"modem", "mojo", "monkey1", "monroe", "montana", "montana3",
"montrose", "monty", "moomoo", "moonbeam", "morecats", "morpheus",
"motor", "motorola", "movies", "mowgli", "mozart", "mulder1",
"munchkin", "murray", "muscle", "mustang1", "nadia", "nadine",
"napoleon", "nation", "national", "neil", "neko", "nesbit", "nestle",
"neutrino", "newaccount", "newlife", "newyork1", "nexus6", "nichole",
"nicklaus", "nightshadow", "nightwind", "nike", "nikita", "nikki",
"nintendo", "nisse", "nokia", "nomore", "none1", "nopass", "normal",
"norton", "notta1", "nouveau", "novell", "noway", "nugget", "number9",
"numbers", "nurse", "nutmeg", "oaxaca", "obiwan", "obsession", "ohshit",
"oicu812", "omega", "openup", "orchid", "oreo", "orlando", "orville",
"otter", "ozzy", "paagal", "packard", "packers", "packrat", "paint",
"paloma", "pam", "pancake", "panic", "papa", "paradigm", "park",
"parola", "parrot", "partner", "pascal", "pass", "patches", "patriots",
"paula", "pauline", "pavel", "payton", "peach", "peanuts", "pedro1",
"peggy", "pekka", "perfect", "performa", "perry", "peterk", "peterpan",
"phialpha", "philips", "phillips", "phishy", "phone", "piano1", "pianoman",
"pianos", "pierce", "pigeon", "pink", "pioneer", "pipeline", "piper1",
"pirate", "pisces", "plato", "play", "playboy", "pluto", "poetic", "poetry",
"pole", "pontiac", "pookey", "pope", "popeye", "prayer", "precious",
"prelude", "premier", "print", "printing", "prof", "provider", "puddin",
"pulsar", "pussy", "pussy1", "pyro", "qqq111", "quebec", "qwer", "qwert",
"qwerty12", "qwertyui", "r0ger", "rabbit1", "racer", "racerx", "rachelle",
"racoon", "radar", "rafiki", "raleigh", "ram", "rambo", "randy1", "rasta1",
"ratio", "ravens", "redcloud", "redfish", "redman", "redskins", "redwing",
"redwood", "reed", "reggae", "reggie", "reliant", "rene", "renee",
"renegade", "rescue", "revolution", "rex", "reznor", "rhino", "rhjrjlbk",
"richard1", "richards", "richmond", "riley", "ripper", "ripple", "rita",
"robby", "roberts", "robocop", "robotics", "roche", "rock", "rocket1",
"rockie", "rockon", "roger1", "rogers", "roland", "rommel", "roni",
"rookie", "rootbeer", "rosie", "rossigno", "rufus", "rugger", "rush", "rusty",
"ruthless", "sabbath", "sabina", "safety", "safety1", "saigon", "saint",
"samIam", "samiam", "sammie", "sammy", "samsam", "sandi", "sanjose",
"saphire", "sarah1", "saskia", "sassy", "satori", "saturday", "saturn5",
"schnapps", "science", "scooby", "scoobydoo", "scooter1", "scorpion",
"scotch", "scotty", "scouts", "scuba", "search", "secret3", "seeker", "seoul",
"september", "server", "services", "seven7", "sex", "sexy", "shaggy",
"shanghai", "shanny", "shaolin", "shasta", "shayne", "shazam", "shelly",
"shelter", "sherry", "ship", "shirley", "shorty", "shotgun", "sidney",
"sigmachi", "signal", "signature", "simba1", "simsim", "sinatra", "sirius",
"skate", "skip", "skipper1", "skydive", "skyler", "slayer", "sleepy", "slick",
"slider", "slip", "smegma", "smile1", "smiths", "smitty", "smoke",
"smurfy", "snakes", "snapper", "snoop", "snow", "sober1", "solomon",
"sonics", "sony", "sophia", "space", "sparks", "spartan", "spazz", "sphynx",
"spike1", "spock", "sponge", "spoon", "spot", "sprocket", "spurs",
Author: 08008480
11/05/2010
81
"squash", "stan", "starbuck", "stargate", "starlight", "stars", "steel",
"steph1", "stephi", "steve1", "stevens", "stewart", "sting", "stivers",
"stocks", "stone", "storage", "stranger", "strat", "strato", "stretch", "strong",
"stud", "student2", "studio", "stumpy", "sucker", "suckme", "sue", "sultan",
"summit", "sunfire", "sunset", "super", "superstar", "surfing", "susan1",
"susanna", "sutton", "suzy", "swanson", "sweden", "sweetpea", "sweety",
"swim", "switzer", "swordfish", "system5", "t-bone", "tab", "tabatha",
"tacobell", "taiwan", "talon", "tamtam", "tanner", "tapani", "targas",
"target", "tarheel", "tasha", "tata", "tattoo", "tazdevil", "tequila", "terry1",
"test2", "test3", "tester", "testi", "testtest", "texas", "thankyou", "theend",
"thelorax", "thisisit", "thompson", "thorne", "thrasher", "tiger2",
"tightend", "tika", "tim", "timber", "timothy", "tinkerbell", "tnt", "tom",
"tool", "topcat", "topher", "toshiba", "total", "toto1", "tototo", "toucan",
"transfer", "transit", "transport", "trapper", "trash", "travis", "tre",
"treasure", "trees", "tricky", "trish", "triton", "trombone", "trophy",
"trouble", "trucker", "tucson", "tula", "turbo", "turbo2", "twins", "tyler1",
"ultimate", "unique", "united", "unity", "unix", "upsilon", "ursula", "user1",
"vacation", "valley", "vampire", "vanessa", "vedder", "velo", "venice",
"venus", "vermont", "vette", "vicki", "vicky", "victor1", "vikram",
"vincent1", "violet", "violin", "virago", "virgil", "virginia", "vision",
"visual", "volcano", "volley", "voodoo", "vortex", "waiting", "walden",
"waldo", "walleye", "wanker", "warner", "water1", "wayne1",
"webmaster", "webster", "wedge", "weezer", "wendy1", "western",
"whale1", "whit", "white", "whitney", "whocares", "whoville", "wibble",
"wildcat", "will", "william1", "wilma", "wind", "window",
"winniethepooh", "wolfgang", "wolverine", "wombat1", "wonder", "word",
"world", "x-files", "x-men", "xanth", "xxx123", "xxxxxxxx", "xyz",
"yamaha", "yankee", "yogibear", "yolanda", "yomama", "yvette",
"zachary", "zack", "zebras", "zepplin", "zoltan", "zoomer", "zxc",
"zxcvbn", "!@#$%^&", "00000000", "121212", "1234qwer", "123go",
"131313", "13579", "1701d", "21122112", "369", "5555", "80486",
"90210", "911", "99999999", "@#$%^&", "ABC123", "Abcdef",
"Asdfgh", "Casio", "Changeme", "FuckYou", "Fuckyou", "Gizmo",
"Hello", "JSBach", "Michel", "NCC1701", "PPP", "Qwert", "Qwerty",
"Windows", "Zxcvb", "Zxcvbnm", "action", "advil", "allo", "amelie",
"anaconda", "angus", "apollo13", "artist", "aspen", "ass", "asshole", "ath",
"benoit", "bernard", "bernie", "bigbird", "bird", "blizzard", "bluesky",
"bonjour", "booster", "byteme", "caesar", "cardinal", "carolina", "cats",
"cedic", "cesar", "chandler", "changeit", "chapman", "charlie1", "chevy",
"chiquita", "chocolat", "christia", "christoph", "classroom", "cloclo",
"coco", "corrado", "cougars", "courtney", "dasha", "demo", "dirk",
"dolphins", "dominic", "donkey", "doom2", "dusty", "e", "eminem",
"energy", "fearless", "fiction", "forest", "forever", "french1", "fubar",
"gator", "gilles", "glenn", "go", "gocougs", "good-luck", "graymail",
"guinness", "hilbert", "hola", "home", "homebrew", "hotdog", "indian",
"jared", "jimbo", "jkm", "johnson", "jojo", "josie", "judy", "koko",
"kristin", "lloyd", "lorraine", "lulu", "lynn", "m1911a1", "mac",
"macintosh", "mailer", "mars", "maxime", "memory", "meow", "mimi",
"mirror", "nat", "ne1410s", "ne1469", "ne14a69", "nebraska", "nemesis",
"network", "newcourt", "nigel", "niki", "nite", "notused", "oatmeal",
"patton", "paul", "pedro", "planet", "players", "politics", "pomme",
"portland", "praise", "property", "protel", "psalms", "qwaszx", "raiders",
"rambo1", "rancid", "ruth", "sales", "salut", "scrooge", "shawn", "shelley",
"skidoo", "softball", "spain", "speedo", "sports", "sss", "ssssss", "steele",
"steph", "stephani", "sunday", "surf", "sylvie", "symbol", "tiffany", "tigre",
"toronto", "trixie", "undead", "valentin", "velvet", "viking", "walker",
"watson", "young", "zhongguo", "babygirl", "1234567890", "pretty",
"hottie", "teamo", "987654321", "naruto", "spongebob", "daniela",
"princesa", "christ", "blessed", "single", "qazwsx", "pokemon",
"iloveyou1", "iloveyou2", "fuckyou1", "hahaha", "poop", "blessing",
Author: 08008480
11/05/2010
82
"blahblah", "forum", "blink182", "123qwe", "trinity", "passw0rd",
"google", "looking", "spirit", "iloveyou!", "qwerty1", "rotimi", "onelove",
"mylove", "god", "222222", "ilovegod", "football1", "loving",
"emmanuel", "1q2w3e4r", "red123", "blabla", "saved", "112233", "hallo",
"" };
result = crackUsingDictionary(filePath, dictionaryNative);
break;
case 2: do
{
Console.WriteLine("The dictionary can be any text file with one password per line.\r\nWhere is
the dictionary?");
dictPath = Console.ReadLine();
} while (!System.IO.File.Exists(dictPath));
ArrayList dictionaryExternal = new ArrayList();
using (StreamReader sr = new StreamReader(dictPath))
{
string line;
try
{
while ((line = sr.ReadLine().ToLower()) != null)
{
dictionaryExternal.Add(line);
}
}
catch (Exception exDict)
{
Console.WriteLine("Error:\r\n-------------------\r\n" + exDict.Message);
}
}
result = crackUsingDictionary(filePath, dictionaryExternal);
break;
}
if (result == "") goto fail;
Console.WriteLine("RESULT: " + result + "\r\n\r\n");
try
{
Console.WriteLine("\r\nDisplay certificate information:");
printCertificateInfo(openCertificate(filePath, result));
Console.WriteLine("\r\n\r\n");
Console.Write("Import? [y/n] ");
string import = Console.ReadLine();
if (import == "y" || import == "yes" || import == "Y" || import == "YES")
{
Console.Write("Importing certificate: ");
bool importSuccess = ImportCertificate(openCertificate(filePath, result), StoreName.My,
StoreLocation.CurrentUser);
if (importSuccess == true) Console.WriteLine("SUCCESS!");
if (importSuccess == false) Console.WriteLine("FAILED!");
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Author: 08008480
11/05/2010
83
}
Console.WriteLine("Done!\r\n\r\n");
Console.ReadLine();
break;
case 2: Console.WriteLine("BRUTE FORCE");
do
{
Console.WriteLine("Enter file location:");
filePath = Console.ReadLine();
} while (!System.IO.File.Exists(filePath));
result = crackUsingBruteForce(filePath);
if (result == "") goto fail;
Console.WriteLine("RESULT: " + result + "\r\n\r\n");
try
{
Console.WriteLine("\r\nDisplay certificate information:");
printCertificateInfo(openCertificate(filePath, result));
Console.WriteLine("\r\n\r\n");
Console.Write("Import? [y/n] ");
string import = Console.ReadLine();
if (import == "y" || import == "yes" || import == "Y" || import == "YES")
{
Console.Write("Importing certificate: ");
bool importSuccess = ImportCertificate(openCertificate(filePath, result), StoreName.My,
StoreLocation.CurrentUser);
if (importSuccess == true) Console.WriteLine("SUCCESS!");
if (importSuccess == false) Console.WriteLine("FAILED!");
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("Done!\r\n\r\n");
Console.ReadLine();
break;
case 9:
break;
default: Console.WriteLine("Invalid option - try again");
break;
}
fail: if (result == "") Console.WriteLine("Unable to obtain password!\r\n\r\n");
result = "";
} while (menu != 9);
}
public static string crackUsingDictionary(string fileLocation, ArrayList dict)
{
DateTime start = DateTime.Now;
string result = "";
bool success = false;
int counter = 0;
Author: 08008480
11/05/2010
84
while (success == false && counter < dict.Count)
{
try
{
X509Certificate2 cert = new X509Certificate2(fileLocation, dict[counter].ToString());
Console.WriteLine("password \"" + dict[counter].ToString() + "\" - success!");
result = dict[counter].ToString();
success = true;
}
catch
{
Console.WriteLine("password \"" + dict[counter].ToString() + "\" - fail!");
}
counter++;
}
// http://www.codersource.net/csharp_measure_execution_time.aspx
DateTime finish = DateTime.Now;
TimeSpan span = finish - start;
Console.WriteLine("\r\n\r\nFinished in {0}:{1}:{2}.{3}", span.Hours.ToString(),
span.Minutes.ToString().PadLeft(2, '0'),
span.Seconds.ToString().PadLeft(2, '0'), span.Milliseconds.ToString());
if (success == false && result == "")
{
Console.WriteLine("\r\n\r\nDictionary did not contain the password.\r\nWould you like to use Brute Force?
[y/n]");
if (Console.ReadLine().ToLower() == "y" || Console.ReadLine().ToLower() == "yes")
{
result = crackUsingBruteForce(fileLocation);
}
}
return result;
}
public static string crackUsingBruteForce(string fileLocation)
{
int menu = 0;
string[] characterPool = new string[0];
Console.WriteLine("\r\n\r\n╔════════════════════════════════════╗");
Console.WriteLine("║ Choose alphabet:
║");
Console.WriteLine("╠════════════════════════════════════╣");
Console.WriteLine("║ 1. Alphanumeric Lowercase
║");
Console.WriteLine("║ 2. Alphanumeric with CAPS
║");
Console.WriteLine("║ 3. No Numbers Lowercase Only ║");
Console.WriteLine("║ 4. No Numbers with CAPS
║");
Console.WriteLine("║ 5. Custom
║");
Console.WriteLine("╚════════════════════════════════════╝");
bool optionSuccess = false;
do
{
try
{
Console.Write("Option: ");
menu = int.Parse(Console.ReadLine());
optionSuccess = true;
Author: 08008480
11/05/2010
85
}
catch
{
Console.Write("Not a valid number. Try again: ");
}
} while (optionSuccess != true);
switch (menu)
{
case 1: characterPool = new string[] { "", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "1", "2", "3", "4", "5",
"6", "7", "8", "9" };
break;
case 2: characterPool = new string[] { "", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E",
"F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T",
"U", "V", "W", "X", "Y", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9" };
break;
case 3: characterPool = new string[] { "", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z" };
break;
case 4: characterPool = new string[] { "", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o",
"p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E",
"F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T",
"U", "V", "W", "X", "Y", "Z" };
break;
case 5: Console.WriteLine("Enter each character to be used in the sample alphabet separated by commas (,)
and press ENTER.");
string[] blank = new string[] { "" };
string userSamples = Console.ReadLine();
string[] samples = userSamples.Split(',');
int length = samples.Length + 1;
characterPool = new string[length];
blank.CopyTo(characterPool, 0);
samples.CopyTo(characterPool, 1);
break;
}
DateTime start = DateTime.Now;
string[] passArray = new string[32];
bool success = false;
bool end = false;
string result = "";
do
{
for (int c31 = 0; c31 < characterPool.Length; c31++)
{
passArray[31] = characterPool[c31];
for (int c30 = 0; c30 < characterPool.Length; c30++)
{
if (c30 == 0 && c31 != 0) c30++;
passArray[30] = characterPool[c30];
for (int c29 = 0; c29 < characterPool.Length; c29++)
{
if (c29 == 0 && c30 != 0) c29++;
passArray[29] = characterPool[c29];
Author: 08008480
11/05/2010
86
for (int c28 = 0; c28 < characterPool.Length; c28++)
{
if (c28 == 0 && c29 != 0) c28++;
passArray[28] = characterPool[c28];
for (int c27 = 0; c27 < characterPool.Length; c27++)
{
if (c27 == 0 && c28 != 0) c27++;
passArray[27] = characterPool[c27];
for (int c26 = 0; c26 < characterPool.Length; c26++)
{
if (c26 == 0 && c27 != 0) c26++;
passArray[26] = characterPool[c26];
for (int c25 = 0; c25 < characterPool.Length; c25++)
{
if (c25 == 0 && c26 != 0) c25++;
passArray[25] = characterPool[c25];
for (int c24 = 0; c24 < characterPool.Length; c24++)
{
if (c24 == 0 && c25 != 0) c24++;
passArray[24] = characterPool[c24];
for (int c23 = 0; c23 < characterPool.Length; c23++)
{
if (c23 == 0 && c24 != 0) c23++;
passArray[23] = characterPool[c23];
for (int c22 = 0; c22 < characterPool.Length; c22++)
{
if (c22 == 0 && c23 != 0) c22++;
passArray[22] = characterPool[c22];
for (int c21 = 0; c21 < characterPool.Length; c21++)
{
if (c21 == 0 && c22 != 0) c21++;
passArray[21] = characterPool[c21];
for (int c20 = 0; c20 < characterPool.Length; c20++)
{
if (c20 == 0 && c21 != 0) c20++;
passArray[20] = characterPool[c20];
for (int c19 = 0; c19 < characterPool.Length; c19++)
{
if (c19 == 0 && c20 != 0) c19++;
passArray[19] = characterPool[c19];
for (int c18 = 0; c18 < characterPool.Length; c18++)
{
if (c18 == 0 && c19 != 0) c18++;
passArray[18] = characterPool[c18];
for (int c17 = 0; c17 < characterPool.Length; c17++)
{
if (c17 == 0 && c18 != 0) c17++;
passArray[17] = characterPool[c17];
Author: 08008480
11/05/2010
87
for (int c16 = 0; c16 < characterPool.Length; c16++)
{
if (c16 == 0 && c17 != 0) c16++;
passArray[16] = characterPool[c16];
for (int c15 = 0; c15 < characterPool.Length; c15++)
{
if (c15 == 0 && c16 != 0) c15++;
passArray[15] = characterPool[c15];
for (int c14 = 0; c14 < characterPool.Length; c14++)
{
if (c14 == 0 && c15 != 0) c14++;
passArray[14] = characterPool[c14];
for (int c13 = 0; c13 < characterPool.Length; c13++)
{
if (c13 == 0 && c14 != 0) c13++;
passArray[13] = characterPool[c13];
for (int c12 = 0; c12 < characterPool.Length; c12++)
{
if (c12 == 0 && c13 != 0) c12++;
passArray[12] = characterPool[c12];
for (int c11 = 0; c11 < characterPool.Length; c11++)
{
if (c11 == 0 && c12 != 0) c11++;
passArray[11] = characterPool[c11];
for (int c10 = 0; c10 < characterPool.Length; c10++)
{
if (c10 == 0 && c11 != 0) c10++;
passArray[10] = characterPool[c10];
for (int c9 = 0; c9 < characterPool.Length; c9++)
{
if (c9 == 0 && c10 != 0) c9++;
passArray[9] = characterPool[c9];
for (int c8 = 0; c8 < characterPool.Length; c8++)
{
if (c8 == 0 && c9 != 0) c8++;
passArray[8] = characterPool[c8];
for (int c7 = 0; c7 < characterPool.Length; c7++)
{
if (c7 == 0 && c8 != 0) c7++;
passArray[7] = characterPool[c7];
for (int c6 = 0; c6 < characterPool.Length;
c6++)
{
if (c6 == 0 && c7 != 0) c6++;
passArray[6] = characterPool[c6];
for (int c5 = 0; c5 < characterPool.Length;
c5++)
{
if (c5 == 0 && c6 != 0) c5++;
Author: 08008480
11/05/2010
88
passArray[5] = characterPool[c5];
for (int c4 = 0; c4 < characterPool.Length;
c4++)
{
if (c4 == 0 && c5 != 0) c4++;
passArray[4] = characterPool[c4];
for (int c3 = 0; c3 <
characterPool.Length; c3++)
{
if (c3 == 0 && c4 != 0) c3++;
passArray[3] = characterPool[c3];
for (int c2 = 0; c2 <
characterPool.Length; c2++)
{
if (c2 == 0 && c3 != 0) c2++;
passArray[2] = characterPool[c2];
for (int c1 = 0; c1 <
characterPool.Length; c1++)
{
if (c1 == 0 && c2 != 0) c1++;
passArray[1] =
characterPool[c1];
for (int c0 = 0; c0 <
characterPool.Length; c0++)
{
if (c0 == 0 && c1 != 0) c0++;
passArray[0] =
characterPool[c0];
string passAttempt =
string.Join("", passArray, 0,
32);
try
{
X509Certificate2 cert =
new
X509Certificate2(fileLocatio
n, passAttempt);
Console.WriteLine("passwor
d \"" + passAttempt + "\" success!");
result = passAttempt;
success = true;
goto exit;
}
catch
{
Console.WriteLine("passwor
d \"" + passAttempt + "\" fail!");
if (c31 ==
characterPool.Length - 1 &&
Author: 08008480
11/05/2010
89
success == false) end = true;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
} while (end == false);
exit: ;
if (success == false) Console.WriteLine("\r\n\r\nPassword not found! The password uses characters which are
not in your selected dictionary.\r\n\r\n");
DateTime finish = DateTime.Now;
TimeSpan span = finish - start;
Console.WriteLine("\r\n\r\nFinished in {0}:{1}:{2}.{3}", span.Hours.ToString(),
span.Minutes.ToString().PadLeft(2, '0'),
span.Seconds.ToString().PadLeft(2, '0'), span.Milliseconds.ToString());
return result;
}
//http://www.codeguru.com/csharp/csharp/cs_misc/security/article.php/c16491
public static X509Certificate2 openCertificate(string path, string password)
{
X509Certificate2 cert = new X509Certificate2(path, password);
return cert;
}
public static bool ImportCertificate(X509Certificate2 certificate, StoreName name, StoreLocation location)
{
Author: 08008480
11/05/2010
90
bool success = false;
X509Store store = new X509Store(name, location);
try
{
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
success = true;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
finally
{
store.Close();
}
return success;
}
public static void printCertificateInfo(X509Certificate2 certificate)
{
Console.WriteLine("Name: {0}", certificate.FriendlyName);
Console.WriteLine("Issuer: {0}", certificate.IssuerName.Name);
Console.WriteLine("Subject: {0}", certificate.SubjectName.Name);
Console.WriteLine("Version: {0}", certificate.Version);
Console.WriteLine("Valid from: {0}", certificate.NotBefore);
Console.WriteLine("Valid until: {0}", certificate.NotAfter);
Console.WriteLine("Serial number: {0}", certificate.SerialNumber);
Console.WriteLine("Signature Algorithm: {0}", certificate.SignatureAlgorithm.FriendlyName);
Console.WriteLine("Thumbprint: {0}", certificate.Thumbprint);
// http://msdn.microsoft.com/enus/library/system.security.cryptography.x509certificates.x509certificate2.p
rivatekey.aspx
Console.WriteLine("Private Key: {0}", certificate.PublicKey.Key.ToXmlString(false).Substring(22, 172));
}
}
}
Author: 08008480
11/05/2010
91
e) Screenshots
Figure 1: Main Menu
Figure 2.1: Dictionary Input
Author: 08008480
11/05/2010
92
Figure 2.2: Dictionary Menu
Author: 08008480
11/05/2010
93
Figure 2.3: Dictionary Output
Author: 08008480
11/05/2010
94
Figure 3.1: Brute Force Input
Figure 3.2: Brute Force Menu
Author: 08008480
11/05/2010
95
Figure 3.3: Brute Force Output
Author: 08008480
11/05/2010
96
6. Distributed BitLocker Cracker – Server
a) Figure 1: Main
Author: 08008480
11/05/2010
97
b) Figure 1.1: SectorSender
Author: 08008480
11/05/2010
98
c) Figure 1.2: Send/Receive Keys
Author: 08008480
11/05/2010
99
d) Source Code: Server
using System;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Threading;
using System.Collections;
using System.IO;
//http://www.webtropy.com/articles/art9-1.asp?f=SetFilePointer
//http://www.codeproject.com/KB/IP/tcpclientserver.aspx
//http://gsthomas.spaces.live.com/blog/cns!52BD865959B69D24!139.entry
//http://msdn.microsoft.com/en-us/library/aa288474%28VS.71%29.aspx
//http://www.codeguru.com/cpp/w-p/system/misc/article.php/c5765/
//http://codemaverick.blogspot.com/2007/02/how-to-retrieve-management-information.html
//http://www.java2s.com/Code/CSharp/Thread/ThreadPoolTcpServer.htm
namespace DACsever
{
public class ThreadPoolTcpSrvr
{
private TcpListener client;
public static string DeviceID;
public static ArrayList keySamples = new ArrayList {
Convert.FromBase64String("MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc5"),
Convert.FromBase64String("MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc4"),
Convert.FromBase64String("MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc3"),
Convert.FromBase64String("MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc2"),
Convert.FromBase64String("MTIzNDU2Nzg5MDEyMzQ1NjEyMzQ1Njc1") };
public ThreadPoolTcpSrvr()
{
client = new TcpListener(8001);
client.Start();
Console.WriteLine("Server is up.\r\nPress CTRL+C to exit.\r\n\r\nWaiting for clients...");
while (true)
{
while (!client.Pending())
{
Thread.Sleep(1000);
}
ConnectionThread newconnection = new ConnectionThread();
newconnection.threadListener = this.client;
ThreadPool.QueueUserWorkItem(new
WaitCallback(newconnection.HandleConnection));
}
}
public static void Main()
{
SectorSender ss = new SectorSender();
DeviceID = ss.selectDisk();
ThreadPoolTcpSrvr tpts = new ThreadPoolTcpSrvr();
}
}
class ConnectionThread
{
Author: 08008480
11/05/2010
100
ArrayList successKeyPool = new ArrayList();
public TcpListener threadListener;
private static int connections = 0;
Random rnd = new Random();
public void HandleConnection(object state)
{
TcpClient client = threadListener.AcceptTcpClient();
NetworkStream ns = client.GetStream();
connections++;
Console.WriteLine("New client accepted: {0} active connections",
connections);
// remember key sample currently worked on
byte[] currentlyWorking = new byte[24];
bool stopLoop = false;
do
{
// receive command
string command = "";
try
{
byte[] b = new byte[1024];
int k = ns.Read(b, 0, b.Length);
for (int i = 0; i < k; i++)
command += Convert.ToChar(b[i]);
}
catch (Exception ex)
{
Console.WriteLine("Error: " + ex.Message);
break;
}
switch (command)
{
case "start":
// send a sector to the client
SectorSender ss = new SectorSender();
ss.runServer(ns, ThreadPoolTcpSrvr.DeviceID);
break;
case "keys":
// send more keys
try
{
if (ThreadPoolTcpSrvr.keySamples.Count != 0)
{
int index = rnd.Next(0, ThreadPoolTcpSrvr.keySamples.Count - 1);
currentlyWorking = (byte[])ThreadPoolTcpSrvr.keySamples[index];
ns.Write((byte[])ThreadPoolTcpSrvr.keySamples[index], 0, 24); //ThreadPoolTcpSrvr.length
ThreadPoolTcpSrvr.keySamples.RemoveAt(index);
}
else
{
ASCIIEncoding asen = new ASCIIEncoding();
ns.Write(asen.GetBytes("endKeyPool"), 0, asen.GetBytes("endKeyPool").Length);
}
}
catch (Exception ex)
Author: 08008480
11/05/2010
101
{
Console.WriteLine("Error: " + ex.Message);
if (Convert.ToBase64String(currentlyWorking) !=
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
{
ThreadPoolTcpSrvr.keySamples.Add(currentlyWorking);
Console.WriteLine("Key " + Convert.ToBase64String(currentlyWorking) + "added back to key
pool.");
}
goto case "quit";
}
string receiveFromClient = "";
do
{
try
{
byte[] successKey = new byte[32];
int k = ns.Read(successKey, 0, successKey.Length);
receiveFromClient = "";
for (int i = 0; i < k; i++) receiveFromClient += Convert.ToChar(successKey[i]);
// for debug only
//Console.WriteLine(receiveFromClient);
//Console.ReadLine();
if (receiveFromClient == "endOfKeyPool")
{
// do nothing
}
else if (receiveFromClient == "keys")
{
currentlyWorking = new byte[24];
goto case "keys";//loop;
}
else if (receiveFromClient == "quit")
{
goto case "quit";
}
else
{
// save the key for future processing
if (Convert.ToBase64String(successKey) !=
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
{
successKeyPool.Add(successKey);
using (StreamWriter sw = new StreamWriter(@"c:\Successful BitLocker Keys.txt"))
{
sw.WriteLine(Convert.ToBase64String(successKey));
}
Console.WriteLine("Successful key added: {0}", Convert.ToBase64String(successKey));
}
else
{
Console.WriteLine("Something went wrong and the key received was blank! Disregarding
key!");
}
}
Author: 08008480
11/05/2010
102
}
catch (Exception ex)
{
Console.WriteLine("Error: " + ex.Message);
if (Convert.ToBase64String(currentlyWorking) !=
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
{
ThreadPoolTcpSrvr.keySamples.Add(currentlyWorking);
Console.WriteLine("Key sample " + Convert.ToBase64String(currentlyWorking) + " added back
to key pool.");
}
goto case "quit";
}
} while (receiveFromClient != "endOfKeyPool");
try
{
ASCIIEncoding asen2 = new ASCIIEncoding();
ns.Write(asen2.GetBytes("endKeyPool"), 0, asen2.GetBytes("endKeyPool").Length);
}
catch (Exception ex)
{
Console.WriteLine("Error: " + ex.Message);
goto case "quit";
}
break;
case "quit":
// disconnect client
stopLoop = true;
break;
case "kill":
Console.WriteLine("The following keys were obtained during this process:\r\n");
foreach (byte[] key in successKeyPool)
{
Console.WriteLine(Convert.ToBase64String(key));
}
Console.WriteLine("\r\n\r\nTo exit, press ENTER.");
Console.ReadLine();
Environment.Exit(0);
break;
default: Console.WriteLine("Server did not understand command: " + command.ToString());
Console.WriteLine("Disconnecting client.");
goto case "quit";
break;
}
} while (stopLoop == false);
// clean up
ns.Close();
client.Close();
connections--;
Console.WriteLine("Client disconnected: {0} active connections", connections);
}
}
}
Author: 08008480
11/05/2010
103
e) Source Code: SectorSender
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Management;
using System.Net;
using System.Net.Sockets;
using System.Threading;
using System.Text;
using System.Collections;
// note that this code still retains a lot of commented out code
// snippets for debug purposes. all of this code should remain
// in until the project is completed.
namespace DACsever
{
public class SectorSender
{
[DllImport("kernel32", SetLastError = true)]
static extern unsafe IntPtr CreateFile(
string FileName,
// file name
FileAccess DesiredAccess,
// access mode
FileShare ShareMode,
// share mode
uint SecurityAttributes,
// Security Attributes
FileMode CreationDisposition,
// how to create
uint FlagsAndAttributes,
// file attributes
int hTemplateFile
// handle to template file
);
[DllImport("kernel32", SetLastError = true)]
static extern unsafe bool ReadFile(
IntPtr hFile,
// handle to file
void* pBuffer,
// data buffer
int NumberOfBytesToRead,
// number of bytes to read
int* pNumberOfBytesRead,
// number of bytes read
int Overlapped
// overlapped buffer
);
[DllImport("kernel32.dll", SetLastError = true)]
static extern int SetFilePointer(
IntPtr hFile,
long lDistanceToMove,
ref int lpDistanceToMoveHigh,
int dwMoveMethod
);
[DllImport("kernel32", SetLastError = true)]
static extern unsafe bool CloseHandle(
IntPtr hObject
// handle to object
);
public void runServer(NetworkStream ns, string hddDeviceID)
{
try
{
// send sector size
ASCIIEncoding asen = new ASCIIEncoding();
string bytesPerSector = diskBytesPerSector(hddDeviceID);
Author: 08008480
11/05/2010
104
ns.Write(asen.GetBytes(bytesPerSector), 0, asen.GetBytes(bytesPerSector).Length);
// receive sector size acknowledgement
byte[] b = new byte[1024];
int k = ns.Read(b, 0, b.Length);
for (int i = 0; i < k; i++)
Console.Write(Convert.ToChar(b[i]));
Console.WriteLine();
// prepare sector contents
byte[] sector = new byte[Convert.ToInt32(bytesPerSector)];
sector = ReadSector('c', 0, 1);
// encrypt sector contents /!!!!!!!!!!TEMPORARY!!!!!!!!!!
byte[] encryptedSector = new byte[Convert.ToInt32(bytesPerSector)];
Encrypt enc = new Encrypt();
encryptedSector = enc.encrypt(sector);
// send sector contents
ns.Write(sector, 0, Convert.ToInt32(bytesPerSector));
//Console.WriteLine("Plaintext sector length: " + sector.Length.ToString());
// send encrypted sector
ns.Write(encryptedSector, 0, Convert.ToInt32(bytesPerSector));//encryptedSector.Length);
//Console.WriteLine("Ciphertext sector length: " + encryptedSector.Length.ToString());
Console.WriteLine("Sector has been sent successfully!");
}
catch (Exception e)
{
Console.WriteLine("Error:\r\n " + e.Message);
}
}
public string selectDisk()
{
while (true)
{
try
{
// pulling in info on all hard disks
ManagementObjectSearcher mosDisks = new ManagementObjectSearcher("SELECT * FROM
Win32_DiskDrive");
// displaying menu
Console.WriteLine("Available disks:\r\n--------------------");
ArrayList disks = new ArrayList();
int count = 0;
foreach (ManagementObject moDisk in mosDisks.Get())
{
disks.Add(moDisk["DeviceID"].ToString());
Console.Write(count.ToString() + "\t");
Console.Write(moDisk["DeviceID"].ToString() + "\t");
Console.WriteLine(moDisk["Model"].ToString());
count++;
}
Console.Write("--------------------\r\nPlease select the BitLocker-encrypted disk: ");
Author: 08008480
11/05/2010
105
// changing string to work with SQL statements
string modify = disks[Convert.ToInt32(Console.ReadLine())].ToString();
string result = "";
foreach (char character in modify)
{
result += character.ToString();
if (character == '\\')
{
result += "\\";
}
}
// notifying user
Console.WriteLine("Selected: {0}", modify);
// returning result
return result;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
private string diskBytesPerSector(string DeviceID)
{
try
{
// pulling in valid DeviceID
ManagementObjectSearcher mosDisks = new ManagementObjectSearcher("SELECT * FROM
Win32_DiskDrive WHERE DeviceID = '" + DeviceID + "'"); // format must be:
\\\\\\\\.\\\\PHYSICALDRIVE0
// getting bytes per sector of chosen disk
string BPS = "0";
foreach (ManagementObject moDisk in mosDisks.Get())
{
BPS = moDisk["BytesPerSector"].ToString();
}
// notifying user
Console.WriteLine("Disk has {0} bytes per sector. Sending...", BPS);
// returning result
return BPS;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return "Invalid value!";
}
}
public static unsafe byte[] ReadSector(char drive, long startingsector, int numberofsectors)
{
IntPtr handle;
Author: 08008480
11/05/2010
106
byte[] buffer;
int bytesread = 0;
//create a handle to the device
handle = CreateFile("\\\\.\\" + drive + ":", FileAccess.Read, FileShare.ReadWrite, 0, FileMode.Open, 0, 0);
if (handle == IntPtr.Zero)
return null;
//setting the pointer to point to the start of the sector to read
int LPDISTANCETOMOVE = 0;
SetFilePointer(handle, (startingsector * 512), ref LPDISTANCETOMOVE, 0);
//allocate buffer length in a managed context
buffer = new byte[512 * numberofsectors];
fixed (byte* p = buffer)
{
//attempt to read file contents into buffer
if (!ReadFile(handle, p, 512 * numberofsectors, &bytesread, 0))
{
CloseHandle(handle);
return null;
}
}
CloseHandle(handle);
return buffer;
}
}
}
Author: 08008480
11/05/2010
107
f) Source Code: Encrypt
using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
// note that this is a temporary measure meant to emulate
// bitlocker drive encryption for the purposes of developing
// this application.
// http://www.chilkatsoft.com/p/p_459.asp
namespace DACsever
{
class Encrypt
{
public byte[] encrypt(byte[] plainTextToEncrypt)
{
byte[] initVectorBytes = Encoding.ASCII.GetBytes("1234567890123456");
byte[] plainTextBytes = plainTextToEncrypt;
byte[] keyBytes = Encoding.ASCII.GetBytes("12345678901234561234567890123456");
RijndaelManaged symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
byte[] cipherTextBytes = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
// check encrypted sector
//string cipherText = Convert.ToBase64String(cipherTextBytes);
//Console.WriteLine(cipherText);
return cipherTextBytes;
}
}
}
Author: 08008480
11/05/2010
108
g) Screenshots
Figure 1: Disk Selected
Figure 2: Client Connected
Author: 08008480
11/05/2010
109
Figure 3: Client Disconnected (Error)
Figure 4: Successful Key Added
Figure 5: Successful Key File
Author: 08008480
11/05/2010
110
7. Distributed BitLocker Cracker – Client
a) Figure 2: Main
Author: 08008480
11/05/2010
111
b) Figure 2.1: Decrypt
Author: 08008480
11/05/2010
112
c) Source Code: Program
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Net.Sockets;
using System.Collections;
// note that this program contains commented out code
// meant for debug purposes, especially to check the
// server's encryption emulator.
//http://www.geekpedia.com/tutorial233_Getting-Disk-Drive-Information-using-WMI-and-Csharp.html
//http://www.codeproject.com/KB/recipes/hexencoding.aspx
namespace DACclient
{
class Program
{
static string serverIPAddress;
static int serverPortNumber;
static void Main(string[] args)
{
Console.WriteLine(args[0] + " - " + args[1]);
// accept server IP address and port number
// either through command line arguments or
// manual input.
if (args.Length == 2)
{
try
{
if (IPAddress.Parse(args[0]) is IPAddress && Convert.ToInt32(args[1]) is int)
{
try
{
serverIPAddress = IPAddress.Parse(args[0]).ToString();
serverPortNumber = Convert.ToInt32(args[1]);
Console.WriteLine("Server address is {0}:{1}", serverIPAddress, serverPortNumber.ToString());
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
try
{
string input = "";
bool success = false;
do
{
try
{
Console.Write("Please provide server IP Address: ");
input = Console.ReadLine();
serverIPAddress = IPAddress.Parse(input).ToString();
Console.WriteLine("Using {0}", serverIPAddress);
success = true;
}
Author: 08008480
11/05/2010
113
catch (Exception ex2)
{
Console.WriteLine(ex2.Message);
}
} while (success == false);
string input2 = "";
bool success2 = false;
do
{
try
{
Console.Write("Please provide server Port Number: ");
input2 = Console.ReadLine();
serverPortNumber = Convert.ToInt32(input2);
Console.WriteLine("Using {0}", serverPortNumber.ToString());
success2 = true;
}
catch (Exception ex2)
{
Console.WriteLine(ex2.Message);
}
} while (success2 == false);
}
catch (Exception ex2)
{
Console.WriteLine(ex2.Message);
}
}
}
else if (IPAddress.Parse(args[1]) is IPAddress && Convert.ToInt32(args[0]) is int)
{
try
{
serverIPAddress = IPAddress.Parse(args[1]).ToString();
serverPortNumber = Convert.ToInt32(args[0]);
Console.WriteLine("Server address is {0}:{1}", serverIPAddress, serverPortNumber.ToString());
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
try
{
string input = "";
bool success = false;
do
{
try
{
Console.Write("Please provide server IP Address: ");
input = Console.ReadLine();
serverIPAddress = IPAddress.Parse(input).ToString();
Console.WriteLine("Using {0}", serverIPAddress);
success = true;
}
catch (Exception ex2)
{
Console.WriteLine(ex2.Message);
Author: 08008480
11/05/2010
114
}
} while (success == false);
string input2 = "";
bool success2 = false;
do
{
try
{
Console.Write("Please provide server Port Number: ");
input2 = Console.ReadLine();
serverPortNumber = Convert.ToInt32(input2);
Console.WriteLine("Using {0}", serverPortNumber.ToString());
success2 = true;
}
catch (Exception ex2)
{
Console.WriteLine(ex2.Message);
}
} while (success2 == false);
}
catch (Exception ex2)
{
Console.WriteLine(ex2.Message);
}
}
}
else
{
Console.WriteLine("Invalid arguments! Please provide the IP Address and Port Number of the server.");
goto exit;
}
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}
}
else if (args.Length == 0)
{
try
{
string input = "";
bool success = false;
do
{
try
{
Console.Write("Please provide server IP Address: ");
input = Console.ReadLine();
serverIPAddress = IPAddress.Parse(input).ToString();
Console.WriteLine("Using {0}", serverIPAddress);
success = true;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
} while (success == false);
Author: 08008480
11/05/2010
115
string input2 = "";
bool success2 = false;
do
{
try
{
Console.Write("Please provide server Port Number: ");
input2 = Console.ReadLine();
serverPortNumber = Convert.ToInt32(input2);
Console.WriteLine("Using {0}", serverPortNumber.ToString());
success2 = true;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
} while (success2 == false);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
else
{
Console.WriteLine("Invalid arguments! Please provide the IP Address and Port Number of the server.");
goto exit;
}
int passNumber = 0;
bool finished = false;
byte[] encSector = new byte[0];
try
{
TcpClient tcpclnt = new TcpClient();
Console.Write("Connecting......");
// use the IP address of the server program
tcpclnt.Connect(serverIPAddress, serverPortNumber);
Console.WriteLine("Done!");
Stream stm = tcpclnt.GetStream();
do
{
switch (passNumber)
{
case 0:
ASCIIEncoding asen = new ASCIIEncoding();
stm.Write(asen.GetBytes("start"), 0, asen.GetBytes("start").Length);
byte[] sectorSize = new byte[1024];
int k = stm.Read(sectorSize, 0, sectorSize.Length);
int arraySize = 0;
string size = "";
for (int i = 0; i < k; i++) size += Convert.ToChar(sectorSize[i]);
arraySize = Convert.ToInt32(size);
Author: 08008480
11/05/2010
116
byte[] temp = asen.GetBytes("Size acknowledged by client...");
Console.WriteLine("Size acknowledged: {0} bytes per sector", size);
stm.Write(temp, 0, temp.Length);
// receive unencrypted sector !! WILL BE REPLACED BY ENCRYPTED SECTOR !!
byte[] sector = new byte[arraySize];
int readCount = stm.Read(sector, 0, arraySize);
// display sector contents - not actually necessary to the program
//Console.Write("\r\nDisplaying sector contents. Press ENTER.");
//Console.ReadLine();
//Console.WriteLine(Convert.ToBase64String(sector));
// receive encrypted sector !! REMOVE FOR FINAL VERSION !!
encSector = new byte[arraySize];
stm.Read(encSector, 0, encSector.Length);
// display encrypted sector !! REMOVE FOR FINAL VERSION !!
//Console.Write("\r\nDisplaying encrypted sector contents. Press ENTER.");
//Console.ReadLine();
//Console.WriteLine(Convert.ToBase64String(encSector));
passNumber++;
break;
case 1:
string receiveFromServer = "";
ASCIIEncoding asen2 = new ASCIIEncoding();
stm.Write(asen2.GetBytes("keys"), 0, asen2.GetBytes("keys").Length);
do
{
byte[] receive = new byte[24];
k = stm.Read(receive, 0, receive.Length);
for (int i = 0; i < k; i++) receiveFromServer += Convert.ToChar(receive[i]);
switch (receiveFromServer)
{
case "endKeyPool": receiveFromServer = "endKeyPool";
break;
default:
/*ArrayList KeyPool = new ArrayList();
using (StreamReader sr = new StreamReader(@"c:\keyBase64.txt"))
{
while (!sr.EndOfStream)
{
byte[] key = Convert.FromBase64String(sr.ReadLine());
KeyPool.Add(key);
}
}
*/
byte[] keyBytes24 = new byte[24];
receive.CopyTo(keyBytes24, 0);
// decrypt sector using key pool
Decrypt dec = new Decrypt();
dec.startDecryptionLoop(encSector, keyBytes24, stm);
Author: 08008480
11/05/2010
117
// alert the server to send more keys
KeySender ks = new KeySender();
ks.sendString("keys", stm);
receiveFromServer = "";
break;
}
} while (receiveFromServer != "endKeyPool");
passNumber++;
break;
case 2:
ASCIIEncoding asen3 = new ASCIIEncoding();
stm.Write(asen3.GetBytes("quit"), 0, asen3.GetBytes("quit").Length);
finished = true;
break;
}
} while (finished == false);
// clean up
tcpclnt.Close();
}
catch (Exception e)
{
Console.WriteLine("Error:\r\n " + e.Message);
}
exit:;
Console.WriteLine("Client is disconnected and closing. Press ENTER to quit.");
Console.ReadLine();
}
}
}
Author: 08008480
11/05/2010
118
d) Source Code: Decrypt
using System;
using System.Text;
using System.IO;
using System.Security.Cryptography;
using System.Collections;
using System.Net.Sockets;
// http://deusty.blogspot.com/2009/04/decrypting-openssl-aes-files-in-c.html
namespace DACclient
{
class Decrypt
{
public byte[] successKey;
public bool decrypt(byte[] cipherTextBytes, byte[] keyBytes)
{
// bitlocker initialization vector is calculated by mapping each
// sector number into a unique 16-byte and encrypting that value
// with the AES key. For the purpose of this program, the sector
// number will always be 0.
byte[] initVectorBytes = Encoding.ASCII.GetBytes("1234567890123456");
byte[] plainTextBytes;
bool success = false;
string plainText = "";
try
{
RijndaelManaged symmetricKey = new RijndaelManaged();
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.None;
ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes);
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Write);
cryptoStream.Write(cipherTextBytes, 0, cipherTextBytes.Length);
cryptoStream.FlushFinalBlock();
plainTextBytes = memoryStream.ToArray();
plainText = Convert.ToBase64String(plainTextBytes);
memoryStream.Close();
cryptoStream.Close();
// determine success
// the comparison for bitlocker volume will be based on
// the first 8 bits of the first disk sector. the contents
// of the first 8 bits on a bitlocker volume are
// "-FVE-FS-" in ASCII.
// An NTFS volume starts with "ëR?NTFS" in ASCII or
// {0xEB, 0x52, 0x90, 0x4E, 0x54, 0x46, 0x53, 0x20}
// in Hexadecimal.
byte[] compareSample = new byte[8];
for (int i = 0; i < compareSample.Length; i++) compareSample[i] = plainTextBytes[i];
Author: 08008480
11/05/2010
119
string diskSample = "";
string diskHex = "";
for (int j = 0; j < compareSample.Length; j++) diskSample += Convert.ToChar(compareSample[j]);
for (int x = 0; x < compareSample.Length; x++) diskHex += string.Format("{0:X2}", compareSample[x]);
Console.WriteLine("Disk - "/* + diskSample + " : "*/ + diskHex);
byte[] sector2 = {0xEB, 0x52, 0x90, 0x4E, 0x54, 0x46, 0x53, 0x20};
//Convert.FromBase64String("61KQTlRGUyAgIC==");
string unencryptedSample = "";
string unencryptedHex = "";
for (int l = 0; l < sector2.Length; l++) unencryptedSample += Convert.ToChar(sector2[l]);
for (int y = 0; y < sector2.Length; y++) unencryptedHex += string.Format("{0:X2}", sector2[y]);
Console.WriteLine("Decr - "/* + unencryptedSample + " : "*/ + unencryptedHex);
//Console.ReadLine();
if (diskSample == unencryptedSample)
{
success = true;
successKey = keyBytes;
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
if (success == true)
{
Console.WriteLine("Success achieved with key {0}", Convert.ToBase64String(successKey));
// without pausing for user input, this will happen too fast for the user to notice
//Console.Write("Displaying decrypted sector contents.");// Press ENTER.");
//Console.ReadLine();
//Console.WriteLine(plainText);
}
return success;
}
public void startDecryptionLoop(byte[] cipherTextToDecrypt, byte[] beginningKeyBytes, Stream ns)
{
// extend key byte array
byte[] fullKeyBytes = new byte[32];
beginningKeyBytes.CopyTo(fullKeyBytes, 0);
for (int c24 = 0; c24 < 256; c24++)
{
fullKeyBytes[24] = Convert.ToByte(c24);
for (int c25 = 0; c25 < 256; c25++)
{
fullKeyBytes[25] = Convert.ToByte(c25);
for (int c26 = 0; c26 < 256; c26++)
{
fullKeyBytes[26] = Convert.ToByte(c26);
for (int c27 = 0; c27 < 256; c27++)
{
fullKeyBytes[27] = Convert.ToByte(c27);
Author: 08008480
11/05/2010
120
for (int c28 = 0; c28 < 256; c28++)
{
fullKeyBytes[28] = Convert.ToByte(c28);
for (int c29 = 0; c29 < 256; c29++)
{
fullKeyBytes[29] = Convert.ToByte(c29);
for (int c30 = 0; c30 < 256; c30++)
{
fullKeyBytes[30] = Convert.ToByte(c30);
for (int c31 = 0; c31 < 256; c31++)
{
fullKeyBytes[31] = Convert.ToByte(c31);
bool success = decrypt(cipherTextToDecrypt, fullKeyBytes);
if (success == false)
{
Console.WriteLine("Key {0} failed. Trying next...",
Convert.ToBase64String(fullKeyBytes));
}
else
{
// send successful key back to the server
KeySender ks = new KeySender();
ks.sendKey(successKey, ns);
}
}
}
}
}
}
}
}
}
}
public void startDecryptionLoop(byte[] cipherTextToDecrypt, ArrayList KeyPool, Stream ns)
{
// for debug only !! REMOVE FOR FINAL VERSION !!
//Console.WriteLine("Starting decryption loop... Press ENTER.");
//Console.ReadLine();
// decrypt with each key in key pool
foreach (byte[] key in KeyPool)
{
bool success = decrypt(cipherTextToDecrypt, key);
if (success == false)
{
Console.WriteLine("Key {0} failed. Trying next...", Convert.ToBase64String(key));
}
else
{
// send successful key back to the server
KeySender ks = new KeySender();
ks.sendKey(successKey, ns);
Author: 08008480
11/05/2010
121
}
}
}
}
}
Author: 08008480
11/05/2010
122
e) Source Code: KeySender
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Net.Sockets;
namespace DACclient
{
class KeySender
{
public void sendKey(byte[] key, Stream ns)
{
// ensure that for 256-bit keys, this number gets adequately increased
// the key length for a 128-bit key is 32, while for a 256-bit key it is 64
if (key.Length == 32)
{
ns.Write(key, 0, key.Length);
}
}
public void sendString(string command, Stream ns)
{
ASCIIEncoding asen = new ASCIIEncoding();
ns.Write(asen.GetBytes(command),0,asen.GetBytes(command).Length);
}
}
}
Author: 08008480
11/05/2010
123
f) Screenshots
Figure 1: Connecting
Figure 2: Working
Author: 08008480
11/05/2010
124
8. Distributed BitLocker Cracker – Client-Server Protocol
Author: 08008480
11/05/2010
125
References
Aoki, Kazumaro; Franke, Jens; Lenstra, Arjen K.; Thomé, Emmanuel; Bos, Joppe W.; Gaudry,
Pierrick; Kruppa, Alexander; Montgomery, Peter L.; Osvik, Dag Arne; te Riele, Herman;
Timofeev, Andrey; Zimmermann, Paul (February 18, 2010). Factorization of a 768-bit RSA
modulus. Retrieved March 25, 2010 from: http://eprint.iacr.org/2010/006.pdf
Blaze, Matt (1994). Key Management in an Encrypting File System. AT&T Bell Laboratories.
Retrieved February 1, 2010 from:
https://www.usenix.org/publications/library/proceedings/bos94/full_papers/blaze.a
Casey, E. (2008). The Impact of Full Disk Encryption on Digital Forensics. Inspec (Ei Village2).
Cooke, Paul (December 07, 2009) Windows BitLocker Claims. The Windows Security Blog.
Retrieved February 20, 2010 from:
http://windowsteamblog.com/blogs/windowssecurity/archive/2009/12/07/windowsbitlocker-claims.aspx
El-Futouh, Mohamed Abo (2008). The Analysis of Windows Vista Disk Encryption Algorithm.
Compendex (Ei Village2).
Ferguson, Niels (Aug 2006). AES-CBC + Elephant diffuser - A Disk Encryption Algorithm for
Windows Vista. Microsoft.
Ferguson, Niels (Mar 02, 2006 17:10) Back-door nonsense. Retrieved September 10, 2009 from
http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx
Gache, Gabriel (October 26, 2007). Inexpensive GPUs Pose Security Problems. Retrieved March
10, 2010 from: http://news.softpedia.com/news/Inexpensive-GPU-039-s-Pose-SecurityProblems-69260.shtml
Grace, James J.; Bartlett, Thomas S. V. III (July 25, 1999)
http://www.deepquest.pf/win32/win2k_efs.txt. This paper is no longer available.
Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William;
Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; and Felten Edward W.
(February 21, 2008). Lest We Remember: Cold Boot Attacks on Encryption Keys. Princeton
University. Retrieved September 10, 2009 from http://citp.princeton.edu/memory/.
Halfacree, Gareth (January 13th, 2010). Researchers crack 768-bit RSA. Retrieved March 02, 2010
from http://www.bit-tech.net/news/bits/2010/01/13/researchers-crack-768-bit-rsa/1
Hargreaves, Christopher (2008). Windows Vista and Digital Investigations. Compendex (Ei
Village2), ScienceDirect (Elsevier).
Harrison, Owen; Waldron, John (2007). AES Encryption Implementation and Analysis on
Commodity Graphics Processing Units. Computer Architecture Group, Trinity College.
Retrieved March 22, 2010 from:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.149.7643&rep=rep1&type=pdf
Jennings, Charles W., Tycksen, Frank A., Jr. (Feb 13, 2001). Digital Certificate. United States
Patent. US6,189,097 B1
Kornblum, Jesse D. (2009).Implementing BitLocker Drive Encryption for Forensic Analysts. Inspec
(Ei Village2).
Kumar Nitin, Kumar Vipin (May 19. 2008). NVbit : Accessing Bitlocker volumes from linux.
Retrieved Spetember 11, 2009 from http://www.nvlabs.in/node/9.
Kursawe, K., Schellekens, D., Preneel, B. (n.d.). Analyzing Trusted Platform Communication.
Katholieke Universiteit Leuven.
Kurtz, George; McClure, Stuart; Scambray, Joel (January 5, 2009) Hacking Exposed: Network
Security Secrets and Solutions. McGraw-Hill Osborne Media. Sixth Edition. ISBN: 9780071613743
Microsoft Corporation (2008). Bitlocker drive encryption technical overview. Microsoft
Corporation. Retrieved September 5, 2009 from
Author: 08008480
11/05/2010
126
http://technet2.microsoft.com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89ccef9f5908b4731033.mspx?mfr=true; May 2008a.
Microsoft Corporation (2008). BitLocker™ Drive Encryption Security Policy. Retrieved March 12,
2010 from: csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp947.pdf
Microsoft Corporation (January 15, 2009). Best practices for the Encrypting File System. Retrieved
September 15, 2009 from http://support.microsoft.com/kb/223316. Revision: 13.1.
Microsoft Corporation (March 27, 2009). Changes in EFS. Retrieved September 15, 2009 from
http://technet.microsoft.com/en-us/library/dd630631(WS.10).aspx
Microsoft Corporation (n.d.). Encrypting File System Overview. Retrieved September 16, 2009
from http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/encrypt_overview.mspx?mfr=true
Microsoft Corporation (September 14, 2007). Encrypting File System (EFS) files appear corrupted
when you open them. Retrieved September 15, 2009 from
http://support.microsoft.com/kb/329741. Revision: 10.9
Morrill, Dan (August 5, 2008). Hacking and Breaking Bitlocker. Toolbox for IT. Retrieved March 3,
2010 from: http://it.toolbox.com/blogs/managing-infosec/hacking-and-breaking-bitlocker24253
National Institute of Justice (April 2004). Forensic Examination of Digital Evidence: A Guide for
Law Enforcement. National Institute of Justice. Retrieved February 11, 2010 from:
http://www.ncjrs.gov/txtfiles1/nij/199408.txt
Protalinski, Emil (December 4, 2009) First commercial tool to crack BitLocker arrives (Updated).
Retrieved February 20, 2010 from: http://arstechnica.com/microsoft/news/2009/12/firstcommercial-tool-cracks-bitlocker.ars
RSA Laboratories (June 14, 2002). RSA Security Inc. Public-Key Cryptography Standards (PKCS)
Retrieved March 02, 2010 from ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
Russinovich, Mark E.; Solomon, David A. (January 5, 2005). Microsoft® Windows® Internals,
Fourth Edition: Microsoft Windows Server™ 2003, Windows XP and Windows 2000.
Microsoft Press; Fourth Edition. ISBN: 0735619174
Seagate (2008). 128-Bit Versus 256-Bit AES Encryption. Retrieved March 2, 2010 from
http://www.seagate.com/staticfiles/docs/pdf/whitepaper/tp596_128-bit_versus_256_bit.pdf
TCG Confidential (26 October 2006). TPM Main Part 2 TPM Structures.
Thurrott, Paul. (2008). Windows Vista Secrets: SP1 Edition. Wiley. ISBN: 978-0470242001
TopBits.com (n.d.) Encrypting File System (EFS). Retrieved November 5, 2009 from
http://www.topbits.com/encrypting-file-system-efs.html
Trusted Computing Group (2009) Trusted Platform Module (TPM) Summary. Retrieved September
2, 2009 from
http://www.trustedcomputinggroup.org/resources/trusted_platform_module_tpm_summary.
Trusted Computing Group (2009). How to Use the TPM: A Guide to Hardware-Based Endpoint
Security. Retrieved September 2, 2009 from
http://www.trustedcomputinggroup.org/resources/how_to_use_the_tpm_a_guide_to_hardwa
rebased_endpoint_security
Trusted Computing Group (n.d.). TPM Main Specification. Retrieved September 16, 2009 from
http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Turpe, S. (2009). Attacking the BitLocker Boot Process. ScienceDirect (Elsevier).
Wiseman, Willard M.; Grawrock, David W. (May 8, 2007). Trusted Platform Apparatus: System,
and Method. United States Patent. US7,216,369 B2
Zhu, Yuandong (2009). A Comparative Methodology for the Reconstruction of Digital Events Using
Windows Restore Points. ScienceDirect (Elsevier).
Author: 08008480
11/05/2010
127