Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

Schshschshchsch. -- The Gorn, "Arena", stardate 3046.2

computers / alt.comp.os.windows-10 / Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico

SubjectAuthor
* BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi PicoMr. Man-wai Chang
`* Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi PicoPaul
 `- Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi PicoMr. Man-wai Chang

1
BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico

<uq31p0$226fs$1@toylet.eternal-september.org>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=78196&group=alt.comp.os.windows-10#78196

  copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.os.windows-11
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!toylet.eternal-september.org!.POSTED!not-for-mail
From: toylet.toylet@gmail.com (Mr. Man-wai Chang)
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11
Subject: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi
Pico
Date: Fri, 9 Feb 2024 01:07:43 +0800
Organization: A noiseless patient Spider
Lines: 35
Message-ID: <uq31p0$226fs$1@toylet.eternal-september.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 8 Feb 2024 17:07:44 -0000 (UTC)
Injection-Info: toylet.eternal-september.org; posting-host="98f68fff42ea3b4130d79e56ef263cae";
logging-data="2169340"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/3g8yeXpIfjyhr8erF2RJV"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:Ky2XsspLHXFHWeZOjOYYQPRTevk=
Content-Language: en-US
 by: Mr. Man-wai Chang - Thu, 8 Feb 2024 17:07 UTC

BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico
— key can be sniffed when using an external TPM | Tom's Hardware
<https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico>

..... more .....

Bitlocker is one of the most easily accessible encryption solutions
available today, being a built-in feature of Windows 10 Pro and Windows
11 Pro that's designed to secure your data from prying eyes. However,
YouTuber stacksmashing demonstrated a colossal security flaw with
Bitlocker that allowed him to bypass Windows Bitlocker in less than a
minute with a cheap sub-$10 Raspberry Pi Pico, thus gaining access to
the encryption keys that can unlock protected data. After creating the
device, the exploit only took 43 seconds to steal the master key.

To do this, the YouTuber took advantage of a design flaw found in many
systems that feature a dedicated Trusted Platform Module, or TPM. For
some configurations, Bitlocker relies on an external TPM to store
critical information, such as the Platform Configuration Registers and
Volume Master Key (some CPUs have this built-in). For external TPMs, the
TPM key communications across an LPC bus with the CPU to send it the
encryption keys required for decrypting the data on the drive.

..... more ....

Related:

bitlocker broken stackmashing - YouTube
<https://www.youtube.com/results?search_query=bitlocker+broken+stackmashing>

Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico

<uq35nv$22u7n$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=78198&group=alt.comp.os.windows-10#78198

  copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.os.windows-11
Path: i2pn2.org!i2pn.org!news.hispagatos.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11
Subject: Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry
Pi Pico
Date: Thu, 8 Feb 2024 13:15:27 -0500
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <uq35nv$22u7n$1@dont-email.me>
References: <uq31p0$226fs$1@toylet.eternal-september.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 8 Feb 2024 18:15:27 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ddd6c48228262122aa207fb5ae42eefa";
logging-data="2193655"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+ede3llFDsx5u1xYrSS4VhL3naZ7Cf5aE="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:toJJHjQh6IIKaBJrVWGWLNIyTtM=
In-Reply-To: <uq31p0$226fs$1@toylet.eternal-september.org>
Content-Language: en-US
 by: Paul - Thu, 8 Feb 2024 18:15 UTC

On 2/8/2024 12:07 PM, Mr. Man-wai Chang wrote:
> BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM | Tom's Hardware
> <https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico>
>
> Bitlocker is one of the most easily accessible encryption solutions available today, being a built-in feature of Windows 10 Pro and Windows 11 Pro that's designed to secure your data from prying eyes. However, YouTuber stacksmashing demonstrated a colossal security flaw with Bitlocker that allowed him to bypass Windows Bitlocker in less than a minute with a cheap sub-$10 Raspberry Pi Pico, thus gaining access to the encryption keys that can unlock protected data. After creating the device, the exploit only took 43 seconds to steal the master key.
>
> To do this, the YouTuber took advantage of a design flaw found in many systems that feature a dedicated Trusted Platform Module, or TPM. For some configurations, Bitlocker relies on an external TPM to store critical information, such as the Platform Configuration Registers and Volume Master Key (some CPUs have this built-in). For external TPMs, the TPM key communications across an LPC bus with the CPU to send it the encryption keys required for decrypting the data on the drive.
>
> Related:
>
> bitlocker broken stackmashing - YouTube
> <https://www.youtube.com/results?search_query=bitlocker+broken+stackmashing>

So you unplug the TPM and stick it in your pocket.

You can't sniff something, that is not there.

Paul

Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico

<uq9qfo$schs$1@toylet.eternal-september.org>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=78247&group=alt.comp.os.windows-10#78247

  copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.os.windows-11
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!toylet.eternal-september.org!.POSTED!not-for-mail
From: toylet.toylet@gmail.com (Mr. Man-wai Chang)
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11
Subject: Re: BitLocker encryption broken in 43 seconds with sub-$10 Raspberry
Pi Pico
Date: Sun, 11 Feb 2024 14:46:16 +0800
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <uq9qfo$schs$1@toylet.eternal-september.org>
References: <uq31p0$226fs$1@toylet.eternal-september.org>
<uq35nv$22u7n$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 11 Feb 2024 06:46:16 -0000 (UTC)
Injection-Info: toylet.eternal-september.org; posting-host="e0b66aff1da0e1c24ffdad82712e65ab";
logging-data="930364"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18mLjDP5I3As1H6z2Fm3pkj"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:zEOK9/ELwlRYK1V3GJ7WuHBKkHA=
Content-Language: en-US
In-Reply-To: <uq35nv$22u7n$1@dont-email.me>
 by: Mr. Man-wai Chang - Sun, 11 Feb 2024 06:46 UTC

On 9/2/2024 2:15 am, Paul wrote:
>
> So you unplug the TPM and stick it in your pocket.
> You can't sniff something, that is not there.

Just call Micro$oft! Executive Order from US President (DeepFake A.I.
voice)! :)

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor