Bitlocker data recovery without a key. Is it possible to hack Bitlocker? BitLocker: how to disable. First stage
Many use the Windows encryption feature, but not everyone thinks about the security of this data protection method. Today we will talk about Bitlocker encryption and try to figure out how well Windows disk protection is implemented.
By the way, you can read about how to set up Bitlocker in the article "".
- Foreword
- How does Bitlocker work?
- Vulnerabilities
- Recovery keys
- Opening BitLocker
- BitLocker To Go
- Conclusion
The article is written for research purposes. All information in it is for informational purposes only. It is addressed to security professionals and those who want to become one.
How does Bitlocker work?
What is Bitlocker?
BitLocker is a native disk encryption feature in Windows 7, 8, 8.1, 10 operating systems. This feature allows you to securely encrypt confidential data on your computer, both on HDD and SSD, and on removable media.
How is BitLocker set up?
The reliability of BitLocker should not be judged by the reputation of AES. A popular encryption standard may or may not have frankly weaknesses, but its implementations in specific cryptographic products often abound with them. Microsoft does not disclose the full code for BitLocker technology. It is only known that in different versions of Windows it was based on different schemes, and the changes were not commented on in any way. Moreover, in build 10586 of Windows 10, it simply disappeared, and after two builds it reappeared. However, first things first.
The first version of BitLocker used ciphertext block chaining (CBC) mode. Even then, its shortcomings were obvious: ease of attack on a known text, poor resistance to attacks by the type of substitution, and so on. Therefore, Microsoft immediately decided to strengthen protection. Already in Vista, the Elephant Diffuser algorithm was added to the AES-CBC scheme, making it difficult to directly compare ciphertext blocks. With it, the same contents of two sectors, after encryption with one key, gave a completely different result, which complicated the calculation of a common pattern. However, the default key itself was short - 128 bits. Through administrative policies, it can be extended to 256 bits, but is it worth it?
For users, after changing the key, nothing will change outwardly - neither the length of the entered passwords, nor the subjective speed of operations. Like most full disk encryption systems, BitLocker uses multiple keys... and none of them are visible to users. Here circuit diagram bitlocker.
- When BitLocker is activated using a pseudo-random number generator, a master bit sequence is generated. This is the volume encryption key - FVEK (full volume encryption key). It is he who now encrypts the contents of each sector.
- In turn, FVEK is encrypted using another key - VMK (volume master key) - and stored in encrypted form among the volume metadata.
- The VMK itself is also encrypted, but already different ways at the choice of the user.
- On new motherboards, the VMK key is encrypted by default using the SRK key (storage root key), which is stored in a separate cryptoprocessor - a trusted platform module (TPM). The user does not have access to the TPM content, and it is unique to each computer.
- If there is no separate TPM chip on the board, then instead of SRK, a user-entered pin code is used to encrypt the VMK key, or a USB flash drive connected on request with key information pre-written on it is used.
- In addition to the TPM or flash drive, you can protect the VMK key with a password.
Such general scheme BitLocker's work has been preserved in subsequent releases of Windows until now. However, BitLocker's key generation and encryption modes have changed. So, in October 2014, Microsoft quietly removed the additional Elephant Diffuser algorithm, leaving only the AES-CBC scheme with its known shortcomings. At first, no official statements were made about this. People were simply given a weakened encryption technology with the same name under the guise of an update. Vague explanations for this move followed after the simplifications in BitLocker were noticed by independent researchers.
Elephant Diffuser was formally abandoned to ensure Windows compliance federal standards United States Information Processing Service (FIPS), but one argument refutes this version: Vista and Windows 7, which used Elephant Diffuser, sold without problems in America.
Another imaginary reason for the refusal of the additional algorithm is the lack of hardware acceleration for Elephant Diffuser and the loss in speed when using it. However, in previous years, when processors were slower, for some reason the speed of encryption suited them. And the same AES was widely used even before there were separate instruction sets and specialized chips for its acceleration. Over time, it was possible to make hardware acceleration for Elephant Diffuser as well, or at least give customers a choice between speed and security.
Another, unofficial version looks more realistic. The "elephant" got in the way of employees who wanted to spend less effort decrypting the next disk, and Microsoft willingly interacts with authorities even in cases where their requests are not entirely legal. Indirectly confirms the conspiracy theory and the fact that before Windows 8, when creating encryption keys in BitLocker, the pseudo-random number generator built into Windows was used. In many (if not all) releases of Windows, this was Dual_EC_DRBG - a "cryptographic strong PRNG" developed by the US National Security Agency and containing a number of inherent vulnerabilities.
Of course, the secret weakening of the built-in encryption caused a powerful wave of criticism. Under her pressure, Microsoft rewrote BitLocker again, replacing PRNG with CTR_DRBG in new releases of Windows. Additionally, in Windows 10 (starting with build 1511), the default encryption scheme is AES-XTS, which is immune to ciphertext block manipulation. AT latest builds"dozens" were fixed and other known BitLocker shortcomings, but the main problem still remained. It is so absurd that it makes other innovations meaningless. It's about the principles of key management.
The task of decrypting BitLocker drives is also simplified by the fact that Microsoft is actively promoting alternative method restoring access to data through the Data Recovery Agent. The meaning of the "Agent" is that it encrypts the encryption keys of all drives within the enterprise network with a single access key. Once you have it, you can decrypt any key, and thus any disk used by the same company. Comfortable? Yes, especially for hacking.
The idea of using one key for all locks has already been compromised many times, but it continues to be returned in one form or another for the sake of convenience. Here is how Ralph Leighton recorded Richard Feynman's memoirs about one characteristic episode of his work on the Manhattan project at the Los Alamos laboratory: “... I opened three safes - and all three with one combination. I did them all: opened the safes with all the secrets atomic bomb- technology for obtaining plutonium, a description of the purification process, information about how much material is needed, how the bomb works, how neutrons are made, how the bomb is arranged, what are its dimensions - in short, everything they knew about at Los Alamos, the whole kitchen! .
BitLocker is somewhat reminiscent of the safe device described in another fragment of the book "Of course you are joking, Mr. Feynman!". The most imposing safe in the top-secret laboratory had the same vulnerability as a simple filing cabinet. “... It was a colonel, and he had a much more tricky, two-door safe with large handles that pulled four steel rods three-quarters of an inch thick from the frame. I looked at the back of one of the imposing bronze doors and found that the digital dial was connected to a small padlock that looked exactly like the lock on my Los Alamos closet. It was obvious that the system of levers depended on the same small rod that locked the filing cabinets .. Depicting some kind of activity, I began to twist the dial at random. Two minutes later - click! - The safe was opened. When the safe door or the top drawer of the filing cabinet is open, it is very easy to find the combination. That is what I did when you read my report, just to show you the danger."
BitLocker crypto containers are quite secure on their own. If someone brings you a flash drive that comes from nowhere, encrypted with BitLocker To Go, then you are unlikely to decrypt it in a reasonable time. However, in a real scenario using encrypted drives and removable media, there are many vulnerabilities that are easy to use to bypass BitLocker.
BitLocker Vulnerabilities
Surely you have noticed that when you first activate Bitlocker, you have to wait a long time. This is not surprising - the process of sector-by-sector encryption can take several hours, because it is not even possible to read all blocks of terabyte HDDs faster. However, disabling BitLocker happens almost instantly - how come?
The fact is that when disabled, Bitlocker does not decrypt the data. All sectors will remain encrypted with the FVEK key. Simply, access to this key will no longer be limited in any way. All checks will be disabled, and the VMK will remain recorded among the metadata in open form. Each time you turn on the computer, the OS loader will read the VMK (already without checking the TPM, requesting a key on a flash drive or password), automatically decrypting FVEK with it, and then all files as they are accessed. For the user, everything will look like a complete lack of encryption, but the most attentive ones may notice a slight decrease in the performance of the disk subsystem. More precisely - the lack of an increase in speed after disabling encryption.
There is something else interesting in this scheme. Despite the name (full disk encryption technology), some of the data when using BitLocker still remains unencrypted. MBR and BS remain in open form (unless the disk was initialized in GPT), bad sectors and metadata. An open bootloader gives room for imagination. In pseudo-bad sectors, it is convenient to hide other malware, and metadata contains a lot of interesting things, including copies of keys. If Bitlocker is active, then they will be encrypted (but weaker than FVEK encrypts the contents of the sectors), and if it is deactivated, they will simply lie in the clear. These are all potential attack vectors. They are potential because, in addition to them, there are much simpler and more universal ones.
Bitlocker recovery key
In addition to FVEK, VMK, and SRK, BitLocker uses another type of key that is generated "just in case". These are the recovery keys with which another popular attack vector is associated. Users are afraid to forget their password and lose access to the system, and Windows itself recommends that they make an emergency login. To do this, the BitLocker Encryption Wizard on last step prompts you to create a recovery key. Refusal to create it is not provided. You can only choose one of the key export options, each of which is very vulnerable.
In the default settings, the key is exported as a simple text file with a recognizable name: "BitLocker recovery key #", where the computer ID is written instead of # (yes, right in the file name!). The key itself looks like this.
If you forgot (or never knew) the password set in BitLocker, then just look for the file with the recovery key. Surely it will be saved among the documents of the current user or on his flash drive. Maybe it's even printed on a piece of paper, as Microsoft recommends.
To quickly find the recovery key, it is convenient to limit the search by extension (txt), date of creation (if you know approximately when BitLocker could have been enabled), and file size (1388 bytes if the file has not been edited). Once you find the recovery key, copy it. With it, you can bypass the standard authorization in BitLocker at any time. To do this, just press Esc and enter the recovery key. You will log in without problems and even be able to change the password in BitLocker to an arbitrary one without specifying the old one!
Opening BitLocker
Real cryptographic the system is a compromise between convenience, speed and reliability. It should include procedures for transparent encryption with on-the-fly decryption, methods for recovering forgotten passwords and convenient work with keys. All this weakens any system, no matter how strong algorithms it is based on. Therefore, it is not necessary to look for vulnerabilities directly in the Rijndael algorithm or in different schemes of the AES standard. It is much easier to find them in the specifics of a particular implementation.
In the case of Microsoft, this "specificity" is enough. For example , copies of BitLocker keys are by default sent to SkyDrive and escrowed in Active Directory .
Well, what if you lose them... or Agent Smith asks. It is inconvenient to make a client wait, and even more so an agent. For this reason, the comparison cryptographic strength AES-XTS and AES-CBC with Elephant Diffuser fade into the background, as do recommendations to increase the key length. No matter how long it is, the attacker will easily get it in unencrypted form .
Retrieving escrowed keys from a Microsoft or AD account is the main way to break BitLocker. If the user has not registered an account in the Microsoft cloud, and his computer is not in the domain, then there will still be ways to extract the encryption keys. In the course of normal operation, their open copies are always stored in RAM (otherwise there would be no "transparent encryption"). This means they are available in her dump and hibernation file.
Why are they kept there at all?
As it is ridiculous - for convenience smile . BitLocker was designed to protect against offline attacks only. They are always accompanied by rebooting and connecting the disk to another OS, which leads to clearing the RAM. However, in the default settings, the OS dumps the RAM when a failure occurs (which can be provoked) and writes all its contents to the hibernation file each time the computer goes into deep sleep. So if you've recently signed in to Windows with BitLocker enabled, there's a good chance you'll get a decrypted copy of the VMK and use it to decrypt the FVEK and then the data itself down the chain.
Let's check? All the BitLocker hacking methods described above are collected in one program - Forensic Disk Decryptor, developed by the domestic company Elcomsoft. It can automatically extract encryption keys and mount encrypted volumes as virtual drives , decrypting them on the fly .
Additionally, EFDD implements another non-trivial way of obtaining keys - by attacking through the FireWire port, which is advisable to use in the case when it is not possible to run your software on the computer being attacked. We always install the EFDD program itself on our computer, and on the hacked one we try to manage with the minimum necessary actions.
For example, let's just run a test system with BitLocker active and "invisibly" make a memory dump. So we will simulate a situation in which a colleague went out for lunch and did not lock his computer. We launch RAM Capture and in less than a minute we get a complete dump in a file with the .mem extension and a size corresponding to the amount of RAM installed on the victim's computer.
How to do a dump - by by and large doesn't matter. Regardless of the extension, this will turn out to be a binary file, which will then be automatically analyzed by EFDD in search of keys.
We write the dump to a USB flash drive or transfer it over the network, after which we sit down at our computer and run EFDD.
Select the "Extract keys" option and enter the path to the file with the memory dump as the source of the keys.
BitLocker is a typical crypto container, like PGP Disk or TrueCrypt. These containers turned out to be quite reliable on their own, but client applications for working with them under Windows litter encryption keys in RAM. Therefore, a universal attack scenario is implemented in EFDD. The program instantly searches for encryption keys from all three types of popular crypto containers. Therefore, you can leave all the items checked - what if the victim secretly uses or PGP!
After a few seconds, Elcomsoft Forensic Disk Decryptor shows all found keys in its window. For convenience, they can be saved to a file - this will come in handy in the future.
Now BitLocker is no longer a hindrance! You can carry out a classic offline attack - for example, pull out HDD and copy its contents. To do this, simply connect it to your computer and run EFDD in "decrypt or mount disk" mode.
After specifying the path to the files with saved keys, EFDD of your choice will perform a full decryption of the volume or immediately open it as a virtual disk. In the latter case, the files are decrypted as they are accessed. Either way, no changes are made to the original volume, so you can return it the next day as if nothing had happened. Working with EFDD occurs without a trace and only with copies of the data, and therefore remains invisible.
BitLocker To Go
Starting with the "seven" in Windows, it became possible to encrypt flash drives, USB-HDDs and other external media. A technology called BitLocker To Go encrypts removable drives in the same way as local drives. Encryption is enabled by the corresponding item in the Explorer context menu.
For new drives, you can use encryption of only the occupied area - all the same, the free space of the partition is full of zeros and there is nothing to hide there. If the drive has already been used, it is recommended to enable full encryption on it. Otherwise, a location marked as free will remain unencrypted. It may contain in plain text recently deleted files that have not yet been overwritten.
Even fast encryption of only a busy area takes from several minutes to several hours. This time depends on the amount of data, the bandwidth of the interface, the characteristics of the drive, and the speed of the cryptographic calculations of the processor. Since encryption is accompanied by compression, the free space on the encrypted disk usually increases slightly.
The next time you connect an encrypted flash drive to any computer running Windows 7 or later, the BitLocker wizard will automatically launch to unlock the drive. In Explorer, before unlocking, it will be displayed as a locked disk.
Here you can use both the already discussed options for bypassing BitLocker (for example, looking for the VMK key in a memory dump or hibernation file), as well as new ones related to recovery keys.
If you do not know the password, but you managed to find one of the keys (manually or using EFDD), then there are two main options for accessing the encrypted flash drive:
- use the built-in BitLocker wizard to work directly with the flash drive;
- use EFDD to fully decrypt the flash drive and create its sector-by-sector image.
The first option allows you to immediately access the files recorded on the flash drive, copy or change them, and also burn your own. The second option takes much longer (from half an hour), but it has its advantages. The decrypted sector-by-sector image allows you to further perform a more subtle analysis of the file system at the level of a forensic laboratory. In this case, the flash drive itself is no longer needed and can be returned unchanged.
The resulting image can be opened immediately in any program that supports the IMA format, or first converted to another format (for example, using UltraISO).
Of course, in addition to finding the recovery key for BitLocker2Go, all other BitLocker bypass methods are supported in EFDD. Just iterate through all the available options in a row until you find a key of any type. The rest (up to FVEK) will be decrypted by themselves along the chain, and you will get full access to the disk.
Conclusion
BitLocker full disk encryption technology differs between versions of Windows. Once properly configured, it allows you to create crypto containers that are theoretically comparable in strength to TrueCrypt or PGP. However, the built-in mechanism for working with keys in Windows negates all algorithmic tricks. In particular, the VMK key used to decrypt the master key in BitLocker is recovered using EFDD in a few seconds from an escrowed duplicate, a memory dump, a hibernation file, or a FireWire port attack.
Once you have the key, you can perform a classic offline attack, covertly copying and automatically decrypting all the data on the “protected” drive. Therefore, BitLocker should only be used in conjunction with other protections: Encrypting File System (EFS), Rights Management Service (RMS), Program Startup Control, Device Installation and Connection Control, and more stringent local policies and general security measures.
The article used the materials of the site:
And protect sensitive data. We set the password using the standard Windows application - BitLocker. This is a very strong encryption system that allows you to prevent unauthorized access to information from your flash drive. If you want to put a password on a USB flash drive, then I would recommend this method to you.
But many users put a password on a USB flash drive, which is the only one in the house and is used to solve universal problems. Someone plays music from it in the car, someone watches movies on TV or inserts it into a game console. Therefore, after encrypting data with BitLocker, all these actions will not be possible. So, there will be a need to disable BitLocker and unlock your USB flash drive. But how to disable BitLocker and can it be done with built-in Windows tools?
Yes, you can disable data encryption on a flash drive and it's quite easy to do. And if you do not know how to do this, I will give you a simple and understandable instruction. The data, before decryption, does not need to be deleted or transferred to a computer, they will all remain on the flash drive, the protection will simply be removed.
How to disable BitLocker:
- 1Insert the flash drive into the computer, open it and enter the password to gain access to its contents. Now you need to go to the Control Panel. You can do this through the start, or you can hold down the win + R buttons and enter the “control” command in the line that appears.
- In the control panel, we need to go to the "System and Security" menu
- Now you need to find and select the item "BitLocker Drive Encryption"
- At this stage, you need to find the flash drive on which protection is installed, in the form of a password. After that, you will see the item "Turn off BitLocker", and you must select it.
- Wait until the disk decryption is completed. The procedure may take a long time, it all depends on the number of files on the disk. After its completion, protection will be removed from the flash drive, and you can use it in normal mode.
No one is at all surprised by the fact that a personal computer can store purely personal information or corporate data of increased value. It is undesirable if such information falls into the hands of third parties who can use it, causing serious problems for the former owner of the PC.
Depending on the circumstances, Bitlocker can be activated and deactivated.
It is for this reason that many users express a desire to take some kind of action aimed at restricting access to all files stored on the computer. Such a procedure does indeed exist. Having done certain manipulations, none of the outsiders, not knowing the password or the key to its recovery, will be able to access the documents.
It is possible to protect important information from access by third parties by encrypting the Bitlocker drive. Such actions help ensure complete confidentiality of documents not only on a specific PC, but also in the case when someone removes the hard drive and inserts it into another personal computer.
Algorithm for enabling and disabling the function
Bitlocker drive encryption works on Windows 7, 8 and 10, but not all versions. It is assumed that on the motherboard, which is equipped with a particular computer on which the user wants to encrypt, there must be a TPM module.
ADVICE. Do not be discouraged if you know for sure that there is no such special module on your motherboard. There are some tricks that allow you to "ignore" such a requirement, respectively, to install without such a module.
Before proceeding with the process of encrypting all files, it is important to consider that this procedure is quite lengthy. It is difficult to give an exact amount of time. It all depends on how much information is available on the hard drive. During the encryption process, Windows 10 will continue to work, but it is unlikely that it will be able to please you with its performance, since the performance indicator will be significantly reduced.
Enable the function
If you have Windows 10 installed on your computer, and you have an active desire to enable data encryption, use our tips so that you not only succeed, but also the path to fulfilling such a desire is not difficult. Initially, find the “Win” key on your keyboard, sometimes it is accompanied by the Windows icon, hold it down, while simultaneously holding down the “R” key. Pressing these two keys at the same time opens the Run window.
In the window that opens, you will find an empty line in which you will need to enter "gpedit.msc". After clicking on the "Ok" button, a new window "Local Group Policy Editor" will open. In this window, we have to go a little way.
On the left side of the window, find and immediately click on the line "Computer Configuration", in the submenu that opens, find "Administrative Templates", and then in the next submenu that opens, go to the parameter located in the first place in the list and called "Windows Components".
Now shift your gaze to right side window, in it find "Bitlocker Drive Encryption", double-click to activate it. Now a new list will open, in which your next target should be the line "Operating system drives". Click on this line as well, you just have to make one more transition to get closer to the window where Bitlocker will be directly configured, allowing you to turn it on, which is exactly what you want.
Find the line "This policy setting allows you to configure the requirement for additional authentication at startup", expand this setting by double-clicking. In the open window, you will find the desired word "Enable", next to which you will find a checkbox next to it, in which you need to put a specific checkmark in the form of a tick of your consent.
A little lower in this window is the "Platforms" subsection, in which you need to check the checkbox next to the suggestion of using BitLocker without a special module. This is very important, especially if your Windows 10 does not have a TPM module.
The setting of the desired function in this window is completed, so you can close it. Now move the mouse cursor over the Windows icon, just right-click on it, which will allow an additional submenu to appear. In it you will find the line "Control Panel", go to it, and then to the next line "Bitlocker Drive Encryption".
Don't forget to indicate where you want to encrypt. This can be done on both hard and removable drives. After selecting the desired object, click on the "Enable Bitlocker" button.
Now Windows 10 will start an automatic process, occasionally drawing your attention, prompting you to specify your desires. Of course, it is best to do before performing such a process backup. Otherwise, if the password and the key to it are lost, even the owner of the PC will not be able to recover the information.
Next, the process of preparing the disk for subsequent encryption will begin. During this process, it is not allowed to turn off the computer, as this action can cause serious damage to the operating system. After such a failure, you simply will not be able to start your Windows 10, respectively, instead of encryption, you have to install a new operating system, spending extra time.
As soon as the preparation of the disk is successfully completed, the actual configuration of the disk for encryption begins. You will be prompted to enter a password that provides access to encrypted files later. You will also be prompted to come up with and enter a recovery key. Both of these important components are best kept in a safe place, best printed out. It is very stupid to store the password and recovery key on the PC itself.
During the encryption process, the system may ask you which part you specifically want to encrypt. It is best to subject the entire disk space to this procedure, although there is an option to encrypt only the occupied space.
It remains to select such an option as "New Encryption Mode", and then run an automatic check of the BitLocker operating system. Next, the system will safely continue the process, after which you will be prompted to restart your PC. Of course, fulfill this requirement, reboot.
After the next start of Windows 10, you will make sure that access to documents without entering a password will be impossible. The encryption process will continue, you can control it by clicking on the BitLocker icon located on the notification panel.
Disabling the function
If for some reason the files on your computer are no longer of high importance, and you don’t really like to enter a password every time to access them, then we suggest that you simply turn off the encryption function.
To perform such actions, go to the notification panel, find the BitLocker icon there, click on it. At the bottom of the open window you will find the line "BitLocker Management", click on it.
Now the system will prompt you to choose which action is preferable for you:
- back up the recovery key;
- change the password for access to encrypted files;
- remove the previously set password;
- disable BitLocker.
Of course, if you decide to disable BitLocker, you should choose the last option offered. A new window will immediately appear on the screen in which the system wants to make sure that you really want to disable the encryption function.
ATTENTION. As soon as you click on the "Turn off BitLocker" button, the decryption process will immediately begin. Unfortunately, this process is not characterized by high speed, so you definitely have to tune in for a while, during which you just have to wait.
Of course, if you need to use a computer at this moment, you can afford it, there is no categorical prohibition on this. However, you should set yourself up for the fact that PC performance at this moment can be extremely low. Understanding the reason for this slowness is not difficult, because the operating system has to unlock a huge amount of information.
So, having a desire to encrypt or decrypt files on a computer, it is enough to familiarize yourself with our recommendations, after that, without haste, perform each step of the indicated algorithm, and upon completion, rejoice at the result achieved.
Encrypt the hard drive, access it only with a password or a USB drive with a startup key, and block access in case of any attempt from external influence. All this, and in the case of encryption of external media, you must refer to . We have dealt with this. But what if you forgot your password? What to do if you have lost the USB stick with the start key? What to do if you need to change the boot environment of the computer, which will make it impossible (for security reasons) to read from hard drive? Or, to summarize all this, how to restore BitLocker?
BitLocker recovery mode
In cases where:
- The boot environment has been changed, in particular, one of the Windows boot files has been changed.
- Disabled or removed.
- Booted without providing a TPM, PIN, or USB drive with a startup key.
- Operating room volume Windows system connected to another computer.
Then the computer goes into BitLocker recovery mode. In such cases, you will need to remember the moment when you encrypted the hard drive. When setting up encryption, there was a window that provided the ability to save the BitLocker recovery key in various ways: to a file, print, and so on. The recovery key is written simply, in a .txt file, from where you can easily read and enter this key into the BitLocker recovery window. If you enter the correct recovery key, the computer will boot normally.
The steps listed above apply to the case where the hard disk access key is lost. If you need to change the boot environment, change something in the BIOS, you can from the window BitLocker Drive Encryption On Windows, temporarily disable BitLocker. And after upgrading the boot environment, enable it again. Everything is pretty simple.
In the case of encrypted removable media, you will be asked to enter the recovery key directly in the Explorer window, immediately after you let know that you have forgotten or lost the access key. Therefore, I would like to say: keep your recovery keys carefully!
manage-bde.exe utility
We've taken a look at BitLocker, discussed its capabilities, and looked at how to manage it. This method quite simple is to use the Explorer interface. Today in the studio, another way to manage BitLocker is the manage-bde.exe utility, which will end our introduction to BitLocker technology.
I hope you guessed that new way will not be the same as before. And I gave a hint that the difference is in the interface. So I think you guessed what manage-bde.exe is a command line utility.
Manage-BDE.exe Commands
With the help of various options, which I will give below, you can configure BitLocker to work the way you want. The functionality of this utility is identical to the functionality of Explorer for working with BitLocker. Let's get to know him.
manage-bde.exe -status
Displays the status of BitLocker.
manage-bde.exe -on
Encrypts the volume and enables BitLocker.
manage-bde.exe -off
Decrypts the volume and disables BitLocker.
manage-bde.exe -pause/-resume
Pauses or resumes encryption or decryption.
manage-bde.exe -lock
Denies access to data encrypted with BitLocker.
manage-bde.exe -unlock
Allows access to data encrypted with BitLocker.
manage-bde.exe -setidentifier
Sets the volume identifier.
manage-bde.exe -changepin
Changes the pin code.
manage-bde.exe -changepassword
Changes the password.
manage-bde.exe -changekey
Changes the volume startup key.
All these commands must be executed in a command prompt window opened with administrator rights. If you need any additional help on any command, type this command
manage-bde.exe /?
On this request, you will receive full help on this command with the given parameters, as well as several examples of work. That's all, use BitLocker technology to your health and do not forget that you may have to restore BitLocker.
Many methods can be used to encrypt your personal data, and more specifically, software third party companies. But why, if there is BitLocker from Microsoft. Unfortunately, some people have problems recovering files after being encrypted with BitLocker. When encrypting BitLocker, you need to create a special recovery key, you need to save it, and it doesn’t matter where, the main thing is secure. You can print it or save it using an account, but not local, but from Microsoft. If the disk does not unlock itself, then you need to use the same key, otherwise nothing.
But there are also cases when the key is lost. What to do then? Sometimes you can forget the password to enter the system, which makes the decryption process extremely difficult. Let's try to study all these problems and understand how to proceed. This article should help you solve problems with BitLocker .
A few articles about data encryption:
What to do with the recovery key, what if it is lost?
So, the human factor is such a thing that when it comes to memory, which is very necessary at a certain moment, it fails us. You forgot where you put the recovery key, then remember how you saved it in BitLocker. Since the utility offers three ways to save the key - printing, saving to a file and saving to account. In any case, you should have chosen one of these methods.
So, if you saved the key in your account, then you need to go to OneDrive from the browser and enter the section "BitLocker Recovery Keys". We log in with our credentials. The key will definitely be there, provided that you uploaded it there. If it doesn't exist, maybe you saved it to another account?
It happens that the user creates more than one key, then you can determine a specific one using the identifier in the BitLocker utility and compare it with the one from the key, if they match, then this is the correct key.
If the computer does not want to boot into the system due to BitLocker?
Let's say you encrypted the system drive and there was a problem in which the system does not want to unlock, then there is probably some kind of problem with the TPM module. It should unlock the system automatically. If this is true, then a picture will appear before your eyes, where it says: and you will be asked to enter the recovery key. And if you do not have it, because you have lost it, then it is unlikely that you will be able to log into the system. Most likely only reinstalling the system will help. So far, I do not know how you can unlock BitLocker without a key, but I will try to study this issue.
How to unlock BitLocker encrypted drives in Windows?
If you have a couple of partitions, or external hard drives encrypted with BitLocker, but need to be unlocked, I will try to help.
Connect the device to the PC (if it is external). Launch the "Control Panel", you can from the search, and go to the "System and Security" section. Find the section "BitLocker Drive Encryption". By the way, this operation can only be carried out on PRO versions, keep this in mind.
Find the drive you encrypted that you want to decrypt from the list. Click beside option "Unlock Drive".
Now enter the unlock data you need (PIN or password). Don't have this data? Do you remember them? Then click "Extra options" and select item.
As a conclusion, I want to say one thing. If you lose your password or PIN code, you can restore access to the drive using the recovery key, this is 100%. You must store it in a safe place and always remember where it is. If you have lost this key, you can say goodbye to your data. So far, I have not found a method where you can decrypt BitLocker without a key.