media.ccc.de
Open in
urlscan Pro
185.106.84.58
Public Scan
Submitted URL: https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
Effective URL: https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver
Submission: On January 13 via api from UA — Scanned from PL
Effective URL: https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver
Submission: On January 13 via api from UA — Scanned from PL
Form analysis 1 forms found in the DOM
GET /search/
<form action="/search/" class="navbar-form navbar-right" id="media-search" method="get" role="search">
<div class="form-group input-group">
<input class="form-control" name="q" placeholder="Search…" size="17" type="search" value="">
<span class="input-group-btn">
<button class="btn btn-default" type="submit">
<span class="icon icon-search"></span>
</button>
</span>
</div>
</form>Text Content
News RSS, last 100 Podcast feed of the last two years SD quality Podcast audio feed of the last year Podcast archive feed, everything older than two years SD quality Podcast feeds for 38c3 mp4 SD quality mp3 opus webm SD quality vtt News RSS, last 100 Podcast feed of the last two years SD quality Podcast audio feed of the last year Podcast archive feed, everything older than two years SD quality Podcast feeds for 38c3 mp4 SD quality mp3 opus webm SD quality vtt 1. browse 2. congress 3. 2024 4. event WINDOWS BITLOCKER: SCREWED WITHOUT A SCREWDRIVER th0mas Video Player Close 15 30 00:00 12:41 | 56:39 * None Use Up/Down Arrow keys to increase or decrease volume. 1.00x * 2.00x * 1.50x * 1.25x * 1.00x * 0.75x * eng 1080p (mp4) * deu 1080p (mp4) * eng-deu 1080p (mp4) * eng-deu 1080p (webm) * eng-deu 576p (mp4) * eng-deu 576p (webm) Stage HUFF Playlists: '38c3' videos starting here / audio * 56 min * 2024-12-28 * 2024-12-30 * 18705 * Fahrplan We are aware of audio issues, especially during talks of day 1 (2024-12-27). Some talks have been released in a preview-version, but are still being worked on behind the scenes. Ever wondered how Cellebrite and law enforcement gain access to encrypted devices without knowing the password? In this talk, we’ll demonstrate how to bypass BitLocker encryption on a fully up-to-date Windows 11 system using Secure Boot. We’ll leverage a little-known software vulnerability that Microsoft has been unable to patch since 2022: bitpixie (CVE-2023-21563). We'll live-demo the exploit, and will walk through the entire process—from the prerequisites and inner workings of the exploit to why Microsoft has struggled to address this flaw. We'll also discuss how to protect yourself from this and similar vulnerabilities. BitLocker is Microsoft’s implementation of full-volume encryption. It offers several modes of operation, but the most widely used is Secure Boot-based encryption. Many consumer and corporate clients use it, and it’s starting to be enabled by default under "Device Encryption" on newer Windows 11 installations. In this mode, the harddrive is encrypted at rest but is automatically unsealed when a legit windows boots, meaning users don't need a separate decryption password. They just have to sign in with their usual user account. Unfortunately, this configuration has been broken for quite a while. Hardware attacks against a dTPM are widely known, but software attacks are possible as well, at least since 2022, when Rairii discovered the bitpixie bug (CVE-2023-21563). While this bug is 'fixed' since Nov. 2022 and publically known since 2023, we can still use it today with a downgrade attack to decrypt BitLocker. In this talk, we'll dive into: - How does Secure Boot work, and what role does the TPM play? - How can Bitlocker leverage the TPM? - How does the bitpixie exploit work? What are PXE boot and BCD? - What are the prerequisites for running this exploit? - How can you protect yourself against it? - Why is it so challenging for Microsoft to fully fix this? - How does this affect Linux secure boot? Licensed to the public under http://creativecommons.org/licenses/by/4.0 DOWNLOAD VIDEO * MP4 * WebM Download 1080p eng-deu 827 MB Download 576p eng-deu 182 MB Download 1080p eng-deu 454 MB Download 576p eng-deu 178 MB THESE FILES CONTAIN MULTIPLE LANGUAGES. This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player. AUDIO Download mp3 eng 51 MB Download mp3 deu 51 MB Download opus eng 39 MB Download opus deu 34 MB EMBED <iframe width="1024" height="576" src="https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver/oembed" frameborder="0" allowfullscreen></iframe> SHARE: * * * * TAGS 38c3 816 2024 Stage HUFF by Chaos Computer Club e.V –– About –– Apps –– Imprint –– Privacy –– c3voc