Security Engineer [Guillaume Quéré] spends the day penetration testing systems for their employer and has pointed out and successfully exploited a rather obvious weakness in the BitLocker full volume encryption system, which as the linked article says, allows one to simply sniff the traffic between the discrete TPM chip and CPU via an SPI bus. The way Bitlocker works is to use a private key stored in the TPM chip to encrypt the full volume key that in turn was used to encrypt the volume data. This is all done by low-level device drivers in the Windows kernel and is transparent to the user.

TPM chip pins too small? Just find something else on the bus!

The whole point of BitLocker was to prevent access to data on the secured volume in the event of a physical device theft or loss. Simply pulling the drive and dropping it into a non-secured machine or some other adaptor would not provide any data without the key stored by the TPM. However, since that key must pass as plaintext from the TPM to the CPU during the boot sequence, [Guillaume] shows that it is quite straightforward — with very low-cost tools and free software — to simply locate and sniff out this TPM-to-CPU transaction and decode the datastream and locate the key. Using little more than a cheapo logic analyser hooked up to some conveniently large pins on a nearby flash chip (because the SCK, MISO, and MOSI pins are shared with the TPM) the simple TIS was decoded enough to lock onto the bytes of the TPM frame. This could then be decoded with a TPM stream decoder web app, courtesy of the TPM2-software community group. The command to look for is the TPM_CC.Unseal which is the request from the CPU to the TPM to send over that key we’re interested in. After that just grabbing and decoding the TPM response frame will immediately reveal the goods.

What you do next is a matter of convenience, but most security and forensics types would already be sitting tight on a low-level disk image file of the target volume. By using the Linux xxd command to turn that 32-byte hex dump key into a binary key file, the dislocker-fuse FUSE module can create a dynamically decrypted virtual filesystem that you can just mount. If you wanted, you could then write the decrypted volume data to a fresh disk, drop it into a machine, and boot the operating system. You likely couldn’t log in, but as [Guillaume] points out, by overwriting the sticky keys app (sethc.exe) with cmd.exe, you can get to a command prompt just by banging the shift key five times. Good times!

If you actually need TPM support for an older system, in order to install Windows 11 (if you really must) then you could always just make your own. Also, since the LPC interface is on many a motherboard, why not leverage it and use it to hang an ISA bus adaptor to plug in that old classic Soundblaster card you couldn’t bear to junk?

Read More