Bitleaker: decrypts BitLocker-locked partition with the TPM vulnerability (CVE-2018-6622)

BitLeaker is a new tool for extracting the VMK and mounting a BitLocker-locked partition. BitLeaker uses the TPM vulnerability, CVE-2018-6622 for a discrete TPM and related vulnerability for a firmware TPM. They are related to the S3 sleeping state of Advanced Configuration and Power Interface (ACPI) and can reset the TPMs. If you want the detailed information about CVE-2018-6622 and a vulnerability checking tool, please read our USENIX paper, A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping and Black Hat Asia presentation, Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with Napper.

https://www.blackhat.com/eu-19/briefings/schedule/index.html#bitleaker-subverting-bitlocker-with-one-vulnerability-17245

https://github.com/kkamagui/bitleaker

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s