ElcomSoft Tool Cracks BitLocker, PGP, TrueCrypt In Real-Time

← Back to Stories (view on slashdot.org)

ElcomSoft Tool Cracks BitLocker, PGP, TrueCrypt In Real-Time

Posted by timothy on Thursday December 20, 2012 @06:48AM from the well-that-puts-a-spin-on-things dept.

An anonymous reader writes "Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. EFDD runs on all 32-bit and 64-bit editions of Windows XP, Windows Vista, and Windows 7, as well as Windows 2003 and Windows Server 2008." All that for $300.

33 of 268 comments (clear)

Min score:

Reason:

Sort:

Key theft != cracking encryption by Anonymous Coward · 2012-12-20 06:53 · Score: 5, Informative

Yeah, this is really just exploiting retarded key control. The encryption standards themselves are still secure
1. Re:Key theft != cracking encryption by Anonymous Coward · 2012-12-20 07:27 · Score: 5, Insightful
  
  It's still a key control problem.
  If Windows notifies programs about suspends/shutdowns (not sure it really does), TrueCrypt needs to dismount immediately and do whatever it needs to do to protect its key.
  None of these processes attack the encryption directly, just control of its keys. Of course, that still means data disclosure, but rather than meaning P=NP or some other news, it simply means that keys are being poorly protected by the software, which in the case of hibernation can hopefully be fixed.
  Firewire doesn't matter...it's equivalent to a malicious PCI device, without (as far as I know) the possible protection of VT-d. Epoxy or X-acto. If you can read the system's memory space, you can do a *WHOLE* lot more than just recovering the key...the data itself is likely in there while being read or even the entire unencrypted volume if it's memory mapped. Let alone kernel memory etc. So that is not news really.
2. Re:Key theft != cracking encryption by icebike · 2012-12-20 07:53 · Score: 5, Interesting
  
  Exactly: They aren't breaking encryption, they are simply surfing for keys.
  Quote TFA:
  
  So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.
  Note the basic misunderstanding embedded in that last sentence: Turned off != Hibernated.
  While this tool might help you break into a computer you found hibernated, or running while locked, it won't do any good if the power cord is yanked, or the encryption software was intelligently written to only store its key an some volatile memory.
  
  --
  Sig Battery depleted. Reverting to safe mode.
3. Re:Key theft != cracking encryption by _Shad0w_ · 2012-12-20 07:53 · Score: 5, Informative
  
  You can register an interest in knowing about power events by calling RegisterPowerSettingNotification(); your application then gets sent the WM_POWERBROADCAST message when the the power setting changes, that includes suspending the system (PBT_APMSUSPEND). You get about two seconds to actually do something with this information.
  
  --
  Yeah, I had a sig once; I got bored of it.
4. Re:Key theft != cracking encryption by Tawnos · 2012-12-20 08:01 · Score: 5, Informative
  
  Freeze the ram, remove, reinsert into a device to dump the RAM's contents. It's been done before: http://zedomax.com/blog/2008/09/29/memory-hack-how-to-hack-encryption-keys-by-freezing-memory/
5. Re:Key theft != cracking encryption by Anonymous Coward · 2012-12-20 08:05 · Score: 5, Informative
  
  In Windows the hibernation file is never deleted (I assume to keep enough HDD space reserved). In fact, many systems automatically hibernate after they've been suspended for a certain period of time. I don't know how Linux hibernation works. You might have the key sitting in the hibernation file from weeks ago.
6. Re:Key theft != cracking encryption by Anonymous Coward · 2012-12-20 08:15 · Score: 4, Informative
  
  hiberfil.sys is not scrubbed or deleted after resuming from hibernation, therefore it will persist after a subsequent shutdown. So if the hibernation feature was used while an encrypted filesystem was mounted, the keys will remain in it.
7. Re:Key theft != cracking encryption by Jane+Q.+Public · 2012-12-20 08:53 · Score: 5, Informative
  
  Others have mentioned that it does not attack the actual encryption, but they did not summarize what it does do:
  
  This only works if the encrypted item (drive or file) is in a mounted state at the time of "attack". And that applies if it is in a mounted state when the machine goes into hibernation. It gathers the encryption key from memory (or resume file if hibernating), it does not even try to "break" the encryption.
  
  Still, it must be said that this is a clever approach, and could be a nice tool in some (very limited) circumstances.
8. Re:Key theft != cracking encryption by Rakishi · 2012-12-20 08:54 · Score: 4, Informative
  
  "A while" is generally limited to a few seconds:
  No it's not, regular RAM retains memory for up to a few minutes (sort of) with no refreshes at regular temperatures. Freeze the memory and it's a lot longer than that.
  http://zedomax.com/blog/2008/09/29/memory-hack-how-to-hack-encryption-keys-by-freezing-memory/
9. Re:Key theft != cracking encryption by icebike · 2012-12-20 09:02 · Score: 5, Informative
  
  But if you are worried about this, you simply run after awakening from hybernation mode:
  POWERCFG -H OFF
  POWERCFG -H ON
  That turns off hibernation, which deletes hiberfil.sys then enables hibernation which will allow its recreation.
  
  --
  Sig Battery depleted. Reverting to safe mode.
10. Re:Key theft != cracking encryption by icebike · 2012-12-20 09:15 · Score: 4, Informative
  
  I am not confusing anything, you are.
  Hibernation is a choice you make every time you shut down your computer.
  Stop doing that.
  Just choose shutdown instead of hibernation.
  In fact you can disable hibernation all together, and simply use sleep for short trips to the bathroom, and actually shut the damn thing down when not using it.
  Security conscious people never hibernate a machine.
  
  --
  Sig Battery depleted. Reverting to safe mode.
11. Re:Key theft != cracking encryption by EdIII · 2012-12-20 09:41 · Score: 5, Insightful
  
  Or you could, you know, not do anything with the system that would give the feds a reason to be banging on your door.
  More, and more, just living free and being vocal about others living free, and god forbid, helping others living free, is more than enough reason to have the feds banging down your door .
  Let's not forgot that moron FBI guy that took out hundreds of companies in a data center because he could not understand how hundreds of different companies and legal entities could cohabitate in the same space.
  At this point just being innocent and never doing anything wrong is not protection enough to be raided by the feds.
I bet EFDD is... by Anonymous Coward · 2012-12-20 06:53 · Score: 5, Funny

...just a hammer.
Obligatory: http://xkcd.com/538/
1. Re:I bet EFDD is... by mar.kolya · 2012-12-20 07:28 · Score: 5, Funny
  
  In Russia this often called 'thermorectal cryptanalysis' and soldering iron is a tool of choice for this sort of job.
Not as clever as it sounds by Anonymous Coward · 2012-12-20 06:54 · Score: 5, Informative

It reads the encryption key from memory.
1. Re:Not as clever as it sounds by blueg3 · 2012-12-20 07:13 · Score: 5, Funny
  
  What did you expect it to do? Magic?
2. Re:Not as clever as it sounds by smittyoneeach · 2012-12-20 07:18 · Score: 5, Funny
  
  I, for one, expected a pagan ritual involving Cthulhu; Natalie Portman, naked and petrified and covered in hot grits; and a traveling salesman walk of all your base.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
3. Re:Not as clever as it sounds by HeckRuler · 2012-12-20 07:20 · Score: 4, Insightful
  
  Yeah, I would consider the ability to crack hard-encryption in a reasonable amount of time and processing power as a good definition for "magic". I'm under the impression that such a feat is mathmatically impossible. At least as far as we know. And the summary lead me to believe that they had somehow found a flaw in the underlying encryption scheme.
4. Re:Not as clever as it sounds by gmuslera · 2012-12-20 07:29 · Score: 4, Insightful
  
  The first thing you think about "PGP encryption cracked" is that a random .pgp file that you got isolated somehow (i.e. intercepting a mail with it attached) could be cracked and decrypted in minutes, no extra hardware required.
  But this goes to the RAM of the computer where still resides somehow the passphrase to decrypt the file. Is a bit more serious, but not so much different than claiming that you cracked pgp encryption because you had a keylogger installed.
5. Re:Not as clever as it sounds by blueg3 · 2012-12-20 07:46 · Score: 4, Insightful
  
  Security articles pretty much always dramatically overstate what they are capable of. Generally "cracked" gets used any time something is decrypted and the person who encrypted it didn't intend for it to be.
  It sounds like it should be super easy, since the encryption key is "just sitting in memory", but it's not. A lot of those programs actively take steps to try to prevent the key from being captured from memory. Elcomsoft is by no means the first person to demonstrate this attack, but they like to aggressively promote whenever they make tools for applying techniques that researchers have already developed.
With a huge exception by Anonymous Coward · 2012-12-20 06:55 · Score: 5, Informative

It requires a memory dump of the system where the keys are used. Bad submitter. Is anyone filtering the submissions? This is starting to look like reddit.
1. Re:With a huge exception by BradleyUffner · 2012-12-20 06:59 · Score: 5, Insightful
  
  It requires a memory dump of the system where the keys are used. Bad submitter. Is anyone filtering the submissions? This is starting to look like reddit.
  Which you can get VERY easily if the computer has a firewire port.
  http://blogs.gnome.org/muelli/2010/04/reading-ram-using-firewire/
2. Re:With a huge exception by torkus · 2012-12-20 07:59 · Score: 5, Insightful
  
  That article is 2+ years old and deals with XP. Also the author chews on words for the first paragraph or two and makes me want to shoot myself (not to mention being wrong on a few points...) but anyhow..
  Does the memory dump apply to Win 7/8? Fully patched XP? FW ports are a niche and rather uncommon. Of more interesting concern - are hibernate files encrypted on a bitlocker encrypted drive?
  I agree with GP - this is a terribly written submission (and/or just an advertizement.) Bitlocker, PGP, and trucrypt ALL decrypt in realtime already - if you provide them with keys!!!
  
  --
  You can get rich if you own a politician, but you have to be rich to buy one in the first place.
Not by Maximum+Prophet · 2012-12-20 06:56 · Score: 5, Informative

So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.
That's not really cracking. It's more like looking under the keyboard for sticky-notes.

--
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Misleading title by RenHoek · 2012-12-20 06:58 · Score: 5, Insightful

Unlike the title claims, it doesn't _crack_ in real time, it just allows you to mount the encrypted volume and lets you decrypt it with the keys you found. I.e. make it work just like truecrypt when you mount a partition.
If they were able to _crack_ in real time, then they'd have just solved P = NP.
Encryption is not broken by RatRagout · 2012-12-20 06:58 · Score: 5, Informative

They are simply extracting the encryption keys from the memory of a running computer using DMA and firewire. @breaknenter has been doing this with inception and some scripts for years.
1. Re:Encryption is not broken by RatRagout · 2012-12-20 06:59 · Score: 5, Informative
  
  Link to inception: http://www.breaknenter.org/projects/inception/
Encrypted swap? by Anonymous Coward · 2012-12-20 07:00 · Score: 5, Informative

I don't use windows, but on other OSs, the swap where "hibernation" data goes, is encrypted to avoid such trivial exploits.
As for the firewire attack, that was first developed on Linux, and immediately prevented on Linux. On Windows, it has been available since XP days, and MS notified of the issue back then. So, no excuse it is still trivial to unlock, disk dump, mem dump a windows box through the DMA firewire hack, now 3 major versions on since this attack was well known.
extracting keys from RAM by interiot · 2012-12-20 07:09 · Score: 4, Informative
This tool extracts the keys from RAM dumps. There are free tools that do this too, of course.
But isn't it difficult to get a RAM dump, you say? Not really:
- Hibernating a computer writes this data to disk. Starting in Windows 8, "shutdown" actually writes some hibernate data by default.
- VMs also have their own suspend functionality that does a RAM dump, as well as non-SAN VM migration.
- Firewire ports actually allow devices to scan RAM of the machine they're connected to.
- Obviously, if you have access to a live machine, you can get the keys directly from RAM.
Re:System drive encryption? by marcello_dl · 2012-12-20 07:15 · Score: 4, Funny

>My setup is the following: win...
first mistake? ;)

--
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
I thought Truecrypt, et al were smarter about RAM by swb · 2012-12-20 07:27 · Score: 4, Insightful

I thought TrueCrypt,et al were smarter with their RAM-based keys than that and made them more difficult to sniff in RAM, as this has long been a well-known weakness of any encryption software.
Or is there something about whole-disk encryption software that makes this more difficult (which I can see from a performance perspective)?
You would think they would randomize memory locations or have some kind of method of encrypting the keys in-memory and decrypting them and wiping as they did disk I/O. A race condition that would expose them, but with a smaller window for exploitation than leaving them in memory.
These guys make IT people look like gods.... by Lumpy · 2012-12-20 07:43 · Score: 5, Funny

I used to have their password kit for enterprise and it would make me look like a complete computer GOD to the users.
"I lost the password to my spreadsheet...."
"what is the password I used on this zip file?"
etc....
I would crack about 5-10 passwords a week with their tools and ended up never having to buy drinks when going out with office workers after work because of it.

--
Do not look at laser with remaining good eye.
regarding true-crypt and the hibernation file by clovis · 2012-12-20 11:01 · Score: 5, Informative

I don't think that it is interesting that someone has figured a way to hack a running computer that they have physical access to.
However, the hibernation file inspection hack had bothered me, or rather didn't bother me after I read the document.
Check out http://www.truecrypt.org/docs/hibernation-file
from the link:
Note: The issue described below does not affect you if the system partition or system drive is encrypted* (for more information, see the chapter System Encryption) and if the hibernation file is located on any of the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates, data are encrypted on the fly before they are written to the hibernation file.
When a computer hibernates (or enters a power-saving mode), the content of its system memory is written to a so-called hibernation file on the hard drive. You can configure TrueCrypt (Settings > Preferences > Dismount all when: Entering power saving mode) to automatically dismount all mounted TrueCrypt volumes, erase their master keys stored in RAM, and cached passwords (stored in RAM), if there are any, before a computer hibernates (or enters a power-saving mode). However, keep in mind, that if you do not use system encryption (see the chapter System Encryption), TrueCrypt still cannot reliably prevent the contents of sensitive files opened in RAM from being saved unencrypted to a hibernation file. Note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off).
Note that when Windows enters Sleep mode, it may be actually configured to enter so-called Hybrid Sleep mode, which involves hibernation. Also note that the operating system may be configured to hibernate or enter the Hybrid Sleep mode when you click or select "Shut down" (for more information, please see the documentation for your operating system).
To prevent the issues described above, encrypt the system partition/drive (for information on how to do so, see the chapter System Encryption) and make sure that the hibernation file is located on one the partitions within the key scope of system encryption (which it typically is, by default), for example, on the partition where Windows is installed. When the computer hibernates, data will be encrypted on the fly before they are written to the hibernation file.
Note: You may also want to consider creating a hidden operating system (for more information, see the section Hidden Operating System).
Alternatively, if you cannot use system encryption, disable or prevent hibernation on your computer at least for each session during which you work with any sensitive data and during which you mount a TrueCrypt volume.
* Disclaimer: As Windows XP and Windows 2003 do not provide any API for encryption of hibernation files, TrueCrypt has to modify undocumented components of Windows XP/2003 in order to allow users to encrypt hibernation files. Therefore, TrueCrypt cannot guarantee that Windows XP/2003 hibernation files will always be encrypted. In response to our public complaint regarding the missing API, Microsoft began providing a public API for encryption of hibernation files on Windows Vista and later versions of Windows (for more information, see the Version History, section TrueCrypt 5.1a). Since version 7.0, TrueCrypt has used this API and therefore has been able to safely encrypt hibernation files under Windows Vista and later versions of Windows. Therefore, if you use Windows XP/2003 and want the hibernation file to be safely encrypted, we strongly recommend that you upgrade to Windows Vista or later and to TrueCrypt 7.0 or later.