This project kicked off for me when Hector Martin ( mentioned they were able to sniff the BitLocker VMK straight off the LPC bus. From bus wiring through to volume decryption. ![]() This post demonstrates the attack against an HP laptop logic board using a TPM1.2 chip and a Surface Pro 3 using a TPM2.0 chip. This post will look at extracting the clear-text key from a TPM chip by sniffing the LPC bus, either with a logic analyzer or a cheap FPGA board. By default, Microsoft BitLocker protected OS drives can be accessed by sniffing the LPC bus, retrieving the volume master key when it’s returned by the TPM, and using the retrieved VMK to decrypt the protected drive.
0 Comments
Leave a Reply. |