Most BIOS store the checksum of the password in the FlashROM chip.
In most brands the checksum of the password the user set is displayed after entering an invalid password 3 times (often with a message saying "System Disabled" or similar, which is only a tactic to scare off an inexperienced attacker).
Other vendors show a number from which a master password to the BIOS can be derived. This master password is usually a sequence of numbers generated randomly or in few cases, derived from the serial number.
Some other vendors store the password as plain text and instead of showing a checksum, show an encrypted version of said password.
A few other vendors have the user to enter three special passwords before showing the hash, ie: "3hqgo3 jqw534 0qww294e", "enable master password" shifted one up/left on the keyboard
Some HP/Compaq laptops only show the hash if F2 or F12 has been pressed before entering an invalid password for the last time
Bruteforcing a BIOS password ultimately comes down to specific cases. It's very difficult to foresee if you will or will not be able to get around a BIOS password before actually physically experimenting on the machine you are trying to crack.
I tried to bruteforce the BIOS password in 3 machines:
- An ASUS netbook
- A SONY Vaio laptop
- A Toshiba Portege R500 laptop
The SONY Vaio was the easiest to crack. From the serial number (5150002) I was able to generate a master password with the help of the bios-pw.org website. The resulting master password is 5722124, and entering it when prompted resulted in a complete reset of all BIOS passwords, allowing me to move to the next level of security.
As for the ASUS netbook I wasn't able to find any working methods to crack or bypass the BIOS password.
The Toshiba laptop was even worse. Not only I haven't found, as for the ASUS, any working method to get around the BIOS password, but I also had the opportunity to take apart the laptop to try and find the CMOS battery on the motherboard, so that I could remove it and potentially reset the whole BIOS. To my surprise I wasn't able to locate it even after disassembling the whole machine.
The aim of encryption is to protect the user against an attacker who has access to the physical storage device.
For this reason the key is not stored on the device, but constructed when needed.
The key is generated from a salt stored on the device, combined with a password provided by the user.
LUKS derives its key using PBKDF2.
Since there is no authentication, the only way to effectively test the password is to try to decrypt data. If the password is wrong the decryption returns garbage.
Using a simple C program called bruteforce-luks from an external OS (ie: a live usb) it is possible to bruteforce the LUKS password for a storage device easily.
The problem with bruteforcing LUKS is that PBKDF2 can be arbitrarily complex depending on the number of iterations it runs.
Testing bruteforce-luks on 4 threads on an Intel Core i7-6700HQ resulted in about 7 passwords tested per second.
Assuming the password is immune to dictionary attacks, and unless the attacker has any specific clues about the password, such as the approximate length, the beginning or the end, it's unlikely he will be able to crack it in any useful time.
None of the two machines (ASUS netbook and SONY laptop) had their boot drives encrypted. For this reason I encrypted a USB drive using LUKS, thanks to the information provided in the Arch Linux Wiki.
I then put the flash drive in the Toshiba laptop (that was running a live version of ParrotOS).
I downloaded the latest source code of bruteforce-luks from GitHub, compiled and installed it. Then I made a short dictionary that contained the password I used to crypt the aforementioned USB drive, so that bruteforce-luks could find the password in a matter of seconds.
VeraCrypt is a free disk encryption utility for Windows, macOS and Linux, forked from the popular (and currently discontinued) TrueCrypt.
VeraCrypt allows to encrypt volumes using different algorythms, and has an option to create virtual volumes and encrypt them in the same fashion of physical ones.
I used the Toshiba laptop (running Windows 7) to make a 20MB virtual volume and encrypt it using VeraCrypt with the AES encryption algorythm.
I then rebooted the laptop to a live version of ParrotOS, so that I was able to bruteforce the VeraCrypt volume using hashcat with the following command:
hashcat -m 13721 --outfile=hits.txt windisk/Users/Nas-lab/Desktop/veravolume dictionary.txt
As for LUKS, I had to provide a dictionary, otherwise it would have taken several years to crack the 10 characters password I chose (helloworld).
BitLocker Device Protection is a whole-disk encryption scheme that automatically protects certain Windows devices (such as tablets and ultrabooks equipped with TPM 2.0 modules) when the user logs in with their Microsoft Account.
BitLocker Device Protection does NOT employ user-selectable passwords, and CANNOT be broken into by brute forcing anything.
In certain cases, BitLocker escrow keys (BitLocker Recovery Keys) can be extracted by logging in to the user’s Microsoft Account via this webpage.
There are a number of expensive proprietary forensics tools that claim to be able to crack BitLocker password, but they were not tested in this research.
User passwords hashes are stored in /etc/shadow.
Passwords are generated using the crypt() function, which takes in a string to hash as well as a salt.
A salt is a way to enrich the password so that it has a better protection from bruteforcing attacks.
Here is an example of a password stored in the shadow file:
ciao:$6$tLk3dcA5d1Ex4VaP$aCO.19hMskxXKaq.7OAT42U5JchvY/gXiMJBjkGnGd9gYGGI1G.gdriY9MWv0i6qj04NEl0L7P2jcShZDEKr40:17252:0:99999:7:::
This string is made of different parts, separated by colons (: characters). We will analyze its different parts:
ciaois the username$6$tLk3dcA5d1Ex4VaP$aCO.19hMskxXKaq.7OAT42U5JchvY/gXiMJBjkGnGd9gYGGI1G.gdriY9MWv0i6qj04NEl0L7P2jcShZDEKr40is the hash17252:0:99999:7:::these values are used in more advanced features that are not part of this research
The hash itself is divided in different parts, separated by dollar signs ($):
$6: this indicates the algorythm used to salt the password. In this case$6indicates sha512$tLk3dcA5d1Ex4VaP: random salting$aCO.19hMskxXKaq.7OAT42U5JchvY/gXiMJBjkGnGd9gYGGI1G.gdriY9MWv0i6qj04NEl0L7P2jcShZDEKr40: password hash
When a user tries to log in, the password he enters is hashed using the salt in the shadow file entry relative to the user. If the resulting hash is the same as the one in the shadow file entry, then the user is authenticated correctly.
Bruteforcing a password directly from the login screen is not a valid option since upon the entering of a wrong password, the authentication routine doesn't immediately return, instead it waits for a fixed time (about 5 seconds, but it can vary) before returning.
The most feasible way to bruteforce a system password is to obtain the shadow file.
An easy way to accomplish this is by editing the kernel command line arguments, appending init=/bin/bash to them (if the bootloader is configured to allow this).
This will open a bash command line as root, allowing to actually see the content of the shadowfile simply by running cat /etc/shadow.
I was able to acquire the shadow file (along with the /etc/passwd file) of the SONY laptop (running Lubuntu) by using the recovery mode provided by the Ubuntu GRUB configuration to get a root shell.
Once I got the shadow, I transfered it to the Toshiba laptop (again, running a live version of ParrotOS).
I used john the ripper to bruteforce the password following these steps:
umask 077unshadow sonypasswd sonyshadow > mypasswdjohn mypasswd
There a number of documented methods for bruteforcing the password of a Windows account.
The two most notable methods are using Ophcrack and john the ripper (also useful for cracking other systems' passwords).
Interestingly enough using both of the tools shows no password for the victim account in a Windows 10 virtual machine.
This problem seems to be undocumented online, and my best guess is that Windows 10 security is improved (if not just different) from previous Windows versions.
This could be the reason why none of the tested methods worked.
Both aftermentioned methods work in Windows 8.1 (and presumably older versions, too).
I was able to easily bruteforce the Windows 7 password on the Toshiba laptop by using john the ripper from a live version of ParrotOS.
I extracted the following two files from the Windows disk:
/Windows/System32/config/SYSTEM/Windows/System32/config/SAM
Using these two files I was able to generate a UNIX-like passwd file that john could read using the following command:
pwdump SYSTEM SAM > mypasswd
Then I proceeded to bruteforcing the password using the following john command:
john -format=NT mypasswd
Starting from Windows 8.1, users are not completely local anymore.
Microsoft tried to improve the security of their system by letting users log in with their Microsoft account instead of using a traditional user account local to the machine.
This way the credentials used to log into the operating system are the same used for the online account.
In terms of security this is arguable since if the password of the Microsoft account gets stolen, an attacker could use it to log in the stolen computer, too.
Apart from this controversy, the only security advantage that this method provides is saving the keyring passwords in the cloud instead of using the local storage.
Similarly to what happens in Windows, macOS too saves the keyring passwords on iCloud.