Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 15 Jul 2022 20:10:09 +0200
From: "Benjamin Oppermann" <ben.opp@....cc>
To: john-users@...ts.openwall.com
Subject: bitlocker-opencl: Error creating binary cache file: File or directory not
 found 0: OpenCL CL_INVALID_EVENT (-58) error in opencl_common.c:1827 -
 clWaitForEvents

Hello,
I'm trying to extract the Bitlocker recovery password from a hash retrieved by bitlocker2john. I used this command:

> john --format=bitlocker-opencl -mask=?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?
> d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d[-]?d?d?d?d?d?d ~/bitl-recoverypw-
> hash
The hash starts with $bitlocker$3$
I'm getting the following output:

> -------------------------------------------------------------------------- 
> The library attempted to open the following supporting CUDA libraries, 
> but each of them failed.  CUDA-aware support is disabled. 
> libcuda.so.1: cannot open shared object file: No such file or directory 
> libcuda.dylib: cannot open shared object file: No such file or directory 
> /usr/lib64/libcuda.so.1: cannot open shared object file: No such file or directory 
> /usr/lib64/libcuda.dylib: cannot open shared object file: No such file or directory 
> If you are not interested in CUDA-aware support, then run with 
> --mca opal_warn_on_missing_libcuda 0 to suppress this message.  If you are interested 
> in CUDA-aware support, then try setting LD_LIBRARY_PATH to the location 
> of libcuda.so.1 to get passed this issue. 
> -------------------------------------------------------------------------- 
> Device 1@...l-mnj: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz 
> Using default input encoding: UTF-8 
> Loaded 1 password hash (BitLocker-opencl, BitLocker [SHA256 AES OpenCL]) 
> Cost 1 (iteration count) is 1048576 for all loaded hashes 
> Error creating binary cache file: File or directory not found 
> 0: OpenCL CL_INVALID_EVENT (-58) error in opencl_common.c:1827 - clWaitForEvents

This is the first time I'm trying something like this.
I have no dedicated GPU, and afaik CUDA is something to to with Nvidia GPUs, so I think the first portion doesn't apply to me.
Searching the internet for the error message, I only found a Github issue about some completely different scenario (https://github.com/openwall/john/issues/4044), and this in the mailing list: https://www.openwall.com/lists/john-users/2020/01/08/2.

1. Can anyone give me some pointers for fixing the error?
2. I don't know if this was encrypted by the TPM (the bitlocker2john output seems to suggest it makes a difference, gotta admit I don't understand Bitlocker very well). If so, can JtR decrypt it at all? I'm attaching the bitlocker2john output without the hashes in a text file. Let me know if posting the hashes as well could be useful.
3. What are my chances of getting a result in a reasonable time (if at all)?

You can see the machine I'm running this on above. Surprisingly, the bitlocker2john retrieval of hashes was only a matter of a few hours, less than half a day. The drive is 512GB, dd'ing it to a usb drive also didn't take more than a couple hours.

Some context: I have the user password for this drive, but it's not helping me since the Windows 10 laptop that I dd'ed it from is unbootable (a friend gave it to me to fix, and apparently she had no idea the Windows drive was encrypted). I need the 48 digit Recovery Password to continue fixing the bootloader. When going to the Windows recovery command line, it asks for the Recovery Password.

I went through the procedure described here: https://openwall.info/wiki/john/OpenCL-BitLocker where I was brought from this Youtube video https://www.youtube.com/watch?v=gue6suh7ZlM <https://www.youtube.com/watch?v=gue6suh7ZlM&list=PLY4M2ooqLQ4H4J4wR88fIvilRfIVjm-cG&index=1&t=476s>
Btw I also tried Hashcat, but  <https://www.youtube.com/watch?v=gue6suh7ZlM&list=PLY4M2ooqLQ4H4J4wR88fIvilRfIVjm-cG&index=1&t=476s>it gave me another cryptic error, and apparently it only supports getting the user password which is no use for me here. <https://www.youtube.com/watch?v=gue6suh7ZlM&list=PLY4M2ooqLQ4H4J4wR88fIvilRfIVjm-cG&index=1&t=476s>
I am running this on a Manjaro Linux machine and installed John and OpenCL from its distro repositories. John version is 1.9.0.jumbo1-7, OpenCL runtime is 1:18.1.0.015-3

Thanks for any hints, best regards Ben
Content of type "text/html" skipped

View attachment "bitlocker2john.output-nohashes.txt" of type "text/plain" (2077 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.