blwipe for windows

[ufth]

First of all, thank you very much for the great piece of software! Unfortunately I can't do Go, so I want to ask if you can add some Windows 10 compatibility so one can wipe encryption keys on the live system? I tried different paths with a current version, but had no luck (\\?\Device\Harddisk0\Partition4 etc.)

Google uses "golang.org/x/sys/windows" for a similar purposes with MBR:
https://github.com/GoogleCloudPlatform/compute-image-tools/blob/master/cli_tools/import_precheck/check_disks_windows.go#L69

[geekman]

This was something I looked into briefly as well. I did get the partition to read, but it gave an NTFS signature instead. I'm guessing the BitLocker driver is intercepting requests and preventing me from accessing the raw BitLocker volume itself.

C:\> blwipe \\.\C:
invalid volume header signature "NTFS    "

Maybe there is some way to access raw partitions, but I think it would take a lot more code.

In the end I figured it was not really worth the effort to add proper Windows support. You can as easily boot a Ubuntu Live CD and put blwipe on it. If Ubuntu is too big of a download, you can use TinyCoreLinux, which is around 15-20MB but you need to disable Secure Boot.

[ufth]

Thank you for quick reply, that explains a lot.

My use case is to provide people on Windows 10 a quick and easy way to wipe those encryption keys as they may be tortured to reveal the password (unfortunately we do have many real cases). These people are not technical (HRDs) and I doubt that under heavy pressure they can find a USB flash (that was prepared for this exact situation), insert it, reboot computer and remember which key to press to enter Boot menu (F12, Fn+F12, something different), which item should be selected there, etc. Thus, such kind of scenario seems to be very fragile.

Maybe you have and can share some ideas on this?

I can consider donating a couple of hundreds of dollars to get windows version, though I understand that time needed for R'n'D and all the testing won't be covered in a good way

[jeanga]

If you want to "see" the encrypted partition, you need to open the physical drive (\.\PhysicalDrive0) and parse the partition table to reach the encrypted volume. But your comment about the need to boot from liveCD is really valid as you won't have write access using this technique.

[geekman]

Maybe you have and can share some ideas on this?

I think in your use case, it is definitely faster to invoke the tool from within Windows itself.

In my blog I described a feature that is built into Windows, using manage-bde -forcerecovery. In most modern systems, there is a TPM installed, which is how BitLocker drives get automatically unlocked on startup. This command wipes out the TPM key protector and leaves only password ones. I'm not sure if that might be sufficient, or will the user still be tortured to provide the password, which he can claim he does not know.

I also have not tried if it is possible to issue manage-bde commands to remove all password protectors, then remove the TPM key protectors, leaving no key protectors to perform the unlock.

This might be one solution which can be used now, if it works for you.