Absolute genius, this guy saved my butt. Recently had a client bring in a dead drive, they were able to recover (and not lie about the issue and charge me 1k+). Really honest and professional!
OEM enabled bitlocker only uses a handful of keys??!! So how would one ensure that OEM keys aren't used? Do you have to decrypt, clear the TPM and then re-enable bitlocker? Your demo gives me reasons not to trust bitlocker at all and most certainly not OEM enabled encryption.
Hello, Thanks for this useful video. I just have a Surface pro5 that don't boot but Surface is working. I tried to boot with an usb key windows installer and the installer see the internal 256GB ssd. I have a PC3000 but the adapter is quiet expensive because i don't have many Surface to recover. Do you think it will work if i buy the adapter ?
If it was up to me I would just read out the eepRom with a programmer using a connection clip, and burn the contents into the donor board. Just replacement of the board is not going to work, rom needs to be cloned or moved
The customer could provide you the bitlocker key… And if they signed in with a MS account then it's attached to their account and can grab the key that way as well.
It would be curious to see if it saves the oem key in their account. It seems like if it didn't, and the customer somehow made BitLocker angry they would have no recourse to get their data back
I can’t believe how there hasn’t been a huge public discussion about this vulnerability. If bitlocker is being enabled by the factory they shouldn’t be using known keys. Should be random per device. At this point anyone with a factory bitlockered system should undo and redo it and get a new key.
The problem is that auto unlock was enabled, so the key needs to be stored somewhere. But still it is interesting that it is not in the TPM, maybe Microsoft doesn't trust their implementation and doesn't want to risk losing the key.
Hi My surface pro has shut down after charging with an amazon charger. The unit sparked and shut down. I need to recover my files and photo's. Can you help please? Stephen
I am working on another video that will have an alternative method of dealing with this for a fraction of the cost. Wait till it comes out ( this week or next week) and then decide if you want to buy it. It's over $800USD and there is way to solve if for like 30$
so basically if you want your data secure, they aren't doing you any favors by turning it on from the factory since it has a universal back door. I'm guessing that's not the case for if you turn it on manually yourself.
Not sure if connecting SIP NVME SSD to the interface should be considered as a recovery. BGA soldering skills, of course, but pc3k just makes it way slower compared to direcr m.2 method. Basically all you need is to find m.2 ssd with the same pinout and move chip from one place to another. Unlike apple SSD, MS uses quite generic stuff like kioxia bg4 on this video which is nothing but a embedded circuit 1to1 equal to what you find on m.2 board
I don't, why guess if someone can do it and risk that that can't and having them mess it up more? We can do it for you. It's $700USD and it will take less than a week
Please please please! I am begging you to please help me! For I have 2 micro SD cards that were corrupted and so I sent them to Pitt's Mobile data recovery and they said they couldn't fix it due to The severe logical damages. I seen your micro SD card video and I am hoping that you will be so kind to allow me to send the SD card's to you so that you can maybe fix it in a video. I don't have a lot of money especially because of the recovery service I sent it to but I'm just begging you to help me! I have videos on those SD cards that are extremely important to me .
No, it is just that encryption is not fully enabled yet. All data on an disk is encrypted wih an symmetric key aka it is fast and is the same symmetric key to decrypt and encrypt data with... The user then has an Asymmetric key pair (public/privat) and this type is slow but very stong, so the symmetric disk encryption key is encrypted with the users Asymmetric key. So the bitlocker is enabled by OEM and then the disk IS encrypted but the symmetric key is stored on an readable open place on the disk until the user login and complete the bitlocker enabling process (automatic when login in with MS live or AD Azure account). If you have an OEM PC and the bitlocker is enabled on the disk and the user has complete the process then you will see an "closed padlock icon" in Windows explore and if the user not yet has done the user side with Asymmetric key then the Windows explore icon for the drive an "open padlock"
I work with forensics and often get bitlocker encrypted disk images from OEM pc and if/when the user has not enabled the user side yet, then we can just mount the image as a drive
Yeah pretty much no purpose other than to screw innocent people. I just happened to notice yesterday that my dell laptop had the C drive encrypted. I turned that off immediately. If I ever had to fix my filesystem I would have been screwed scouring the net hunting for the dell keys and some bs to decrypt it.
WOW! I did not know the OEMS used default bitlocker keys. Is there a site that has the default keys? Or does one need to be apart of the Illuminati? ;-)
Illuminati club bro :). I am not sure 100% how those keys are obtained, but if I had to guess they are hidden somewhere on the drive and data extractor just knows where to look for them. I may drop an answer to that in upcoming q&a this week. I'll consult with engineers at Acelab to see how they crack it
@@hddrecoveryservices So Bitlocker is enabled by default from the factory but they are in clear key mode. The key is stored in the MBR. If the user actually went through the setup process of Bitlocker, then this method will not work. The majority of users do not know this and do not actually setup Bitlocker.
