Saturday, July 7, 2018

Daily Blog #416: Solution Saturday 7/7/18

Hello Reader,
            Looks like I went a little too far with this weeks challenge, I'll make sure that next weeks is more in line with the level of effort people are willing to spend in a week.

The Challenge:
A computer without TPM and has Windows 10 with a bitlocker encrypted drive is being upgraded. When it reboots in the upgrade process it does not prompt for the bitlocker password and it appears as though during the upgrade process the system is not protected. Your challenge is determine what level of access an examiner has during the upgrade process on a windows 10 system that is bitlocker encrypted during the reboot. 

1. Can you access the contents of the disk?
2. Can you boot to alternative media while it boots?
3. Can you access the drive if you prevent the reboot process from completing?
4. What is the mechanism that Windows is using to do this?
5. Can you force an update without logging in or while it is locked?
6. Can you reboot for an upgrade without logging in?

The winning answer:
Phil Moore


Since Adam's going with "I dunno, probably" I figured I'd do the same:

A computer without TPM and has Windows 10 with a bitlocker encrypted drive is being upgraded. When it reboots in the upgrade process it does not prompt for the bitlocker password and it appears as though during the upgrade process the system is not protected. Your challenge is determine what level of access an examiner has during the upgrade process on a windows 10 system that is bitlocker encrypted during the reboot. 

1. Can you access the contents of the disk?
Sounds like it's still in a decrypted state; probably even stores the key somewhere during the reboot process

2. Can you boot to alternative media while it boots? 
Maybe

3. Can you access the drive if you prevent the reboot process from completing?
I'm guessing it'll be re-encrypted once it loses power. 
Would probably be able to get the key out of memory

4. What is the mechanism that Windows is using to do this?
Not sure

5. Can you force an update without logging in or while it is locked?
Dont know, highly doubt it

6. Can you reboot for an upgrade without logging in?
Doubt it

But yes I think this challenge was a little bit more hands on than the previous.
Although you could do it in a VM I suppose