Proof-of-Concept Video: LPC Bus Sniffing Attack Against Microsoft BitLocker In TPM-only Mode
LINK === https://urlin.us/2t4Skn
Full disk encryption is one of the cornerstones of modern endpoint protection. It is not only an effective method to protect sensitive data against physical theft, but it also protects data integrity against tampering attacks. If this protection method could be compromised without significant effort, it would break the fundamental idea of endpoint protection.
Over time there have been many different physical attacks against full disk encryption, such as Cold Boot attacks [0][1] that we have previously researched. In addition, various attacks based on TPM interface sniffing [2] or DMA [3] have been used to gain access to an encryption key.
In this post, we research a sniffing attack against an SPI interface of Trusted Platform Module (TPM) by using publicly available tools at a reasonable cost. In addition, we release a tool which extracts the BitLocker key from the sniffed SPI traffic.
TPM is often used to seal the full disk encryption key, and the chip itself is typically protected against a various range of different attacks. However, the communication between CPU and TPM is not encrypted by default, which leaves it vulnerable to sniffing attacks.
Capturing communication of TPM is not a new idea. For example, D. Andzakovic [2] demonstrated a BitLocker key extraction from the LPC bus, and J. Boone [5] researched an interposer attack against the I2C bus. However, there were no public research on sniffing the TPM communication from the SPI bus. 2b1af7f3a8
https://sway.office.com/dTT69DL9Vxsv5U9N
https://sway.office.com/c3eEQIwU6bOzzmXr
https://sway.office.com/lRDLWFPZFTeO1Bx4
https://sway.office.com/6Llt1ANbO2JyKuCt
https://sway.office.com/qbHjDyatenWIk9Ir
https://sway.office.com/Dx8AmXUNjrxBhxyn
https://sway.office.com/bYKGt5FLoTMsKlIo
https://sway.office.com/jWmR1DSJsiEntx0B
https://sway.office.com/UfxEV5NqYQEpuk3e
https://sway.office.com/7pEebJrQNTilPrOD
https://sway.office.com/P8KKQdFlFKf8zXVh
https://sway.office.com/AlkinIbxO5Xcbeer
https://sway.office.com/lGNqdBDn05MCLED3
https://sway.office.com/UKmwxS1MwukeNjo9
https://sway.office.com/tpU4XeOIuqtTwOKe
https://sway.office.com/iu9k3mwq7SHvda90
https://sway.office.com/wEXyGZowupx00gyp
https://sway.office.com/4kI5vDQYTG7J6g9R
https://sway.office.com/VLiFUtoUd5fwMHwd
https://sway.office.com/uKhsCuRAnJZBrbne
https://sway.office.com/qD25enpaONFIYndl
https://sway.office.com/NmUTwqMjeYUSCpEH
https://sway.office.com/M6uHTAz9Zm0pJ6Bq
https://sway.office.com/3WVLkPDeCtfZsDBz
https://sway.office.com/90y1kmu3sSHlG4Kw
https://sway.office.com/UVHVPjfS7tk47U5X
https://sway.office.com/kkiAv9cHu9G0gQCJ
https://sway.office.com/ya8GuQlj1hcYNOyD
https://sway.office.com/akCVA1tZy8oMCcOm
https://sway.office.com/UivyVHIk5Qo7iAgz
https://sway.office.com/AbsUZbH0mMPEqfIj
https://sway.office.com/CKMQTZW4HPMLVhOO
https://sway.office.com/zHrC9D84BDGHGVjM
https://sway.office.com/zHYeMD9vlJ6sAwdM