Thoughts triggered by Bitlocker issues
1. What is the Bitlocker problem
- Bitlocker overview
BitLocker Drive Encryption is a data protection feature that is integrated with the operating system to address the threat of theft or disclosure of data from a lost, stolen, or improperly destroyed computer.
The following will illustrate the whole process after being recruited by Bitlocker through illustrations.
(1) The blue screen cannot enter the windows boot interface , as shown in the figure below.
(2) When using WinPE to enter the operating system, it is found that the two disk partitions of D drive and H drive are locked , as shown in the figure below.
Note: The operation of entering the operating system through WinPE is mentioned above, here are two knowledge points:
(1) How to make a WinPE bootable USB flash drive?
Here are a few links for reference:
(a) Make a pure natural and pollution-free Microsoft official win10Pe (super detailed)
(b) Use WINPE to make a U disk to boot
(c) How to make a bootable USB disk by pe: tutorial on how to make a bootable USB disk by pe [win7]
In the future, the author will also update this post, and add his own operation process in this part... [Stay tuned]
(2) How to enter the preloaded operating system through the WinPE program?
After inserting the WinPE bootable USB flash drive into the computer, click F12 continuously and choose to boot from the USB flash drive to enter the preloaded operating system.
After clicking "H Disk", you will get the following interface, telling you to "enter the 48-digit recovery key to unlock this drive" (the key ID given here: 211B2797 has only 8 digits, obviously it is only the first of the 6 groups of key numbers Group)
Considering the above situation, the author obviously cannot access the data in the two disk partitions of D drive and H drive .
Then the data, codes, files, materials, etc. accumulated on the computer for N years are not all gone?
The author is in a state of extreme anxiety.
2. How to solve the Bitlocker problem
Instead, I settled down to search for relevant information on the Internet. Here are two links released by Microsoft for readers' reference:
On the other hand, the author thinks that figuring out the cause of the Bitlocker problem is often the key to solving the problem.
Before describing the real reason, please allow the author to talk about the statements (especially the misleading guidance) from some network channels, local offline computer stores, and even official operators, which is really a tear.
- Realized _I: Only the BitLocker key can be unlocked
According to relevant channels:
(1) Some companies on the Internet claim to be able to solve Bitlocker problems through data recovery (including contact numbers).
A "famous" data recovery company in Chengdu on the Internet, A: We have dealt with the Bitlocker problem before, and with experience, we can decrypt it through data recovery. But now I am on annual leave, and I will call again after the year; after consulting various "experts" on the Internet again, I will call again after more than an hour, and want to communicate with the other party's thinking on solving the problem. The other party replied: You can Find another company to do it (the previous confidence and experience are gone)
Now it seems that this is a very casual company, and it is even more irresponsible to speak. The content of gimmicks such as experience advertisements on the Internet is too high.
A "big expert" from a data recovery company on the Internet told me: Since you are the operating system pre-installed by the manufacturer , you will not have a Microsoft account and Bitlocker key tied to each other as described in Finding the BitLocker recovery key in Windows Certainly, the Bitlocker decryption key of your machine disk is implanted in a chip of the computer, and it is only possible to obtain the key by contacting Dell officials.
Now it seems: This is an even more ridiculous statement.
(2) The offline computer city in the hometown area.
Answer: We can enter the operating system through WinPE, but the Bitlocker lock cannot be opened without the key.
Now it seems: This is a very reasonable reply.
(3) Offline computer city in Chengdu area.
Answer: You can enter the operating system through WinPE, but it is impossible to open the Bitlocker lock without the key.
Now it seems: This is a very reasonable reply.
(4) Dell official customer service (Tel: 4008868610), Dell Inspiron series (Tel: 4008868619)
Since my computer is Dell brand and Inspiron series, I contacted the staff of Dell Inspiron series through Dell official customer service. Official customer service answer: If you don’t know which Microsoft account is associated with the operating system, they cannot help you query (or provide email feedback) the Bitlocker lock key through the unique EX code of the machine . I further explain: Since I am the operating system pre-installed by the manufacturer , it is impossible to know which Microsoft account is associated (that is, registered) when the operating system is installed. After the official customer service confirmed the relevant main technicians, the other party answered: I suggest you only reinstall the computer .
Now it seems that the so-called official reply, water after water, is of no help to solve the problem. If you reinstall the computer according to the suggestion of the official customer service, not only the data in the C drive (operating system drive) will be gone. Due to the restriction of the Bitlocker lock, other disks cannot be opened (it has been uninstalled and tested to prove the above conclusion). If it is reformatted, all data will be lost. Reinstalling the computer means that all the data, codes, files, materials, etc. that have accumulated on my computer for N years have been emptied. This would be a devastating blow to me.
- Realized_II: Find a Microsoft account to get the Bitlocker key
After many collisions, I realized :
(1) Bitlocker must be associated with a Microsoft account, which corresponds to an unlock key .
(2) For the operating system pre-installed by the manufacturer, there is only one possibility, that is, the user has logged in to the Microsoft account on the operating system and obtained authorization, so that Microsoft can track the user's host according to the account, and then the disk of the host Perform Bitlocker locking operations with the operating system .
(3) The main reason for the above-mentioned problems may be that too many things are opened on the author's computer, and they continue to run for several days without shutting down. When the operating system was shut down abnormally due to overload, it was "stared" by Microsoft's background monitoring program, and then the Bitlocker remote locking program was executed .
Therefore, the author started the process of "crazily" looking for Microsoft accounts and Bitlocker unlocking keys:
It is worth further explaining that during this process, the author once paid a certain consultation fee to the Taobao xx merchant ( a link to the BitLocker service on Taobao ), which is spending money to buy knowledge.
The author recalled that he had purchased office activation codes on Taobao many times (that is, activated Microsoft accounts, corresponding to point (2) above). Therefore, based on chat records and relevant screenshots, the author finally found two Microsoft accounts. Enter from the first account, click "Device", you can see an active device record, but you can't find the Bitlocker key information, as shown in the figure below.
Conclusion: Microsoft obviously does not use this account to lock the disk and operating system of the current computer.
Enter from the second account, click "Device", you can see an active device record, as shown in the figure below.
Click to enter, and finally see the bright moon , and see the button "View Bitlocker key". With that, our unlocking process is half done.
After clicking to enter, you can see the disk and operating system locked by the Microsoft Bitlocker service. Click "Show recovery key" in turn to see the corresponding unlock key.
- Realized_III: Use Bitlocker key to unlock disk and operating system
Let's take unlocking the H disk as an example, and we need to execute the following commands continuously:
manage-bde -unlock H:-rp recovery_key
The recovery_key here is the key obtained by clicking the blue button corresponding to "Show recovery key" in the previous section.
It's worth explaining further, how do you match encrypted disks with unlocking keys? Mainly through the key ID. Attached again is a screenshot of the beginning of this blog, as shown below. Here, the first 8 digits of the key ID of the H disk are 211B2797, which just corresponds to the "operating system drive" part.
For the H disk, the bitlocker service can be disabled by the following command.
manage-bde -off H:
Through the following command, you can view the unlock status of the H disk.
manage-bde -status H:
After a certain period of time, you can see through the above command again: 23.2% of the H disk is currently unlocked. The encrypted percentage is 76.8% (and decreasing over time).
Follow the above steps to act on the disk and operating system encrypted by Bitlocker in sequence, and we can fully decrypt them.
3. Reinstall the Windows 10 operating system
After the decryption is complete, we still need to reinstall the operating system through WinPE .
Here are a few links for reference:
(1) Make a pure natural and pollution-free Microsoft official win10Pe (super detailed)
(2) How does Weipe reinstall the computer system?
(3) How to install windows with winpe (it is no longer difficult to install the system)
Some key screenshots are given below to illustrate the process of reinstalling the operating system through WinPE.
Select the boot partition of the operating system and the system partition to be formatted (here corresponds to the E drive and the H drive respectively). And select the image file of the operating system in the "Image Index", click "Start Installation", as shown in the figure below.
Enter the process of loading the operating system application image to the disk (format the partition -> retrieve the operating system -> apply the image to the disk), as shown in the figure below.
After loading is complete, allow the computer to restart, as shown in the image below.
4. Emerging thoughts
Here the author mainly wants to talk about the security of domestic office software and operating systems based on the Bitlocker incident :
(1) The essence of Bitlocker lock is Microsoft's "backdoor" program. If Microsoft intends to control our computers, where will we go?
(2) If we abandon Office integrated office software (avoid authorizing Microsoft account), what options do we have for domestic office software?
The few words here can be richly expanded.
created in 2023.01.23,updated in 2023.01.28