BitLocker encryption has been available for several years and is integrated in Pro, Ultimate and Enterprise versions Windows operating systems. It made its debut in Windows Vista and has been maintained since then to this day as both Windows 10 Pro and Windows 11 Pro have this encryption technology.

The main advantage of BitLocker encryption is that It is a very simple and easy to use tool, and the fact that it is integrated into Windows for free has been the key to its exponential growth in popularity. Thanks to this solution, we can encrypt the data on our storages in Windows, but is it really as secure a solution as it is believed?

We could go into a deep debate to try to answer this question, but the truth is that it’s pointless because they managed to crack Windows BitLocker encryption using something so simple and affordable Raspberry Pi Pico for $5. Some may think that to say the least it will be quite difficult to crack said encryption and that it will take a lot of time using such modest hardware, but nothing could be further from the truth.

The author of the attached video It only took 43 seconds remove BitLocker. Well, how did you do it? By carrying out an attack that took advantage of the TPM chip, which stands for Trusted Platform Module, a component that is part of the Windows 11 requirements. In most professional PCs and laptops, this chip is easy to find and uses the LPC bus to send and receive information from the CPU.

BitLocker encryption depends on the TPM chip store important data, such as platform configuration records and volume master key. The key is that the communication between the CPU and the LPC bus is via lines that are not encrypted from the boot processwhich leaves open an important entryway that was crucial to completing the attack.

When physically connecting the Raspberry Pi Pico to the unused LPC connector pins the attacker managed to obtain the encryption keys during boot, because as I said before these are not encrypted, and finally he was able to put all the necessary pieces together to get the master volume key in just 43 seconds. When he was done, he just had to remove the encrypted drive and use that key to decrypt it.

It goes without saying that this type of attack only works on computers that have an external TPM chip, viz not effective on systems using fTPMbecause in this case the critical information and data is stored in the CPU itself, so there is no such vulnerability of the LPC connector with unencrypted lines when booting.