

Ask HN: SafeBoot - ErrantX

Im having an argument with a client; hopefully HN can make sure I am the sane one.<p>He's basically lost the password to his laptop - the issue is he has lost the SafeBoot password. Which is full disk encryption as I am sure you know.<p>So, I tell him this and say "sorry I am not going to waste my cluster time trying to break AES encryption" :)<p>But he claims that it can be done because another consultant says there is a dictionary attack tool going about.<p>Now I am not completely stupid but I cant find and have never heard of such a tool. Finding naughty programs like that is not usually a problem but my usual resources turned up blank<p>I had a minor play with the SafeBoot boot sectors (argh, hacking that stuff is fun for some I know, but bah!). I also gave it a bit of cluster time (after tracking down a reasonably performing AES256 implentation) but no joy (tbh I think my "solution" test was wrong).<p>So. Sanity check: I am right in saying no such tool exists?
======
logicalmind
I have no comment on the tool you're talking about, but some obvious facts
come to mind...

I am not familiar with this product and may be wrong...but it seems as though
this password is entered before the OS is booted. The only code that runs
before that point is in the MBR
(<http://en.wikipedia.org/wiki/Master_boot_record>). The maximum length of
code is 446 bytes. Disassembling this amount of code should be trivial for a
hacker.

Additionally, it makes no sense to break AES256 as other have pointed out, but
there is no reason to do so. Presumably, the encryption software must know the
key to decrypt the drive in order to boot (I'm assuming). So the key has to be
in long-term storage (ie. on the hd itself) in some form or another.

If one were so inclined, it would seem that the easiest approach would be to
disassemble to MBR to determine where it finds the key, and then use the key
to decrypt the hd.

I'd love to hear comments if I'm way off. This sounds kinda fun.

------
cperciva
You will never perform a brute force attack against an AES256 key. You might
be able to brute-force _his password_ , depending on how strong it is and what
key derivation function SafeBoot uses.

~~~
ErrantX
yup, that's the problem. None of that information seems to have been
researched - it's definitely possible to take that approach but he's not
paying us enough for me to reverse engineer SafeBoot and do it :)

Just checking there really was no tool/research already.

EDIT: I did find some brief info on which files it moves, and I think i might
have some sectors with data in that we can verify. But nothing on the key
algorithm - which is crucial.

------
Travis
Sounds like he's the kind of guy who might use super simple passwords. Ask him
what kind of pw it was -- if it was a single word, etc. He may have some fuzzy
memories, which could help you out.

You could brute force his password if it's simple. But you'd have better luck
going to a hypnotist to enhance his memory.

Sorry.

~~~
cjg
If he has no idea of the rough form of his password then perhaps it isn't his
in the first place.

Or perhaps he wants you to go back and tell that it is impossible so that he
can be sure that full disc encryption really is secure.

Sorry if any one finds that overly cynical.

~~~
ErrantX
welcome to my catch22. Not crossing the line is really difficult - there have
been times when a laptop turns up that is obviously nicked... (for whatever
reason). From reputable sources too.

This is above board though (long term trustworthy customer - who is also
totally dopey with computers).

We sent him it back in the end :) the "consultant" is giving it a shot.. he
quoted 24hrs, £2,000, half up front :o

------
wmf
Here's an idea: Full-disk encryption software should disable itself as soon as
it detects that your backups are not up to date. Of course, if you have no
backups it should refuse to encrypt your disk in the first place.

------
yan
Let him get the other consultant to do that work then.

~~~
ErrantX
well that's the plan :) but he's not a one off client so if I am insane and
there is a way I'd rather not let another guy show us up (my boss would hang
me out :P)

~~~
yan
If there are some implementation-specific ways to recover the pw, then it'd be
possible. But if he had a reasonably-complex password, then I wouldn't waste
my time trying to break it.

~~~
ErrantX
It's probably fairly possible (just for background we have quite a big
decryption cluster and a python/c based infrastructure for me to work with)
but it's reverse engineering SafeBoot to make sure we get it right that's a
pain - I cant find any research into that either.

AFAIK SafeBoot moves the data that would be simplest to use to identify the
decryption success (i.e. the standard stuff at the start of the disk) so
picking the right bits to test would be the hardest part.

Also not sure what their key generation mechanism is (and cant find research
into that) so we would probably need to test the full 256 bit key (rather than
a shorter password).

= painful.

