We went through the trouble years ago of ensuring all our important user data was not being stored on user machines. We then warned users whenever we noticed files being stored improperly that we would spend _zero_ effort recovering those files if their machine is lost, stolen or otherwise attacked by malware.
This made "nuke it from orbit" the default repair strategy for complicated machine issues.
I can't imagine having to putz around with BitLocker keys with zero infrastructure designed to actually use them in a disaster scenario let alone just a major inconvenience like this. I'm glad we never put ourselves in a position to have to do that.
MS needs to legitimize this hack ASAP. Bitlocked drives are the biggest time bottleneck for every IT tech. They're usually working with scraps of paper taped to keyboards.
Back in 2008, I used a receipt printer and a barcode scanner to bridge the gap in a paper based registration system for a college gym memberships. I set up a series of kiosk PCs that spit out a small receipt based on a web form that was filled out on the PC. Using a PHP script, it just separated data fields with embedded tabs in a QR code.
Once the membership was paid for, the admin would scan the receipt, making the membership live in under a second, by typing in that data in a web form on a different PC.
Why not have a direct linkage? Because in 2008 cash was still very popular, and we were working with legacy student ID system, so a direct linkage would have been difficult.
Before that change, students would fill out a paper form, and staff and students would type in all the data. It took months do to all 8000 memberships per semester, and most would be done around the halfway point of the semester. Madness.
Ive done a lot of work with barcodes, barcode scanners, and symbologies. Many of the cheap ones absolutely will. They just don’t utilize the tracking laser to get a reflection as the light from the screen is literally being shone into the sensor. The bars don’t have to be perfectly black, just dark enough from the “quiet” areas to have recognizable contrast.
It obviously does, but how did we get to a place where a cheap barcode scanner hack is the best? How does going digital -> analogue -> digital makes sense?
Should there be a generic USB device with storage where we can send all types of inputs to a PC?
saved you a click: they used barcode scanners to automate entering the bitlocker recovery code, which is different for each machine and is required during the removal process.
To expand on it: they converted the recovery codes to barcodes, and used the fact that the scanner works as a keyboard, to scan the codes off the screen and input it to the correct machine (the machine where the scanner is plugged into)
Reminds me of someone experimenting with a public transport vending machine that had a barcode scanner (IIRC because you can scan an old ticket to purchase the same type of ticket, e.g. weekly ticket, etc), he made barcodes which encoded control keys to see how the computer behind it would react.
I've seen a communal machine with a long IT policy compliant password and logout timer with the account avatar set to a QR code of the password and a barcode scanner provided.
> he made barcodes which encoded control keys to see how the computer behind it would react.
Crazy, I didn't think that was possible, turns out at least Code 128 can map all of US-ASCII [1]. Wonder how the control characters translate to keyboard keycodes internally.
Keyboard wedge barcode readers have a long history in data entry in industrial settings.
One of my current Customers uses the UPC on the finished goods they make to "program" the PLC on their production line with the parameters of the finished good. The barcode reader is just "typing" the UPC and various commands into a serial-to-Ethernet gateway that's ultimately connected to a TELNET server on a PC w/ PLC software in it. Slick, if not a bit glue-and-tape (and kinda terrifying from a security perspective, albeit it is in a fairly well-isolated and filtered network segment).
I've seen an ERP system that printed command barcodes onto the paper "routers" accompanying physical parts around the shop. Workcenters scanned barcodes that "typed" the commands to drive the work-in-process job tracking into a PC running the client app. They used a prefix character as an attention sequence that could invoke menus then return the user back to the "screen" they were previously in. It was fun to type these on the keyboard directly.
I also supported a terrible application that used keyboard wedge barcode readers for "two factor authentication". Each user had a card with a code 128 barcode the vendor provided to scan as their "second factor". (The Customer showed the vendor how photocopies of the cards worked to "authenticate" after I pointed it out. The vendor replaced it with TOTP. It's all pointless because the app is based on shared-fike access to DBF files via a compiled Visual FoxPro application running on each client PC. I wish I was kidding. I also wish this application wasn't used for a very important and security-sensitive function, too... >sigh<)
There are doctors offices where you are supposed to present a confirmation or ID to a patient-facing barcode scanner at checkin. If you let it scan your code at the wrong time, at breaks the checkin flow. I can only assume that a mildly creative barcode could compromise all kinds of things.
This made "nuke it from orbit" the default repair strategy for complicated machine issues.
I can't imagine having to putz around with BitLocker keys with zero infrastructure designed to actually use them in a disaster scenario let alone just a major inconvenience like this. I'm glad we never put ourselves in a position to have to do that.