Thomas Roth Breaks Microsoft's BitLocker in Under a Minute — with a $4 Raspberry Pi Pico

Security researcher Thomas "Stacksmashing" Roth has released a tool that turns the $4 Raspberry Pi Pico into a gadget capable of capturing the keys for Microsoft BitLocker-encrypted volumes from selected laptops in under a minute — by sniffing traffic on the Low Pin Count (LPC) bus.

"This is me stealing the BitLocker disk encryption key from this laptop — in just 43 seconds," Roth says in the introduction to his latest project, "simply by poking it with a $4 Raspberry Pi Pico. This allows me to access all BitLocker protected data on this system, and even lets me backdoor it."

First introduced in Windows Vista, BitLocker is Microsoft's whole-disk encryption system designed to protect data at rest on Windows systems. To strengthen the security, the keys for the attack can be stored in a system's Trusted Platform Module (TPM) — but, by sniffing traffic to and from the TPM and the CPU, using the Low Pin Count (LPC) bus, it's possible to capture these keys and gain unauthorized access to the target volume.

"I could just solder wires to the TPM," Roth explains, "[but] hidden underneath this black tape is an unpopulated connector, and after measuring around a bit I found that most of the LPC signals are available on this connector. I ordered a couple of […] spring-loaded [pogo-pin] contacts online and designed a small PCB with — you guessed it — a Raspberry Pi Pico. Now I have a small tool that I can just push onto the connector in the laptop and that establishes a decent connection."

This isn't the first time BitLocker has fallen to a sniffing attack on the LPC bus. Back in March 2020 SySS Research turned a Lattice Semi iCEstick FPGA board into a sniffer for the Trusted Platform Module — which built, in turn, on Alexander Couzens' LPC Sniffer project, with modifications by Denis Andzakovic specifically targeting the TPM. Roth's twist on this dramatically reduces the cost of entry, down to a $4 development board and a simple carrier board — a total, he estimates, of $10 in parts.

There's a couple of catches in Roth's approach, though. The first is that the hidden connector is a Lenovo invention for debugging during the manufacturing process, and can't be found on every Lenovo model let alone laptops from third-party manufacturers. The other is that not all Trusted Platform Modules connect over the LPC bus, with SPI-connected TPMs commonplace — and invisible to an LPC sniffer.

Regardless, if you've got a suitable Lenovo laptop and need to get into its BitLocker-encrypted storage in a hurry, Roth has released the source code and hardware design files on GitHub under the GNU General Public License 3.