A tool developped with anything but a brain. You could use it to retrieve a BitLocker Recovery Password or any other Key Protector by providing a VMK and the targeted filesystem. Please note that this tool has only been tested on Windows 11 targets. Therefore, it may be unstable and even break the target disk. Always create backups before using this feature.

Start by building it :

cargo build -r 

Then simply provide a VMK and a block/disk image file path or the Recovery Password's nonce, MAC and paylaod.

Usage: vmk2rk [OPTIONS] --vmk <Key>

Options:
  -v, --vmk <Key>
          VMK, key used to decrypt key protectors
  -n, --nonce <Nonce>
          Nonce used to decrypt the Recovery Password
  -m, --mac <MAC>
          MAC used to decrypt the Recovery Password
  -p, --payload <Payload>
          Payload containing the encrypted Recovery Password
  -d, --disk <DISKPATH>
          Disk from which Key Protectors are retrieved 
  -b, --bek
          Create BEK (BitLocker External Key) file if the Key Protector is configured on the provided disk
  -a, --addbek
          Add BEK (BitLocker External Key) to the provided disk. WARNING : DO NOT USE UNLESS YOU DON'T CARE ABOUT BREAKING THE TARGET DISK (This means make backups)
  -h, --help
          Print help (see a summary with '-h')
  -V, --version
          Print version

If the VMK, nonce, MAC and payload or provided when executing vmk2rk, it will proceed with decryption. However, if a block file or a disk image is provided, it will try to retrieve Key Protectors' nonce, MAC and encrypted form :

1. The binary will read the GUID Partition Table (gpt) to retrieve the start address for each partition
2. It will try to identify the first encrypted partition
3. If found, it will read the volume header to retrieve the FVE metadata blocks addresses
4. The tool will then parse the key protectors and identify the one holding the encrypted Key Protector
5. The nonce, MAC and encrypted Key Protector will be extracted and passed to the decryption function

For a Recovery Password, the decryption process is as follows:

• The payload is decrypted using AES-256-CCM
• The header describing the recovery password is removed and the rest is split into 8 2 bytes words
• The endianess for each word is swapped
• The words are then multiplied by 0x0b
• The words are transformed into integers and displayed with - as separators Other Key Protectors are stored in the FVE Metadata encrypted using AES-256-CCM.

• Recovery Passwords
• Startup Keys

• Startup Keys

To retrieve key protectors, it is required to gain access to one of them such as a VMK. This may be achieved by performing TPM sniffing.

Upon successfully retrieving a Recovery Password or a Startup Key, it is possible to boot the disk on any machine even if PCR validation fails.

• clap
• aes
• ccm
• gpt
• itertools
• uuid
• sha2
• crc

• Idea is coming from @pascal-gujer who raised an issue on the dislocker project.
• Implementing BitLocker Drive Encryption for forensic analysis by Jesse D. Kornblum
• libbde's documentation's documentation
• Geoff Chappell's analysis of the FVE_DATUM structure.
• Aurélien Bordes' whitepaper
• Leon Voigt's thesis