Question How to access to disk encrypted with Bitlocker without password

tempto

n00b
Joined
Jan 17, 2021
Messages
12
A few days ago I turned on my computer and something went wrong because Windows started checking computer and wasn't able to start up I think it is something related to the MBR. I can't fix it because the disk was encrypted with Bitlocker and I had not a clue! So I have not the password, I only have the recovery key id.

Please, tell me that there is still a solution! What can I do?
 

Spartacus09

[H]ard|Gawd
Joined
Apr 21, 2018
Messages
1,777
If you were using Bitlocker on your computer, it would be asking for your bitlocker password every time you started your computer. How could you not know that you had bitlocker enabled on your own computer?
That’s not how bitlocker works if it has a tpm2 module (which is most motherboards in the past 4-5 years), it only asks for the key when there are major hardware changes.
 

tempto

n00b
Joined
Jan 17, 2021
Messages
12
So you’re missing the recovery key and only have the ID?
Well, technnically I didn't miss it because I never had, in fact, I didn't realize until now. All I have is the recovery key id because is offered by Windows when it prompts the password.
 

tempto

n00b
Joined
Jan 17, 2021
Messages
12
That’s not how bitlocker works if it has a tpm2 module (which is most motherboards in the past 4-5 years), it only asks for the key when there are major hardware changes.
It is right, I don't know what 'tmp2' is but I was never asked about the password otherwise I would had.
 

tempto

n00b
Joined
Jan 17, 2021
Messages
12
Impossible.
Perhaps only using quantum computing brute force to find the key. Ask erek he might have access to one.
So it sound hard and expensive. I'm considering buying a new ssd and leave the old one with the lost data and try to recover it in a future but maybe it is not suitable or affordable. What would you guys do in my position? Format and learn the lesson?
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
25,315
you dont. thats the point of it. did you not save your key when you turned it on?
 

Spartacus09

[H]ard|Gawd
Joined
Apr 21, 2018
Messages
1,777
^ this if you don't have the decryption key consider the data is lost, you can format the drive and start over without having to buy another one though (you'd just lose the data of course).
Then either leave bitlocker off, or make sure you have the key backed up somewhere.
 

tempto

n00b
Joined
Jan 17, 2021
Messages
12
you dont. thats the point of it. did you not save your key when you turned it on?
I didn't turned it on, properly, one day when I turned on the computer it failed suddenly and I was not able to access to the Windows desktop, even was impossible to enter in safe mode because of the password.
 

tempto

n00b
Joined
Jan 17, 2021
Messages
12
If you signed up for a Microsoft account and chose the right options when you enabled BitLocker, you may be able to get the recovery key from your OneDrive account.

https://onedrive.live.com/recoverykey


If not, then you're data is done. Nothing out there can recover it.
No, I didn't, in fact I didn't activate Bitlocker myself, it was already done. The computer is a laptop and has a fingerprint reader which I used to use to login, maybe that's the reason of the activation by default.
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
25,315
bitlocker doesnt magically turn itself on. yes it may be your bio scanner and it would have told you it was being enabled and it would have given you plenty of warnings about the key.

1611087449316.png
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
No, I didn't, in fact I didn't activate Bitlocker myself, it was already done. The computer is a laptop and has a fingerprint reader which I used to use to login, maybe that's the reason of the activation by default.
Where did you get this laptop from?

From work?

Bought it used?

Bought it new?
 

Spartacus09

[H]ard|Gawd
Joined
Apr 21, 2018
Messages
1,777
if you didnt set it up it was likely by your people at work, they're your only hope, i'm fairly certain microsoft doesnt have the ability to provide decrypt keys unless it was saved with the microsoft account as previously noted
 

BinarySynapse

[H]F Junkie
Joined
Feb 6, 2006
Messages
15,100
With my work laptops, bitlocker is enabled via group policy. So we never see the recovery key unless we intentionally look for it before there is a problem.

If bitlocker is tripped and we didn’t look that key up, we’re out of luck. Our IT guys can not help us.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
Ya, that is what I was thinking, if you got it from work, contact work as they likely set it all up and hope they have the key or as BinarySynapse noted, it was GPO deployed and so the key is saved in AD.
 

Spartacus09

[H]ard|Gawd
Joined
Apr 21, 2018
Messages
1,777
With my work laptops, bitlocker is enabled via group policy. So we never see the recovery key unless we intentionally look for it before there is a problem.

If bitlocker is tripped and we didn’t look that key up, we’re out of luck. Our IT guys can not help us.
Unless they have a really good automated backup system your IT guys suck, they should be either recording it or writing a script to export the key for recovery reasons IMO.
We keep all our bitlocker and filevault keys in a secure vault in case something like this happens, especailly with laptops that sometimes flag random hardware changes with bios updates and such.
 

BinarySynapse

[H]F Junkie
Joined
Feb 6, 2006
Messages
15,100
Unless they have a really good automated backup system your IT guys suck, they should be either recording it or writing a script to export the key for recovery reasons IMO.
We keep all our bitlocker and filevault keys in a secure vault in case something like this happens, especailly with laptops that sometimes flag random hardware changes with bios updates and such.

It’s one of the bigger IT hardware companies, I’m sure they have a reason for not doing that.
 

ZeqOBpf6

Gawd
Joined
Aug 24, 2014
Messages
704
MBAM, microsoft bitlocker administration something is used when a user has bitlockered themselves out. Put the first 8 keys of the BL recovery code and bam, huge key comes back, and you're in.

We use it all the time.
 

BinarySynapse

[H]F Junkie
Joined
Feb 6, 2006
Messages
15,100
MBAM, microsoft bitlocker administration something is used when a user has bitlockered themselves out. Put the first 8 keys of the BL recovery code and bam, huge key comes back, and you're in.

We use it all the time.
That only works if the key was stored in MBAM’s key database.
 

Zedicus

Gawd
Joined
Nov 2, 2010
Messages
750
We bitlocker EVERY laptop that is joined to the domain at work. we do it without any knowledge or input from the user.
we store the key in Active Directory so that we can recover. we do this so that we do not need to keep a file, database, or other non-secure thing (3 ring binder in a gun safe?) to store the keys.

if it is a work PC, then your employer has the keys.
 

tempto

n00b
Joined
Jan 17, 2021
Messages
12
The IT guys don't have the key, at least my laptop key. I know that it is my fault because we are supposed to backup our data... I'm screw
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
The IT guys don't have the key, at least my laptop key. I know that it is my fault because we are supposed to backup our data... I'm screw
If you got your laptop from work,. it is your WORKS responsibility to assure your devices have proper backups or access to data off the device.

If your company is not using any backup agent, or even just onedrive, they fail at IT.

If OneDrive then your main dir. should be auto mapped to onedrive, if they expect you to use some network drive over VPN and only save your stuff there, well that is bad IT to a degree and bad use expectations.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
pendragon1 Do they give you any tools to back files up to? Network shares or anything? If not your IT team and manager should be fired for being incompetent.
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
25,315
pendragon1 Do they give you any tools to back files up to? Network shares or anything? If not your IT team and manager should be fired for being incompetent.
note the key words: ON THE DEVICE. anything on network shares or onedrive or google drive gets backups. on the device its considered user data and is their responsibility.
edit: sorry they were "data on the machine"
 
Last edited:

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
note the key words: ON THE DEVICE. anything on network shares or onedrive or google drive gets backups. on the device its considered user data and is their responsibility.
edit: sorry they were "data on the machine"
k

So the old school way! Former Senior sys admin i worked with blocked saving files to any local folders and desktop had 1 icon, the network share. He got tired of people saving things locally, then getting their laptop stolen or it dying and complaining about wanting all their data back...

But then if you have OneDrive, just do a GPO to enable mapping of user profile drives, docs, desktop, pics to onedrive.
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
25,315
k

So the old school way! Former Senior sys admin i worked with blocked saving files to any local folders and desktop had 1 icon, the network share. He got tired of people saving things locally, then getting their laptop stolen or it dying and complaining about wanting all their data back...

But then if you have OneDrive, just do a GPO to enable mapping of user profile drives, docs, desktop, pics to onedrive.
theyre on macs but there is something like that for onedrive. they still stupidly save locally but our policy form(im in edu) has big bold letters about the local data not being our responsibility and to "back yo' shit up!". admins roles use PCs and work out of network shares, for the most part.
 

Ocellaris

Fully [H]
Joined
Jan 1, 2008
Messages
19,011
If you got your laptop from work,. it is your WORKS responsibility to assure your devices have proper backups or access to data off the device.
I dunno, that’s a difficult argument to have after the fact. If your employer tells you to backup your data, it’s your responsibility to use the IT provided tools to do it.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,875
I dunno, that’s a difficult argument to have after the fact. If your employer tells you to backup your data, it’s your responsibility to use the IT provided tools to do it.
Ocellaris ,data security and backups are I.T's job, not the end users in the end. Now, if backup options are in place for the users to use, yes, it is up to the user to use those options as they were told to, they lose data, their fault if those methods were not used.

If the company is not providing any backup options, like VPN to network shares or cloud services, than the IT department needs to be fired and management given a good talking to about data and data security and liability as they are passing the buck.
 
Last edited:

scrappymouse

Limp Gawd
Joined
Mar 18, 2016
Messages
201
He said he is .edu in my experience .edu IT are usually the absolute worst when it comes to I.T. those that can't do...teach. i went to a networking college and you'd THINK they'd have the students lab network VLANed off and not on the production network.....nope, their reasoning? "Servers won't effect network gear" yeah, until some students set their VMs to bridged mode during dns and dhcp lab, all the sudden about 12 rogue DHCP and DNS servers on the production network
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
25,315
edu IT are usually the absolute worst when it comes to I.T. those that can't do...teach. i went to a networking college
nice bit of assumption there... the teachers are the ones with the local data when they are supposed to use network/online storage. guessing that "college" is where you picked up your misconceptions....
 

scrappymouse

Limp Gawd
Joined
Mar 18, 2016
Messages
201
nice bit of assumption there... the teachers are the ones with the local data when they are supposed to use network/online storage. guessing that "college" is where you picked up your misconceptions....
you just said the teachers are the ones with the local day when they are SUPPOSED to use network/online storage, you're just proving my assumption.
 
Top