We help IT Professionals succeed at work.
Troubleshooting Question

Recovery key for machine that will not boot into Windows

cdrichla
cdrichla asked
on
72 Views
Last Modified: 2020-11-10
A customer's laptop will no longer boot into Windows 10 Home Edition. We are attempting to reset or restore Windows in order for the customer to have access to his data. All system repair options ask for a recovery key. The customer is not familiar with Bitlocker and does not have a recovery. We have checked his company's Azure AD and found all company devices except this one. We also checked a personal Microsoft account but the device is not associated with it either.

Does anyone have any suggestions for recovering the data from this hard drive if we are unable to locate the recovery key?
Comment
Watch Question

Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT

Commented:
There is no way to get the data off the drive without the primary key or the recovery key.  There is no backdoor.  Well, there might be a backdoor for the NSA but there is no evidence of it as yet.

There are companies that will take your money and attempt a dictionary crack, but this is generally based on the hope that people will use common words and phrases found in a cracking dictionary.  If the passphrase is uncommon, it's unlikely that a brute-force crack will find the passphrase before the planet goes cold.

https://portswigger.net/daily-swig/bitcracker-password-cracking-software-designed-to-break-windows-nbsp-bitlocker

"However, the research paper suggests that with a single high-end GPU, it is theoretically possible that over 122 million passwords could be attempted in only 24 hours."

So that's 2^27 out of 2^128 possible passwords.  It will take, on the average, 2^100 days (half of 2^101), or 3.5*10^27 years, to find the passphrase by brute force.

https://blog.elcomsoft.com/2016/06/breaking-bitlocker-encryption-brute-forcing-the-backdoor-part-i/

"BitLocker Device Protection does NOT employ user-selectable passwords, and CANNOT be broken into by brute forcing anything. In certain cases, BitLocker escrow keys (BitLocker Recovery Keys) can be extracted by logging in to the user’s Microsoft Account via https://onedrive.live.com/recoverykey."

You've tried that.  So at this point the data must be considered lost unless there are recent unencrypted backups.

<opinion>
I/M/O, Bitlocker should never be used unless there is a) very valuable information stored, in which case that information must be backed up elsewhere unencrypted, or (b) danger of the system or drive being stolen.  All it takes is the flip of one bit by a cosmic ray -- which won't be noticed because consumer-grade machines don't use ECC memory -- and suddenly the whole drive is corrupt.
</opinion>
David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Windows Home cannot be joined to Azure AD or a domain. So without a recovery key you are SOL
William FulksIT Services Analyst
CERTIFIED EXPERT

Commented:
Windows 10 Home does not support Bitlocker. Sounds like what they have turned on is "device encryption" which is like a lighter version of Bitlocker.

That being said, without the recovery key you will not be getting anything off that hard drive. Perhaps it was configured by someone in IT and the recovery key is associated with an administrator's account? Hard to guess, really.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What is the machine doing, is it crashing on boot, or does it go straight to the recovery password entry screen?

Author

Commented:
McKnife: The machine displays a NTFS_FILE_SYSTEM stop code on booting. It then reboots and attempts an automatic system repair before displaying the "Automatic Repair" dialog giving the option to restart or choose advance options. All relevant repair options that would not result in a loss of data prompt for the recovery key.
William FulksIT Services Analyst
CERTIFIED EXPERT

Commented:
Now would be a good time to educate your client on the dangers of encrypting a drive that they aren't backing up. In normal cases you could just put that drive in another PC and extract the data that way, but they have locked themselves out of it.

I don't really know what else to tell you. This is not just a simple password issue - that entire drive is encrypted. It's not a simple lock/unlock deal.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
are you sure the drive is encrypted?
here some fixes for the NTFS_FILE_SYSTEM stop code      https://www.computerhope.com/issues/ch001206.htm

Author

Commented:
Thank you all for the assistance. We found that the recovery key was tied to a Microsoft account for the previous IT company. We were able to obtain the credentials for the account and retrieve the recovery key to successfully decrypt the drive.