dislocker

Dislocker has been designed to read BitLocker encrypted partitions undera Linux system. The driver used to read volumes encrypted in Windows systemversions of the Vista to 10 and BitLocker-To-Go encrypted partitions, that’sUSB/FAT32 partitions.

The software works with driver composed of a library, with multiple binariesusing this library. Decrypting the partition, you have to give it a mountpoint where, once keys are decrypted, a file named dislocker-file appears.This file is a virtual NTFS partition, so you can mount it as any NTFSpartition and then read from or write to it. Writing to the NTFS virtualfile will change the underlying BitLocker partition content. To usedislocker-find Ruby is required.

This tool is useful in cryptography managing and forensics investigations.

Installed size: 94 KB
How to install: sudo apt install dislocker

Dependencies:

libc6
libdislocker0.7
libfuse2
libruby3.1

dislocker

Read/write BitLocker encrypted volumes under Linux, OSX and FreeBSD.

dislocker-bek

Reads .BEK files and prints information about them

root@kali:~# dislocker-bek -hUsage: dislocker-bek [-h] [-f file.bek] Reads .BEK files and prints information about them

dislocker-file

Read BitLocker encrypted volumes under Linux, OSX and FreeBSD.

root@kali:~# dislocker-file -hdislocker by Romain Coltel, v0.7.2 (compiled for Linux/x86_64)Usage: dislocker [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...] with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-K VMK_FILE|-cOptions: -c, --clearkey decrypt volume using a clear key (default) -f, --bekfile BEKFILE decrypt volume using the bek file (on USB key) -F, --force-block=[N] force use of metadata block number N (1, 2 or 3) -h, --help print this help and exit -k, --fvek FVEK_FILE decrypt volume using the FVEK directly -K, --vmk VMK_FILE decrypt volume using the VMK directly -l, --logfile LOG_FILE put messages into this file (stdout by default) -O, --offset OFFSET BitLocker partition offset, in bytes (default is 0) -p, --recovery-password=[RECOVERY_PASSWORD] decrypt volume using the recovery password method -q, --quiet do NOT display anything -r, --readonly do not allow one to write on the BitLocker volume -s, --stateok do not check the volume's state, assume it's ok to mount it -u, --user-password=[USER_PASSWORD] decrypt volume using the user password method -v, --verbosity increase verbosity (CRITICAL errors are displayed by default) -V, --volume VOLUME volume to get metadata and keys from -- end of program options, beginning of FUSE's ones ARGS are any arguments you want to pass to FUSE. You need to pass at leastthe mount-point.

dislocker-find

Find BitLocker-encrypted volumes.

root@kali:~# dislocker-find -hUsage: /usr/bin/dislocker-find [-h] [files...] Try to find partitions which are BitLocker-encrypted. Each found is printed on stdout. If one or more file is passed as argument, /usr/bin/dislocker-find will print each file which is a BitLocker-encrypted volume. The number of partition found is returned (in $? in sh).

dislocker-fuse

Read/write BitLocker encrypted volumes under Linux, OSX and FreeBSD.

root@kali:~# dislocker-fuse -hdislocker by Romain Coltel, v0.7.2 (compiled for Linux/x86_64)Usage: dislocker [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...] with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-K VMK_FILE|-cOptions: -c, --clearkey decrypt volume using a clear key (default) -f, --bekfile BEKFILE decrypt volume using the bek file (on USB key) -F, --force-block=[N] force use of metadata block number N (1, 2 or 3) -h, --help print this help and exit -k, --fvek FVEK_FILE decrypt volume using the FVEK directly -K, --vmk VMK_FILE decrypt volume using the VMK directly -l, --logfile LOG_FILE put messages into this file (stdout by default) -O, --offset OFFSET BitLocker partition offset, in bytes (default is 0) -p, --recovery-password=[RECOVERY_PASSWORD] decrypt volume using the recovery password method -q, --quiet do NOT display anything -r, --readonly do not allow one to write on the BitLocker volume -s, --stateok do not check the volume's state, assume it's ok to mount it -u, --user-password=[USER_PASSWORD] decrypt volume using the user password method -v, --verbosity increase verbosity (CRITICAL errors are displayed by default) -V, --volume VOLUME volume to get metadata and keys from -- end of program options, beginning of FUSE's ones ARGS are any arguments you want to pass to FUSE. You need to pass at leastthe mount-point.

dislocker-metadata

Printing information about a BitLocker-encrypted volume

root@kali:~# dislocker-metadata -hUsage: dislocker [-hov] [-V VOLUME] -h print this help and exit -o partition offset -v increase verbosity to debug level -V VOLUME volume to get metadata from

libdislocker0-dev

libdislocker0.7

This package provides the runtime library.

Installed size: 139 KB
How to install: sudo apt install libdislocker0.7

Dependencies:

libc6
libmbedcrypto7
libruby3.1

Updated on: 2023-May-16

Edit this page

zsh-syntax-highlightingdvwa

FAQs

Dislocker | Kali Linux Tools? ›

Dislocker has been designed to read BitLocker encrypted partitions under a Linux system. The driver used to read volumes encrypted in Windows system versions of the Vista to 10 and BitLocker-To-Go encrypted partitions, that's USB/FAT32 partitions.

Read On ›

Which is the most powerful tool in Kali Linux? ›

Top 15 Kali Linux Tools

1) Nmap. Nmap, short for Network Mapper, is a versatile and indispensable tool in network exploration and security auditing. ...
3) Wireshark. ...
4) Metasploit Framework. ...
5) Aircrack-ng. ...
6) John the Ripper. ...
7) SQLmap. ...
8) Autopsy. ...
9) Social Engineering Toolkit.

More items...

Feb 22, 2024

Discover More Details ›

Can Linux decrypt BitLocker? ›

To decrypt the hard disk in Linux BitLocker and mount it in the Linux system, it makes sense to create a separate mount point. The easiest way to do this is to create a new folder in any directory. By default, Linux operating systems always like to use the “mnt” directory. As command now dislocker-fuse is needed.

Why do hackers use Kali Linux? ›

Hackers prefer Kali Linux for various reasons, including its extensive selection of pre-installed tools, customization options, open-source nature, anonymity features, comprehensive documentation, portability, and commitment to regular updates.

See Details ›

How many Kali Linux tools are there? ›

Kali Linux has approximately 600 penetration-testing programs (tools), including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), metasploit (penetration testing framework), John the Ripper (a password cracker), sqlmap (automatic SQL injection and database ...

Find Out More ›

What OS do hackers use? ›

Best Operating Systems for Hacking

Kali Linux. The most widely used ethical hacking OS, Kali Linux, is a Debian-based Linux-based operating system. ...
Parrot OS. ...
BackBox. ...
BlackArch. ...
DEFT Linux. ...
NodeZero Linux. ...
Linux Kodachi. ...
Samurai Web Testing Framework.

More items...

Tell Me More ›

Is Kali Linux for hackers? ›

Kali Linux is mainly used for advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.

Show Me More ›

How do I unlock an encrypted drive in Linux? ›

Use the ADE key file and the header file to unlock the disk

Use the cryptsetup luksOpen command to unlock the root partition on the encrypted disk. ...
Now that you have unlocked the disk, unmount the encrypted disk's boot partition from the /investigateboot/ directory:

More items...

Mar 27, 2024

Explore More ›

Can police decrypt BitLocker? ›

Bitlocker has no backdoors. A bare Bitlocker encrypted drive is fundamentally unhackable.

Is VeraCrypt better than BitLocker? ›

Reviewers felt that VeraCrypt meets the needs of their business better than Microsoft BitLocker. When comparing quality of ongoing product support, reviewers felt that VeraCrypt is the preferred option. For feature updates and roadmaps, our reviewers preferred the direction of VeraCrypt over Microsoft BitLocker.

Show Me More ›

Which is better Kali or parrot? ›

When it comes to general tools and functional features, ParrotOS takes the prize when compared to Kali Linux. ParrotOS has all the tools that are available in Kali Linux and also adds its own tools. There are several tools you will find on ParrotOS that is not found on Kali Linux. Let's look at a few such tools.

Read The Full Story ›

Is Kali Linux malicious? ›

it's not unusual for Windows Security to raise alerts when scanning a Kali Linux ISO, as Kali Linux is primarily designed for penetration testing and ethical hacking. The tools included in Kali Linux are often flagged due to their potential misuse, even though they are not inherently harmful.

See Details ›

Is Kali Linux legal? ›

One common misconception surrounding Kali Linux is its association with illegal activities. It's crucial to dispel this myth; Kali Linux is a legal and ethical tool designed for legitimate security purposes.

Get More Info Here ›

What is Kali Linux called now? ›

Ever. Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing.

Is Kali Linux a forensic tool? ›

Kali Linux is a Linux-based distribution that's widely used for penetration testing and digital forensics. It has a wide range of tools to help for digital forensics investigations and incident response mechanisms.

What computers run Kali Linux? ›

Bare Metal

CATEGORY	CHOICE
Most Portable	Microsoft Surface Go 2
Best Battery Life	HP Elite Dragonfly G3
Best Linux Pre-Installed	Purism Librem 14
Money is No Object	Lenovo Thinkpad X1 Carbon

1 more row

View Details ›

What is the most important command in Kali Linux? ›

Top 20 Basic Kali Linux Commands List

1) date command. data command is used to set the current date and time in the system. ...
2) cal command. cal linux command displays the recent year and month formatted calendar on the screen. ...
3) whoami command. ...
4) pwd command. ...
5) is command. ...
6) cd command. ...
7) mkdir command. ...
8) cat command.

More items...

Which Kali installer is best? ›

Which Image to Choose

If in doubt, use the “Installer” image. You will need to check your system architecture to know whether to get 32-bit or 64-bit. ...
This is the recommended image to install Kali Linux. ...
We recommend sticking with the default selections and add further packages after the installation as required.

Jun 30, 2023

Learn More ›

What is the best information gathering tool in Kali? ›

What tools can I use with Kali?

Nmap. With Nmap, security professionals can find live hosts on a network and perform port scanning. ...
Metasploit. The Metasploit framework is a powerful tool for cybersecurity professionals while conducting information-gathering tasks. ...
Maltego. ...
Wireshark. ...
Netcat.

Jul 12, 2021

Discover More Details ›

What is the best DDoS tool for Kali Linux? ›

SLOWLORIS. SLOWLORIS – This tool is one of the best ways to carry out DDoS attacks. It is even dubbed the most effective of the tools available. It works by sending out legitimate HTTP requests albeit incompletely.

Show Me More ›