| > the TPM has PolicyAuthValue(PIN) Where are you seeing that? I can't find it in the article. It wouldn't make sense to me for that to be the case if the article details how the driver does it own unwrapping/decryption after the KP is extracted. Plus it would probably mean they're lying about TPM+PIN being defeatable. > The blog post documents dumping the PIN-entangled key material by MITM-ing the TPM communication while a user enters the PIN I really don't think so... the screenshot with the PIN entry I think was only for hooking his debugger up in order to reverse the driver's decryption process. I don't see where they mention how/when the KP is actually extracted. It looks to me like it's transmitted during boot _before_ the PIN entry, so that the software driver can decrypt it after the user enters the PIN. They list the steps as: 1. Extract TPM data. The TPM data is encrypted Key Protector (aka KP). 2. Generate the decryption key of KP 3. Decrypt KP 4. Extracting encrypted VMK 5. Decrypt VMK using KP I didn't see anything about needing to enter a PIN in order to get the TPM data. If the TPM required a PIN to extract anything, I think there would be no need to manually decrypt anything in software as they show with the python code. Of course I could be wrong... please feel free to provide more info. |
Like I specifically pointed out, it's belt and suspenders.
> Of course I could be wrong... please feel free to provide more info.
From https://blog.scrt.ch/2024/10/28/privilege-escalation-through... :
> Indeed, by analysing the decryption process, it appears that the user’s PIN is sent to the TPM which releases the intermediate key only if the provided secret is correct, thus effectively preventing offline bruteforce attacks.
> Secondly, no data is returned when the PIN is incorrect, which indicates that the PIN or a derivative is sent to the TPM for verification.