Bypass Disk Encryption Linux
5 December 2021 at 14:45
We are going to learn how to steal the passphrase of a drive encrypted with default setup on a Debian distribution.
How? Through physical intrusion!
The general idea is simple. By default, disk encryption on Debian (and many other distributions) doesnβt encrypt the \boot directory. Even if full disk encyprtion is available via Grub2β¦
To perform this attack, we are going to use a Live USB on the target machine. Using the live USB, we are going to modify the script asking the passphrase (located in /boot) to make it write, in a text file, the passphrase typed by the victim.