TPM2_Load failure #14
Description
I'm having a somewhat similar problem to #9. I'm attaching my bitleaker log: log.txt
I'm fairly new to TPM, so I've been trying to understand what is happening. As far as I can tell, bitleaker reads a binary blob from dislocker, and that is supposed to contain 220 bytes of the priv/pub object, and the rest is something else.
Here is the snippet that dislocker is returning:
Tue May 2 10:34:49 2023 [DEBUG] Total datum size: 0x012e (302) bytes
Tue May 2 10:34:49 2023 [DEBUG] Datum entry type: 0
Tue May 2 10:34:49 2023 [DEBUG] `--> ENTRY TYPE UNKNOWN 1
Tue May 2 10:34:49 2023 [DEBUG] Datum value type: 6
Tue May 2 10:34:49 2023 [DEBUG] `--> TPM_ENCODED -- Total size header: 12 -- Nested datum: no
Tue May 2 10:34:49 2023 [DEBUG] Status: 0x1
Tue May 2 10:34:49 2023 [DEBUG] Unknown: 0x815
Tue May 2 10:34:49 2023 [DEBUG] Payload:
Tue May 2 10:34:49 2023 [DEBUG] 0x00000000 00 aa 00 20 5d 12 f2 03-70 ef 92 d1 a5 05 e7 c6
Tue May 2 10:34:49 2023 [DEBUG] 0x00000010 a9 5f 6f 24 e9 d1 66 c6-be 0a a8 d9 c6 07 24 cf
Tue May 2 10:34:49 2023 [DEBUG] 0x00000020 57 9e cd 47 00 10 7d 34-bb d9 51 a9 aa aa 33 6b
Tue May 2 10:34:49 2023 [DEBUG] 0x00000030 6c c7 b1 c6 ac ae 7b 43-66 80 ab a9 cb 50 08 f1
Tue May 2 10:34:49 2023 [DEBUG] 0x00000040 53 84 f5 ac 2f ae 0b d1-54 60 df 71 39 2b 95 31
Tue May 2 10:34:49 2023 [DEBUG] 0x00000050 99 e3 45 1b cc a8 f6 da-d4 b0 05 e0 60 09 ce 89
Tue May 2 10:34:49 2023 [DEBUG] 0x00000060 5f c0 8e 72 86 03 62 7d-1c 1d 3e b5 9a 02 67 0b
Tue May 2 10:34:49 2023 [DEBUG] 0x00000070 35 23 a1 e8 33 e6 f0 ef-38 5d 7d e1 bd ce 48 32
Tue May 2 10:34:49 2023 [DEBUG] 0x00000080 e9 ca 0a ff a8 87 ab 89-53 fa d7 eb 51 0f 9c c2
Tue May 2 10:34:49 2023 [DEBUG] 0x00000090 56 b3 b3 f2 a4 41 50 7a-5a d0 b8 06 7f 84 8c 59
Tue May 2 10:34:49 2023 [DEBUG] 0x000000a0 1b c5 05 69 ed 16 f2 85-49 04 06 03 00 4e 00 08
Tue May 2 10:34:49 2023 [DEBUG] 0x000000b0 00 0b 00 00 04 12 00 20-f5 10 e7 eb cb a2 25 bc
Tue May 2 10:34:49 2023 [DEBUG] 0x000000c0 21 68 c2 23 d6 eb 84 1e-7c 03 2c f1 28 1f e5 ab
Tue May 2 10:34:49 2023 [DEBUG] 0x000000d0 23 c3 73 7e 8a d2 f7 ef-00 10 00 20 75 ff bf 4e
Tue May 2 10:34:49 2023 [DEBUG] 0x000000e0 cd c7 63 24 ba 6b b7 96-e3 b6 ef 36 e8 80 89 fe
Tue May 2 10:34:49 2023 [DEBUG] 0x000000f0 57 17 6d d2 a2 be 41 92-42 6b d3 cb 00 20 0a 5b
Tue May 2 10:34:49 2023 [DEBUG] 0x00000100 7b 84 98 30 8a dc 33 ea-b7 6f 81 6b 7a cb 9d 0d
Tue May 2 10:34:49 2023 [DEBUG] 0x00000110 91 ab 73 a2 13 74 a3 2b-06 c5 93 7f c9 da 03 15
Tue May 2 10:34:49 2023 [DEBUG] 0x00000120 08 00
Tue May 2 10:34:49 2023 [DEBUG] Header safe: 0x12e, 0, 0x6, 0x1
Tue May 2 10:34:49 2023 [DEBUG] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The private portion is 0xaa bytes long. So the public portion should start at 0xac. The size of the public portion is then 0x4e, and so it should end at 0xae + 0x4e = 0xfc. But 0xfc > 0xdc == 220. So it seems like maybe my keys are 0x20 bytes larger than usual, and bitleaker is truncating them, which causes the TPM2_Load to fail?
I am not sure if it is relevant, but I have SecureBoot disabled, and I am running Windows 11.
I'll try to change 220 to 0xfc in bitleaker.py and see if that fixes the TPM error.