research poc
Practical BitLocker Bypass via TPM Bus Sniffing on Business LaptopsBitLocker TPM Sniffing
Researchers demonstrate a practical, low-cost attack to bypass Microsoft BitLocker's default TPM-only encryption on modern business laptops. By physically sniffing the communication bus between the discrete TPM chip and the CPU, the Volume Master Key (VMK) can be intercepted, allowing decryption of the disk. The attack requires physical access and works against common enterprise devices like Lenovo ThinkPads, HP EliteBooks, and Microsoft Surfaces.