Documentation Index
Fetch the complete documentation index at: https://mintlify.com/garatc/BitUnlocker/llms.txt
Use this file to discover all available pages before exploring further.
boot_patched.sdi is the core of the BitUnlocker attack. It is a Windows SDI (System Deployment Image) ramdisk image containing a modified WIM that launches cmd.exe in place of the real Windows Recovery Environment. When the boot manager loads this image instead of the legitimate boot.sdi, the target machine boots into an unrestricted command prompt with the BitLocker-protected volume already decrypted by the TPM.
Option A — Download from Releases
The simplest path is to download the pre-builtboot_patched.sdi directly from the GitHub Releases page. Once downloaded, place it in the correct location for your delivery method:
- USB method:
USB/sdi/boot_patched.sdi - PXE method:
TFTP-root/sdi/boot_patched.sdi
The pre-built
boot_patched.sdi available on the Releases page contains a modified WinRE.wim where the launch application has been replaced with cmd.exe. No further modification is needed before placing it in the appropriate directory.Option B — Build Your Own
If you prefer to build the SDI file yourself — for example, to use a specific WinRE version or a custom payload — two helper scripts are included in thescripts/ directory of the repository.
What you need:
- A stock
boot.sdifile (obtainable from Windows installation media or from theEFIpartition of any Windows 11 machine) - A custom
WinRE.wimfile where the launch application has been replaced withcmd.exe
parse_sdi.py prints the structure and content of the SDI file so you can confirm the embedded WIM is the one you intended.
Place the SDI File
After obtaining or buildingboot_patched.sdi, place it in the path that matches your chosen delivery method:
| Method | Destination path |
|---|---|
| USB | USB/sdi/boot_patched.sdi |
| PXE | TFTP-root/sdi/boot_patched.sdi |
Next Steps
- For detailed documentation on each script, see the patch_sdi.py reference and the parse_sdi.py reference.
- Once the SDI file is in place, proceed to Modify the BCD to redirect the boot manager to load your patched image.