I am working on a C# app that replaces explorer.exe with our own shell. We want to let users unlock BitLocker USB drives from within our UI.
The C# app periodically refreshes a list of drives connected to the machine. For each drive found, it checks the BDE status by starting a Process that executes manage-bde -status and parses the output. It works fine.
Problem Unlocking a drive is giving me an issue since
manage-bde -unlock <drive>: -password
is an active prompt, and we do not want the user to see Command Prompt open at all to enter text. They will select the drive name and enter the password within the C# app beforehand.
One idea I had was generating a .bat file in the C# app using the drive name and password. However I do not know the proper syntax to achieve submitting the password (.bat noob here).
My (very) WIP batch file
@echo off
set driveName=F:
set pass=thePassword
manage-bde -unlock %driveName% -password
How should I proceed to submit the pass variable? I understand playing with passwords in plain text is in no way secure, but the most important takeaway I need is knowing how to structure this in a batch file with no user input to cmd.
Thanks.
Got a PowerShell script solution to work after trying out some suggestions (Thanks Compo). It solves the problem of issuing BitLocker operations without the user interacting with a command prompt. I understand there are more elegant approaches.
public void ToggleBDELock(string driveLetter, string password )
{
string directory = @"C:\thePath\";
string scriptName = $"bdeunlock_{driveLetter}.ps1";
string scriptPath = Path.Combine( directory, scriptName );
string output;
FileStream fileStream;
// Set up location for the script.
// yada yada yada
// Write the script to the file.
fileStream = File.Create( scriptPath );
using( var writer = new StreamWriter( fileStream ) )
{
writer.WriteLine( $"$SecureString = ConvertTo-SecureString \"{password}\" -AsPlainText -Force" );
writer.WriteLine( $"Unlock-BitLocker -MountPoint \"{driveLetter}:\" -Password $SecureString" );
}
// Configure a process to run the script.
var startInfo = new ProcessStartInfo
{
FileName = "powershell.exe",
Arguments = $"-NoProfile -ExecutionPolicy unrestricted -file \"{scriptPath}\"",
UseShellExecute = false,
RedirectStandardOutput = true,
CreateNoWindow = true
};
// Try to execute the script.
using( var process = new Process { StartInfo = startInfo } )
{
try
{
process.Start();
output = process.StandardOutput.ReadToEnd();
}
catch( Exception e )
{
// yada yada yada
}
}
}