bkhive problem work around
Ok - dead thread but can't find an answer anywhere out there and I am sure others have run into the problem. Spent plenty of time working on the BKHive issue. I think it is something to do with certain factory installs. I had a DOH moment a couple days ago when I realized there was a recovery partition on the machine and that was HDA1. (Spending a minute or two to navigate to HDA1 would have saved more then a little time.) But since then I have tried everything in this thread and then some. EXTREMELY frustrating since it should work. It would be nice if the developer were still around to talk to...
I tried other methods and they too returned empty PWDump files for some reason - i.e. Usernames, but no Hashes.
So I finally said screw bkhive and the IG method. I created a DOS boot disk and downloaded NTFSDOS. I used the boot disk, NTFSDOS and a USB Flash Drive. Booted the comp, ran NTFSDOS and then copied the SYSTEM and SAM files onto my Flash Drive (Comp supports USB FLash Drive at a BIOS level - YMMV). I then threw it on another comp and downloaded SAMInside 2.2.6.0 version. It is a version still capable of a PWDump. I did notice it threw in a couple manufacturer users that were not in the other dump files I had managed to get using other methods... I created a dump file for the PWs I wanted. I then fired up LC4 to crack the Passwords. (You can use John the ripper if you want - doesn't really matter at this point.)
I think the bottom line is the issue is BKHive doesn't like certain factory installs. Why I have no clue. Might be some assumption hard coded into the program that is actually a variable though.
