How a $36 barcode scanner sped up fixing the CrowdStrike chaos at Grant Thornton Australia

Cutting corners: The global computer crash earlier this month, caused by a faulty CrowdStrike update, was a disaster for many. However, a hero emerged at Grant Thornton Australia: senior systems engineer Rob Woltz, who quickly remedied the situation using a humble barcode scanner. In the midst of chaos, Woltz recalled that PCs treat barcode scanners like keyboards during boot-up. A quick trip to an office supply store later, the company was back up and running within a few hours.

Like many other businesses around the world, CrowdStrike’s faulty software caused hundreds of PCs and over 100 servers at Grant Thornton Australia to crash on that fateful Friday, resulting in blue screen of death errors.

Fixing the issue filled IT support with dread: The affected machines were encrypted with Microsoft’s BitLocker, requiring a 48-character recovery key for each device. This meant that recovery would require not only CrowdStrike’s multi-step fix but also the manual entry of a 48-character BitLocker key.

Given the huge number of PCs, the IT staff felt an automated response was necessary. But the solutions they initially came up with – such as distributing BitLocker keys or reading keys to workers over the phone or in person – seemed too risky and far from foolproof.

That’s when senior systems engineer Rob Woltz remembered something seemingly inconsequential but important enough that it would ultimately save the day at the firm: PCs treat barcode scanners like keyboards during boot-up – a realization that ultimately led to an innovative solution for a speedy recovery.

The IT team created a script to generate barcodes for the BitLocker keys, displaying them on a secure management server. The script generated the necessary barcode and LAPS password to restore the machines.

Then came a trip to a local office supply store. Using off-the-shelf barcode scanners purchased for about AU$55 ($36) each, the team could quickly input the 48-character keys by scanning the barcodes. Recovery of the affected PCs only took 3 to 5 minutes per machine, compared to 20 minutes for manual server recovery.

Because outages can happen any time and – as Crowdstrike showed – for the simplest of reasons, it is instructive to understand exactly why this process worked. Most barcode scanners are designed to emulate keyboard input. When a barcode is scanned, the scanner converts the data into keystrokes, as if someone were typing on a keyboard. Many barcode scanners, especially USB models, identify themselves as USB HID devices, the same device class used by keyboards and mice, allowing them to be recognized and function without special drivers.

In addition, the computer’s BIOS or UEFI firmware is designed to recognize input devices like keyboards during the boot process. Since barcode scanners emulate keyboard input, they are recognized in the same way.

It is also worth noting that this process works with some older barcode scanners that use a “keyboard wedge” interface, as well. These interfaces physically connect between the keyboard and the computer. This setup makes the scanner’s input indistinguishable from regular keyboard input.

Woltz told The Register that he is pleased he was able to engineer a swift recovery, but later he realized he could have automated the entire remediation process if he had thought of using QR codes instead.