Windows 10 support

[steven-ward]

I downloaded the source for reallymine and compiled on Windows 10.

I'm able to execute the application and receive the help information, but any attempts to run the decrypt or getdek functions results in a seek error.

Below is an example of the two functions I executed. reallymine.exe decrypt \.\PHYSICALDRIVE2 decrypted.img error running decrypt: seek \.\PHYSICALDRIVE2: Incorrect function.

reallymine.exe getdek \.\PHYSICALDRIVE2 error running getdek: seek \.\PHYSICALDRIVE2: Incorrect function.

I'm not very familiar with go, so it could just be I'm missing some dependencies. I executed these commands and verified they installed: go get github.com/hashicorp/vault/helper/password go get github.com/mendsley/gojwe

I also located the seek function for windows and ran this thinking maybe this missing dependency was the culprit: go get golang.org/x/sys/windows

I verified the version of go I have installed go version go version go1.7.3 windows/amd64

Seeing as how there were only compiled versions for Linux and OSX(Darwin) to download I wasn't sure if this was even designed to work with Windows or not.

For full disclosure, I'm using a WD Mybook with the Symwave bridge chip (v6316) and a broken usb port. I've removed drive from the case and placed it directly into my machine. The computer it's running on is a Windows 10 box and the drive itself is formatted with HSF+ because it used to be connected to an apple machine years ago and I didn't have the extra space to move the contents to another drive and reformat. I have "HFS+ for Windows 11" from Paragon Software installed and it read the drive flawlessly when the bridge was working. Now that it's internal and there's no Symwave chip to decrypt of course it's stating it needs to be initialized. Didn't know if this could be a factor or not, so I thought I should mention it.

Any suggestions on next steps would be greatly appreciated.

Amazing work btw.

[MrDecay]

The method I used in the beginning was done with a virtual machine. With a 64bit partedmagic (any Linux 64bit live distro should work . how big is your source . Since you will need a suitable target to receive the destination img

On Nov 2, 2016 12:52 PM, "steven-ward" notifications@github.com wrote:

I downloaded the source for reallymine and compiled on Windows 10.

I'm able to execute the application and receive the help information, but any attempts to run the decrypt or getdek functions results in a seek error.

Below is an example of the two functions I executed. reallymine.exe decrypt .\PHYSICALDRIVE2 decrypted.img error running decrypt: seek .\PHYSICALDRIVE2: Incorrect function.

reallymine.exe getdek .\PHYSICALDRIVE2 error running getdek: seek .\PHYSICALDRIVE2: Incorrect function.

I'm not very familiar with go, so it could just be I'm missing some dependencies. I executed these commands and verified they installed: go get github.com/hashicorp/vault/helper/password go get github.com/mendsley/gojwe

I also located the seek function for windows and ran this thinking maybe this missing dependency was the culprit: go get golang.org/x/sys/windows

I verified the version of go I have installed go version go version go1.7.3 windows/amd64

Seeing as how there were only compiled versions for Linux and OSX(Darwin) to download I wasn't sure if this was even designed to work with Windows or not.

For full disclosure, I'm using a WD Mybook with the Symwave bridge chip (v6316) and a broken usb port. I've removed drive from the case and placed it directly into my machine. The computer it's running on is a Windows 10 box and the drive itself is formatted with HSF+ because it used to be connected to an apple machine years ago and I didn't have the extra space to move the contents to another drive and reformat. I have "HFS+ for Windows 11" from Paragon Software installed and it read the drive flawlessly when the bridge was working. Now that it's internal and there's no Symwave chip to decrypt of course it's stating it needs to be initialized. Didn't know if this could be a factor or not, so I thought I should mention it.

Any suggestions on next steps would be greatly appreciated.

Amazing work btw.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/17, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xWQIx2MgWh3NzvAZ_0fwVWz44HVzks5q6M3PgaJpZM4KnjLg .

[andlabs]

You need two \s at the beginning: \\.\PHYSICALDRIVE2.

[steven-ward]

MrDecay - My source is 2TB. I don't have any other drives large enough to dump a whole image to. I was trying to confirm I could decrypt at least a portion of it and I wasn't sure if the -disk-size was causing my error so I just tried it for the whole drive instead and got the same error.

Is it your opinion that it won't work on Windows 10? I just wanted to make sure I wasn't doing something dumb with go on the Windows side. I can fire up a Linux 64bit live distro, use parted to dump the image to a second drive, and then try to decrypt the data back to the original.

andlabs - I did have two \s I just didn't catch it marked them as one when I posted. Sorry for the confusion.

[MrDecay]

Well if it had worked when you compiled it...it would have been very cool indeed. But yeah we usually use a distro to run the compiled version.(at least I have) hmm I have dumped in the past partial images but none from hfs+ . In the instances. I dumped about 2 gigs an ran a file carving tool. A.k.a raw recovery to confirm pictures were intacted. So you Could dump 1tb and still recover content.

On Nov 2, 2016 3:58 PM, "steven-ward" notifications@github.com wrote:

MrDecay - My source is 2TB. I don't have any other drives large enough to dump a whole image to. I was trying to confirm I could decrypt at least a portion of it and I wasn't sure if the -disk-size was causing my error so I just tried it for the whole drive instead and got the same error.

Is it your opinion that it won't work on Windows 10? I just wanted to make sure I wasn't doing something dumb with go on the Windows side. I can fire up a Linux 64bit live distro, use parted to dump the image to a second drive, and then try to decrypt the data back to the original.

andlabs - I did have two \s I just didn't catch it marked them as one when I posted. Sorry for the confusion.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/andlabs/reallymine/issues/17#issuecomment-257996971, or mute the thread https://github.com/notifications/unsubscribe-auth/AQE6xT1p2Hc_GCTvhbh-3gRTcFJrgmxUks5q6PmHgaJpZM4KnjLg .

[andlabs]

So I wonder if in that case Windows doesn't allow SetFilePointer() on a PhysicalDrive... will need to find out for sure.

[andlabs]

Hashicorp fixed.