Closed ly20180228 closed 5 years ago
joachimmetz
commented
6 years ago libbde_io_handle_read_volume_header: unsupported volume boot entry point.To be able to help you I'll need some format debug information. Could you send me a hexdump of the first 4096 bytes of the volume or debug ouptut log (see: https://github.com/libyal/libbde/wiki/Troubleshooting#verbose-and-debug-output).
joachimmetz
commented
5 years ago 因为我不太了解编译,下面的内容不清楚是否为您需要的
Unfortunately no, please send me the output of:
sudo dd if=/dev/sda1 bs=4096 count=1 | hexdump -Cv
Assuming that /dev/sda1 is your BitLocker encrypted volume
ly20180228
commented
5 years ago 非常感谢您热情的回复如此简单的问题,之前是因为自己不懂linux系统,一些最基本的操作错误! 我了解您的意思了,您是想要分区前4096字节
00000000 eb 58 90 4d 53 57 49 4e 34 2e 31 00 02 10 2f 00 |.X.MSWIN4.1.../.|
00000010 01 00 00 00 00 f8 00 00 3f 00 ff 00 00 00 00 00 |........?.......|
00000020 00 07 1e 00 c1 03 00 00 00 00 00 00 02 00 00 00 |................|
00000030 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 80 01 29 e1 4a b4 5b 4e 4f 20 4e 41 4d 45 20 20 |..).J.[NO NAME |
00000050 20 20 46 41 54 33 32 20 20 20 33 c9 8e d1 bc f4 | FAT32 3.....|
00000060 7b 8e c1 8e d9 bd 00 7c a0 fb 7d b4 7d 8b f0 ac |{......|..}.}...|
00000070 98 40 74 0c 48 74 0e b4 0e bb 07 00 cd 10 eb ef |.@t.Ht..........|
00000080 a0 fd 7d eb e6 cd 16 cd 19 00 00 00 00 00 00 00 |..}.............|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 0d 0a 52 65 6d 6f 76 65 20 64 69 73 6b 73 20 6f |..Remove disks o|
00000110 72 20 6f 74 68 65 72 20 6d 65 64 69 61 2e ff 0d |r other media...|
00000120 0a 44 69 73 6b 20 65 72 72 6f 72 ff 0d 0a 50 72 |.Disk error...Pr|
00000130 65 73 73 20 61 6e 79 20 6b 65 79 20 74 6f 20 72 |ess any key to r|
00000140 65 73 74 61 72 74 0d 0a 00 00 00 00 00 00 00 00 |estart..........|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000190 00 00 00 00 00 00 00 00 0e 06 80 b5 8a 77 57 40 |.............wW@|
000001a0 b3 9a e3 df 8e 81 b1 a1 3b d6 67 49 29 2e d8 4a |........;.gI)..J|
000001b0 83 99 f6 a3 39 e3 d0 01 00 10 10 02 00 00 00 00 |....9...........|
000001c0 00 50 bc 08 00 00 00 00 00 90 68 0f 00 00 00 00 |.P........h.....|
000001d0 72 53 76 44 02 00 00 00 00 00 78 78 78 78 78 78 |rSvD......xxxxxx|
000001e0 78 78 78 78 78 78 78 78 ff ff ff ff ff ff ff ff |xxxxxxxx........|
000001f0 ff ff ff ff ff ff ff ff ff ff ff 00 1f 2c 55 aa |.............,U.|00000c00 eb 58 90 4d 53 57 49 4e 34 2e 31 00 02 10 2f 00 |.X.MSWIN4.1.../.|
00000c10 01 00 00 00 00 f8 00 00 3f 00 ff 00 00 00 00 00 |........?.......|
00000c20 00 07 1e 00 c1 03 00 00 00 00 00 00 02 00 00 00 |................|
00000c30 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000c40 80 00 29 e1 4a b4 5b 4e 4f 20 4e 41 4d 45 20 20 |..).J.[NO NAME |
00000c50 20 20 46 41 54 33 32 20 20 20 33 c9 8e d1 bc f4 | FAT32 3.....|
00000c60 7b 8e c1 8e d9 bd 00 7c a0 fb 7d b4 7d 8b f0 ac |{......|..}.}...|
00000c70 98 40 74 0c 48 74 0e b4 0e bb 07 00 cd 10 eb ef |.@t.Ht..........|
00000c80 a0 fd 7d eb e6 cd 16 cd 19 00 00 00 00 00 00 00 |..}.............|
00000c90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000ca0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000cb0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000cc0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000cd0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000ce0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000cf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000d00 0d 0a 52 65 6d 6f 76 65 20 64 69 73 6b 73 20 6f |..Remove disks o|
00000d10 72 20 6f 74 68 65 72 20 6d 65 64 69 61 2e ff 0d |r other media...|
00000d20 0a 44 69 73 6b 20 65 72 72 6f 72 ff 0d 0a 50 72 |.Disk error...Pr|
00000d30 65 73 73 20 61 6e 79 20 6b 65 79 20 74 6f 20 72 |ess any key to r|
00000d40 65 73 74 61 72 74 0d 0a 00 00 00 00 00 00 00 00 |estart..........|
00000d50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000d60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000d70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000d80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000d90 00 00 00 00 00 00 00 00 0e 06 80 b5 8a 77 57 40 |.............wW@|
00000da0 b3 9a e3 df 8e 81 b1 a1 78 78 78 78 78 78 78 78 |........xxxxxxxx|
00000db0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 |xxxxxxxxxxxxxxxx|
00000dc0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 |xxxxxxxxxxxxxxxx|
00000dd0 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 78 |xxxxxxxxxxxxxxxx|
00000de0 78 78 78 78 78 78 78 78 ff ff ff ff ff ff ff ff |xxxxxxxx........|
00000df0 ff ff ff ff ff ff ff ff ff ff ff 00 1f 2c 55 aa |.............,U.|现在遇到了新的问题
joachimmetz
commented
5 years ago So the boot entry point and signature of your volume do match that of do BitLocker ToGo (https://github.com/libyal/libbde/blob/master/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc#43-bitlocker-to-go)
And there is a BitLocker ToGO identifier:
000001a0 3b d6 67 49 29 2e d8 4a |........;.gI)..J|
000001b0 83 99 f6 a3 39 e3 d0 01 |....9...........|现在遇到了新的问题
Not entirely sure what your new problem is, seeing I cannot read the screenshot (and Google translate is of no help there).
So bdemount will expose the volume as "virtual raw device". You'll have to mount that device to expose the file system within. Also see: https://github.com/libyal/libbde/wiki/Mounting
ly20180228
commented
5 years ago root@l:/home/l/下载/libbde-alpha-20180806/libbde-20180806/bdetools# ./bdemount -p 88888888 /dev/sdb4 /mnt/bdevolume/ bdemount 20180806
root@l:/home/l/下载/libbde-alpha-20180806/libbde-20180806/bdetools#
bdemount 并没有提示什么错误,但是没有看到 bde1,所以无法继续下一步操作
bdemount -r 599907-126192-034078-378543-435050-262383-683309-100661 /dev/sda2 /mnt/bdevolume/ 之后是我截图中这样的结果吗? config.log
joachimmetz
commented
5 years ago This looks correct. The next step is to mount the file system in bdevolume
ly20180228
commented
5 years ago I didn't see “bde1” before, so I think maybe I was wrong in other steps, but now it seems to be ok. I'm very excited to see the successful mounting for the first time.Thank you very much for your contribution to "libbde". This is a very great project! Next, I will continue to learn about "FKEV". Thanks again!
之前没看到"bde1",以为自己哪个步骤是错误的,现在看来是没问题的。第一次看到挂载成功,非常激动,非常感谢您“libbde”的贡献,这是非常伟大的项目! 下一步,我将继续学习“FKEV” 相关知识,再次感谢!
root@1:/home/l/桌面# bdeinfo -p 88888888 /media/l/5BB4-4AE1 bdeinfo 20170902
Unable to open: /media/l/5BB4-4AE1. libcfile_file_read_buffer_with_error_code: unable to read from file with error: Is a directory libcfile_file_read_buffer: unable to read from file. libbfio_file_read: unable to read from file: /media/l/5BB4-4AE1. libbfio_file_range_read: unable to read from file IO handle. libbfio_handle_read_buffer: unable to read from handle. libbde_io_handle_read_volume_header: unable to read volume header data. libbde_volume_open_read: unable to read volume header. libbde_volume_open_file_io_handle: unable to read from file IO handle. info_handle_open_input: unable to open input volume. root@1:/home/l/桌面# bdeinfo -p 88888888 /dev/sda1 bdeinfo 20170902
Unable to open: /dev/sda1. libbde_io_handle_read_volume_header: unsupported volume boot entry point. libbde_volume_open_read: unable to read volume header. libbde_volume_open_file_io_handle: unable to read from file IO handle. info_handle_open_input: unable to open input volume. root@1:/home/l/桌面#