Closed lcfut closed 5 years ago
bdemount 20181124
please use the latest version of libbde and tools, you could be running into an issue that has been fixed a while ago
what does bdeinfo -r 12345-12345-12345-12345-12345-12345-12345-12345 -o 1026555904 ditto-file.001
tell you?
I pulled down the latest "alpha" release as you suggested and it fails to compile.
[lsierra@usdsglxp0066 libbde-20190701]$ ./configure
./configure: line 16: $'\r': command not found
./configure: line 31: syntax error near unexpected token newline' '/configure: line 31:
;;
[lsierra@usdsglxp0066 libbde-20190701]$
did you download a copy of the source in git or a source distribution package? https://github.com/libyal/libbde/wiki/Building#read-first likely clarifies the issue you are running into.
You need to download libbde-alpha-20190701.tar.gz
OK - this is not the first time I have installed something.
I just tested with libbde-alpha-20190701.tar.gz and it works for me, so presumably something is different in your build environment. Could you attach config.log
with GCC Section
are you referring to the error ./configure: line 16: $'\r': command not found
?
this sounds to me as \n (LF) was changed to \r\n (CRLF) in the configure script?
No. when i say "GCC Section" I am referring to the heading on the github page. Specifically called - "Using GNU Compiler Collection (GCC)"
And the error is what I get when I run the "./configure" command. There is no "config.log" in the folder after running it.
Could you tell me how you Unpacked the file
since line 16 of configure is empty, seeing the error I think the way you extracted converted the line ends
no update from original reporter, assuming issue got resolved on their end.
Same problem here...
bdemount -o $((512*1261568)) -r XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX /mnt/image.dd /mnt2
bdemount 20200816
Unable to unlock source volume
bdeinfo -r XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX -o 645922816 /mnt/image.dd
bdeinfo 20200816
BitLocker Drive Encryption information:
Encryption method : AES-XTS 128-bit
Volume identifier : <id removed>
Creation time : Oct 22, 2019 11:23:44.94036781 UTC
Description : ABCDEFG C: 22/10/2019
Number of key protectors : 9
Key protector 0:
Identifier : <id removed>
Type : Recovery password
Key protector 1:
Identifier : <id removed>
Type : TPM
Key protector 2:
Identifier : <id removed>
Type : Recovery password
Key protector 3:
Identifier : <id removed>
Type : Recovery password
Key protector 4:
Identifier : <id removed>
Type : Recovery password
Key protector 5:
Identifier : <id removed>
Type : Recovery password
Key protector 6:
Identifier : <id removed>
Type : Recovery password
Key protector 7:
Identifier : <id removed>
Type : Recovery password
Key protector 8:
Identifier : <id removed>
Type : Recovery password
Unable to unlock volume.
@zara86 can you provide me with debug output, https://github.com/libyal/libbde/wiki/Troubleshooting#verbose-and-debug-output. Want to see what happens with the multiple recovery passwords for your image
Sorry for the delay. I try to made what you ask, I hope it can help. bdeinfo_stderr.zip
@zara86 thx having a look as soon as time permits
Note to self create image with multiple recovery passwords with https://github.com/dfirlabs/bde-specimens
System is RHEL 7.6 Security Profile - USGCB/STIG FIPS Enabled
Installed libebde-tools and dependencies from CERT Forensics Repo
Completed DD image - output file is FILENAME.001 issuing command below returns the following error data has been sanitized for posting purposes, the actual recovery key was used.
[root@hostname]# bdemount -r 12345-12345-12345-12345-12345-12345-12345-12345 -o 1026555904 ditto-file.001 /mnt/windows_mount/ bdemount 20181124
Unable to unlock volume. [root@hostname]#
There was no error during the "yum install libbde-tools" process. If I use the same recovery key on Win10 - the image file is decrypted without error.