FVE metadata entry version is not 1

[BaoMaoRen]

Hi, Excuse me, I have a question： when running program, it prompts me “unable to read from file IO handle”. then I find that The version of FVE metadata entry is 3 by debugging code. Is this version not supported？ thanks.

[joachimmetz]

Can you provide the full error back trace. Also can you indicate which version libbde you are using

[BaoMaoRen]

the libbde version is 20190701.

libbde_metadata_entry_read: unsupported FVE metadata entry version. libbde_metadata_read_entries_data: unable to read metadata entry. libbde_metadata_read_entries_file_io_handle: unable to read metadata entries. libbde_metadata_read_block: unable to read metadata entries. libbde_volume_open_read: unable to read primary metadata block. libbde_volume_open_file_io_handle: unable to read from file IO handle.

[joachimmetz]

Since that is a release after https://github.com/libyal/libbde/commit/3c6d9d7134f62f09022c2d73a6eae3bf068eb4dc I would be interested in the debug output. The error message is a safe guard against unsupported format versions. Version 3 is currently not know to the project.

Also see https://github.com/libyal/libbde/blob/master/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc#512-fve-metadata-block-header-version-2--windows-7-and-later

[BaoMaoRen]

I've read the documents，I think your work is very good。

[joachimmetz]

Let me be more explicit. Can you provide me with the debug output. So I can have a look to see what is different in version 3.

[BaoMaoRen]

OK, but it's not convenient for me now. Can I have tomorrow。

[joachimmetz]

Thx for the heads up. No hurry, that works for me.

[BaoMaoRen]

stream_log.zip this is debug out.

[BaoMaoRen]

hi, excuse me i have a questions for you : first, i want to compile dynamic libraries of libbde in msys2 , but Only static libraries are generated my gcc is: vserion:9.3.0 target:x86_64-pc-msys configuration:/msysdev/gcc/src/gcc-9.3.0/configure --build=x86_64-pc-msys --prefix=/usr --libexecdir=/usr/lib --enable-bootstrap --enable-shared --enable-shared-libgcc --enable-static --enable-version-specific-runtime-libs --with-arch=x86-64 --with-tune=generic --disable-multilib --enable-__cxa_atexit --with-dwarf2 --enable-languages=c,c++,fortran,lto --enable-graphite --enable-threads=posix --enable-libatomic --enable-libgomp --disable-libitm --enable-libquadmath --enable-libquadmath-support --disable-libssp --disable-win32-registry --disable-symvers --with-gnu-ld --with-gnu-as --disable-isl-version-check --enable-checking=release --without-libiconv-prefix --without-libintl-prefix --with-system-zlib --enable-linker-build-id --with-default-libstdcxx-abi=gcc4-compatible --enable-libstdcxx-filesystem-ts

[mirh]

If metadata entry is 3, then this is a duplicate of #20?

[joachimmetz]

looks like it could be a duplicate

libbde_metadata_entry_read: FVE metadata entry:
00000000: a0 00 02 00 08 00 03 00                            ........

libbde_metadata_entry_read: entry size                                  : 160
libbde_metadata_entry_read: entry type                                  : 0x0002 (Volume master key (VMK))
libbde_metadata_entry_read: value type                                  : 0x0008 (Volume master key)
libbde_metadata_entry_read: version                                     : 3

[joachimmetz]

I'll close this out in favor of https://github.com/libyal/libbde/issues/20 and see if there is a way to reproduce this with https://github.com/dfirlabs/bde-specimens