joachimmetz
commented
3 years ago I see you are using libbde version 20190102 can you try the latest version
Closed AmNe5iA closed 3 years ago
joachimmetz
commented
3 years ago I see you are using libbde version 20190102 can you try the latest version
AmNe5iA
commented
3 years ago $ bdeinfo bitlockerXTS256.001
bdeinfo 20210324
BitLocker Drive Encryption information:
Volume identifier : f8475fb2-7412-4e4d-8c7a-59149808f3f1
Encryption method : AES-XTS 256-bit
Creation time : Mar 26, 2021 13:29:19.015861500 UTC
Description : WINDOZE10 C: 26/03/2021
Number of key protectors : 2
Is locked
Key protector 0:
Identifier : 08e27b20-ed28-4434-b397-eec669f875e6
Type : Password
Key protector 1:
Identifier : c94cde1b-cead-4f38-9cc8-2d40137a16cc
Type : Recovery password
Unable to unlock volume.
$ sudo bdemount -k 66e8ff9c9b431620f435d353c82cede23018a6f6a8235bb349bc02807bd41842:4931a99459a5ace97cdd9df4344659c200c93294340ae3c1118f2a11782e555a bitlockerXTS256.001 /mnt
[sudo] password for user:
bdemount 20210324
Unable to open source volume
libbde_io_handle_read_unencrypted_volume_header: unable to determine volume size.
libbde_volume_open_read: unable to read unencrypted volume header.
libbde_volume_open_file_io_handle: unable to read from file IO handle.
mount_handle_open: unable to open volume.
$ sudo bdemount -k 66e8ff9c9b431620f435d353c82cede23018a6f6a8235bb349bc02807bd418424931a99459a5ace97cdd9df4344659c200c93294340ae3c1118f2a11782e555a bitlockerXTS256.001 /mnt
bdemount 20210324
Unable to open source volume
libbde_io_handle_read_unencrypted_volume_header: unable to determine volume size.
libbde_volume_open_read: unable to read unencrypted volume header.
libbde_volume_open_file_io_handle: unable to read from file IO handle.
mount_handle_open: unable to open volume.
$No longer getting that error.
Thanks.
Now I guess I just need to find the correct AES keys...
AmNe5iA
commented
3 years ago Sorry. but should i be using a ":" between the keys or not?
With CBC128 and CBC256 I seen to need to, filling the far side of the ":" with the correct number of zeros but not with XTS128.
I still can't tell with XTS256.
joachimmetz
commented
3 years ago having a look, maybe the set keys API does not support the 512-bit FVEK yet It should be a single key, ":" is used for the Elephant tweak key only
joachimmetz
commented
3 years ago Give the changes in https://github.com/libyal/libbde/commit/894220891efab7d6407b6e9c3fe19b8031770e97 a try
AmNe5iA
commented
3 years ago Seems to be working now:
$ sudo bdeinfo /dev/mapper/loop0p2
bdeinfo 20210324
BitLocker Drive Encryption information:
Volume identifier : 64809627-f4f0-4709-a672-009bacd7fbb7
Encryption method : AES-XTS 256-bit
Creation time : Mar 26, 2021 20:06:41.149103200 UTC
Description : WINDOZE10 C: 26/03/2021
Number of key protectors : 2
Is locked
Key protector 0:
Identifier : 68217c68-27a6-4345-973c-876c1fcf7a04
Type : Password
Key protector 1:
Identifier : 1fd72fd8-a2f7-4ff8-af8e-45fc5bbf9f74
Type : Recovery password
Unable to unlock volume.
$ sudo bdemount -k 16895937f952ad55810559956296db56723546a541f22b2fd2e35fb41c1d3e95799dd9b2b0658ebb37a34b3980da1136cf6054d42971fc30357a7943f65cde51 /dev/mapper/loop0p2 /mnt
bdemount 20210324
$ sudo ls /mnt
bde1
$ sudo head /mnt/bde1|xxd
00000000: eb52 904e 5446 5320 2020 2000 0208 0000 .R.NTFS .....
00000010: 0000 0000 00f8 0000 3f00 ff00 0098 0100 ........?.......
00000020: 0000 0000 8000 8000 537f ee04 0000 0000 ........S.......
00000030: 0000 0c00 0000 0000 0200 0000 0000 0000 ................
00000040: f600 0000 0100 0000 f078 5286 ab52 8628 .........xR..R.(
00000050: 0000 0000 fa33 c08e d0bc 007c fb68 c007 .....3.....|.h..
00000060: 1f1e 6866 00cb 8816 0e00 6681 3e03 004e ..hf......f.>..N
00000070: 5446 5375 15b4 41bb aa55 cd13 720c 81fb TFSu..A..U..r...
00000080: 55aa 7506 f7c1 0100 7503 e9dd 001e 83ec U.u.....u.......
00000090: 1868 1a00 b448 8a16 0e00 8bf4 161f cd13 .h...H..........
000000a0: 9f83 c418 9e58 1f72 e13b 060b 0075 dba3 .....X.r.;...u..
000000b0: 0f00 c12e 0f00 041e 5a33 dbb9 0020 2bc8 ........Z3... +.
000000c0: 66ff 0611 0003 160f 008e c2ff 0616 00e8 f...............
000000d0: 4b00 2bc8 77ef b800 bbcd 1a66 23c0 752d K.+.w......f#.u-
000000e0: 6681 fb54 4350 4175 2481 f902 0172 1e16 f..TCPAu$....r..
000000f0: 6807 bb16 6852 1116 6809 0066 5366 5366 h...hR..h..fSfSf
00000100: 5516 1616 68b8 0166 610e 07cd 1a33 c0bf U...h..fa....3..
00000110: 0a13 b9f6 0cfc f3aa e9fe 0190 9066 601e .............f`.
00000120: 0666 a111 0066 0306 1c00 1e66 6800 0000 .f...f.....fh...
00000130: 0066 5006 5368 0100 6810 00b4 428a 160e .fP.Sh..h...B...
00000140: 0016 1f8b f4cd 1366 595b 5a66 5966 591f .......fY[ZfYfY.
00000150: 0f82 1600 66ff 0611 0003 160f 008e c2ff ....f...........
00000160: 0e16 0075 bc07 1f66 61c3 a1f6 01e8 0900 ...u...fa.......
00000170: a1fa 01e8 0300 f4eb fd8b f0ac 3c00 7409 ............<.t.
00000180: b40e bb07 00cd 10eb f2c3 0d0a 4120 6469 ............A di
00000190: 736b 2072 6561 6420 6572 726f 7220 6f63 sk read error oc
000001a0: 6375 7272 6564 000d 0a42 4f4f 544d 4752 curred...BOOTMGR
000001b0: 2069 7320 636f 6d70 7265 7373 6564 000d is compressed..
000001c0: 0a50 7265 7373 2043 7472 6c2b 416c 742b .Press Ctrl+Alt+
000001d0: 4465 6c20 746f 2072 6573 7461 7274 0d0a Del to restart..
000001e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
000001f0: 0000 0000 0000 8a01 a701 bf01 0000 55aa ..............U.Thanks for the quick response.
joachimmetz
commented
3 years ago Good to hear, I'll close the issue and do a new alpha release.
So with XTS128 it appears to work correctly. I can concatenate two 128bit keys together to create a 256 bit key expected for XTS type encryption. (strangely it only works when the ":" that separates the FVEK:TWEAK keys is missing.)
but if I try the same with XTS256 it reports invalid tweak key value too small.
examples:
Is this a fault with libbde or user error?