Closed wefner closed 1 year ago
Hello, I have been having the same kind of issue: fvde2john (v20180108) running on Kali Linux 2020.4) It seems that libfvde is not able to read the proper volume start offset.
I am not sure of the target MacOS version (could it be derived from the "com.apple.boot.P/System/Library/Caches/com.apple.corestorage/EncryptedRoot.plist.wipekey" path ?)
Here is a debug trace attached (if it can help).
Does anyone know if running under OSX (Catalina in my case) could help ?
If anyone has an idea on what to try next, that would be a huge help.
My use case is just to retrieve the volume hash so that I can brute force the password (I should be able to generate a good enough password list because I have a pretty good idea of what the password should be). debug.txt.zip
Based on debug.txt.zip
libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property.
libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve passphrase wrapped KEK: 0 from encryption context plist.
libfvde_volume_open_read_keys_from_encrypted_metadata: unable to retrieve volume master key from encrypted metadata.
libfvde_volume_open_read: unable to read keys from primary encrypted metadata.
libfvde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.
Looks like this could be related to the XML plist processing. Marking as needs a closer look
My use case is just to retrieve the volume hash so that I can brute force the password (I should be able to generate a good enough password list because I have a pretty good idea of what the password should be). debug.txt.zip
looks like an old version of libfvde 20180108 more recent versions will skip entries with a missing PassphraseWrappedKEKStruct.
Insufficient information to address original reported issue, closing.
Hi there,
I am using pre-release version libfvde-20160918 on Ubuntu 16.04 and I am hitting this error when trying to mount encrypted HFS. I am describing the commands I am issuing and the according error.
Thanks for taking your time on this experimental tool.