Closed dwhickox closed 2 years ago
joachimmetz
commented
6 years ago Could be that the FVDE format is not fully supported. Could you send me debug output. Also see: https://github.com/libyal/libfvde/wiki/Troubleshooting#verbose-and-debug-output
funky-manky
commented
6 years ago The same problem as @dwhickox Full disk have been encrypted on macOS version 10.13 High Sierra. I'll try to send you debug output tooday.
funky-manky
commented
6 years ago Here is debug output. debug.txt
And another one. debug 2.txt
joachimmetz
commented
6 years ago @funky-manky thanks I'll have a look as soon as time permits.
rptnscz
commented
5 years ago Unfortunately, I have to report the same problem. Debug output attached. Thank you very much for looking into this, it is much appreciated.. fvdeinfo_master.log
funky-manky
commented
5 years ago Unfortunately the same problem even with a 20190104 release =(( The only hope is you @joachimmetz...
rptnscz
commented
5 years ago No sure if it is clue, but error message have changed in the latest version: fvdemount 20181008: Unable to unlock keys.
fvdemount 20190104: Unable to unlock source volume
funky-manky
commented
3 years ago The latest 20210425 version has the new message after the command - fvdeinfo -o ....... : "The source volume is locked and a password is needed to unlock it."
joachimmetz
commented
2 years ago Here is debug output. debug.txt
libfvde_volume_open_read: physical volume size : 120473067520
libfvde_volume_open_read: logical volume offset : 0x10000000
libfvde_volume_open_read: logical volume size : 120137519104libfvde_encrypted_metadata_read_type_0x0305: number of entries : 1
libfvde_encrypted_metadata_read_type_0x0305: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 number of blocks : 29330449
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown3 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown4 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown5 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 physical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown6 : 0x00000000libfvde_encrypted_metadata_read_type_0x0405: number of entries : 9
libfvde_encrypted_metadata_read_type_0x0405: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 physical block number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 number of blocks : 29330449
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 data type : 0x00000009
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 copy number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 physical block number : 29330449
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 number of blocks : 65536
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 data type : 0x00000009
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 copy number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 logical block number : -2unclear what logical block number : -2 represents
libfvde_encrypted_metadata_read_type_0x0505: number of entries : 1
libfvde_encrypted_metadata_read_type_0x0505: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0505: entry: 000 number of blocks : 29330449
libfvde_encrypted_metadata_read_type_0x0505: entry: 000 block number : 65536unclear why 0x0505 points to physical volume block 65536 while 0x0305 and 0x0405 seems to point to physical volume block 0
joachimmetz
commented
2 years ago And another one. debug 2.txt
Looks very similar to debug.txt
joachimmetz
commented
2 years ago fvdeinfo_master.log
libfvde_volume_open_read: physical volume size : 250140319744
libfvde_volume_open_read: logical volume offset : 0x008c0000
libfvde_volume_open_read: logical volume size : 131072libfvde_encrypted_metadata_read_type_0x0305: number of entries : 71
libfvde_encrypted_metadata_read_type_0x0305: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 number of blocks : 32
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown3 : 0x00400000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown4 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown5 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 physical block number : 2240
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown6 : 0x00000000libfvde_encrypted_metadata_read_type_0x0405: entry: 013 physical block number : 2240
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 number of blocks : 32
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 data type : 0x00000009
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 copy number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 logical block number : 0has no 0x0505 block
Looks like a different issue, offset looks correct but decryption does not. Unable to tell more without the actual data.
joachimmetz
commented
2 years ago For debug.txt and debug.2.txt WIP to add better support for logical volume offsets handling. Closing in favor of https://github.com/libyal/libfvde/issues/54
This is what I am trying ant like other it does not work, sorry if I'm clueless and doing something stupid root@kali:~# sudo fvdemount -p "mypass" /dev/sdd2 /mnt/fvde/
fvdemount 20180108
Unable to unlock keys.