Closed dwhickox closed 2 years ago
Could be that the FVDE format is not fully supported. Could you send me debug output. Also see: https://github.com/libyal/libfvde/wiki/Troubleshooting#verbose-and-debug-output
The same problem as @dwhickox Full disk have been encrypted on macOS version 10.13 High Sierra. I'll try to send you debug output tooday.
Here is debug output. debug.txt
And another one. debug 2.txt
@funky-manky thanks I'll have a look as soon as time permits.
Unfortunately, I have to report the same problem. Debug output attached. Thank you very much for looking into this, it is much appreciated.. fvdeinfo_master.log
Unfortunately the same problem even with a 20190104 release =(( The only hope is you @joachimmetz...
No sure if it is clue, but error message have changed in the latest version: fvdemount 20181008: Unable to unlock keys.
fvdemount 20190104: Unable to unlock source volume
The latest 20210425 version has the new message after the command - fvdeinfo -o ....... : "The source volume is locked and a password is needed to unlock it."
Here is debug output. debug.txt
libfvde_volume_open_read: physical volume size : 120473067520
libfvde_volume_open_read: logical volume offset : 0x10000000
libfvde_volume_open_read: logical volume size : 120137519104
libfvde_encrypted_metadata_read_type_0x0305: number of entries : 1
libfvde_encrypted_metadata_read_type_0x0305: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 number of blocks : 29330449
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown3 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown4 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown5 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 physical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown6 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: number of entries : 9
libfvde_encrypted_metadata_read_type_0x0405: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 physical block number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 number of blocks : 29330449
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 data type : 0x00000009
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 copy number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 physical block number : 29330449
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 number of blocks : 65536
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 data type : 0x00000009
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 copy number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 001 logical block number : -2
unclear what logical block number : -2
represents
libfvde_encrypted_metadata_read_type_0x0505: number of entries : 1
libfvde_encrypted_metadata_read_type_0x0505: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0505: entry: 000 number of blocks : 29330449
libfvde_encrypted_metadata_read_type_0x0505: entry: 000 block number : 65536
unclear why 0x0505 points to physical volume block 65536 while 0x0305 and 0x0405 seems to point to physical volume block 0
And another one. debug 2.txt
Looks very similar to debug.txt
fvdeinfo_master.log
libfvde_volume_open_read: physical volume size : 250140319744
libfvde_volume_open_read: logical volume offset : 0x008c0000
libfvde_volume_open_read: logical volume size : 131072
libfvde_encrypted_metadata_read_type_0x0305: number of entries : 71
libfvde_encrypted_metadata_read_type_0x0305: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 number of blocks : 32
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown3 : 0x00400000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown4 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown5 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 physical block number : 2240
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown6 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 physical block number : 2240
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 number of blocks : 32
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 data type : 0x00000009
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 copy number : 0
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0405: entry: 013 logical block number : 0
has no 0x0505 block
Looks like a different issue, offset looks correct but decryption does not. Unable to tell more without the actual data.
For debug.txt and debug.2.txt WIP to add better support for logical volume offsets handling. Closing in favor of https://github.com/libyal/libfvde/issues/54
This is what I am trying ant like other it does not work, sorry if I'm clueless and doing something stupid root@kali:~# sudo fvdemount -p "mypass" /dev/sdd2 /mnt/fvde/
fvdemount 20180108
Unable to unlock keys.