joachimmetz
commented
5 years ago I'll have a look as soon a time permits. Note that this project is considered experimental.
Closed tiago972 closed 2 years ago
joachimmetz
commented
5 years ago I'll have a look as soon a time permits. Note that this project is considered experimental.
tiago972
commented
5 years ago Okay thank you
V0oDoo
commented
5 years ago I'm bumping into the same issue.
Version: fvdemount 20190122
Made a image of the entire Macbook Air disk with dd.
libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property.
libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve passphrase wrapped KEK: 1 from encryption context plist.
libfvde_volume_open_read_keys_from_encrypted_metadata: unable to retrieve volume master key from encrypted metadata.
libfvde_volume_open_read: unable to read keys from primary encrypted metadata.
libfvde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.Hi! I know this is your freetime project, but any news regarding this issue? @joachimmetz
joachimmetz
commented
5 years ago Unfortunately no, I did not have the time to work on this yet.
joachimmetz
commented
2 years ago This should have been addressed in https://github.com/libyal/libfvde/commit/d86baf84e84cd98433c1a5a6dd0d1a84ce07e24d. Closing issue.
Hello everyone, I'm trying to use libfvde but I've encountered several problems: initialy, I had a couple of error starting with libfvalue_utf8_string_with_index_copy_to_integer: unsupported character value: 0x78 at index: 1. which was resolved by adding the code given in this post https://github.com/libyal/libfvde/issues/36.
However, it still doesn't work; here is the command line used and their results sudo mmls /dev/sda GUID Partition Table (EFI) Offset Sector: 0 Units are in 512-byte sectors
000: Meta 0000000000 0000000000 0000000001 Safety Table 001: ------- 0000000000 0000000039 0000000040 Unallocated 002: Meta 0000000001 0000000001 0000000001 GPT Header 003: Meta 0000000002 0000000033 0000000032 Partition Table 004: 000 0000000040 0000409639 0000409600 EFI System Partition 005: 001 0000409640 0488965175 0488555536 Customer 006: 002 0488965176 0490234711 0001269536 Recovery HD 007: ------- 0490234712 0490234751 0000000040 Unallocated
sudo fls -r -o 488965176 /dev/sda | grep -i encryptedroot +++++ r/r 3597: EncryptedRoot.plist.wipekey
sudo icat -o 488965176 /dev/sda 3597 > EncryptedRoot.plist.wipekey
sudo fvdemount -e EncryptedRoot.plist.wipekey -p 'PASSWD' /dev/sda2 test/fvdevolume
Unable to open: /dev/sda2. libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property. libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve passphrase wrapped KEK: 1 from encryption context plist. libfvde_volume_open_read_keys_from_encrypted_metadata: unable to retrieve volume master key from encrypted metadata. libfvde_volume_open_read: unable to read keys from primary encrypted metadata. libfvde_volume_open_file_io_handle: unable to read from file IO handle. mount_handle_open_input: unable to open input volume.
You can find attached the log of the verbose/debug mode : log_verbose.txt
I'm currently on 4.18.7-arch1-1-ARCH, the password used in for the program is certain. The drive was encrypted using filevault2 on Sierra 10.12.6 => source of the problem?
Thank you for your help, Tiago