Closed BernhardEriksson closed 2 years ago
thx for the report, unfortunately my time is very limited at the moment, however I'll have a look as soon as time permits.
libfvde_volume_open_read: physical volume size : 250140434432
libfvde_volume_open_read: logical volume offset : 0x00060000
libfvde_volume_open_read: logical volume size : 131072
libfvde_encrypted_metadata_read_type_0x0305: number of entries : 14
libfvde_encrypted_metadata_read_type_0x0305: unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 logical block number : 0
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 number of blocks : 32
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown3 : 0x00400000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown4 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown5 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 physical block number : 96
libfvde_encrypted_metadata_read_type_0x0305: entry: 000 unknown6 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 unknown1 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 logical block number : 32
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 number of blocks : 96
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 unknown3 : 0x00400000
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 unknown4 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 unknown5 : 0x00000000
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 physical block number : 67808
libfvde_encrypted_metadata_read_type_0x0305: entry: 001 unknown6 : 0x00000000
So looks like a multi extent logical volume. Closing this issue in favor of https://github.com/libyal/libfvde/issues/2
I've got an OS drive (m.2) that I need to access. I do not know exactly which version of macOS that is installed on it. However I can not mount it. I took out the EncryptedRoot.plist.wipekey per instructions in the wiki.
fvdemount -e EncryptedRoot.plist.wipekey -r 35AJ-AC98-TI1H-N4M3-HDUQ-UQFG /dev/sdb2 /mnt/fvdevolume/
fvdemount 20190104
Unable to open source volume libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property. libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve passphrase wrapped KEK: 1 from encryption context plist. libfvde_volume_open_read_keys_from_encrypted_metadata: unable to retrieve volume master key from encrypted metadata. libfvde_volume_open_read: unable to read keys from primary encrypted metadata. libfvde_volume_open_file_io_handle: unable to read from file IO handle. mount_handle_open: unable to open volume.
And fvdeinfo
fvdeinfo /dev/sdb2
fvdeinfo 20190104 Unable to unlock keys.
I've attached the output from a verbose run (after recompiling with it turned on). outputfvdeinfo.txt