libfvde_encrypted_metadata_read_type_0x001a: unable to retrieve XML key element

[saizai]

# mmls /dev/sda
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors

     Slot    Start        End          Length       Description
00:  Meta    0000000000   0000000000   0000000001   Safety Table
01:  -----   0000000000   0000000039   0000000040   Unallocated
02:  Meta    0000000001   0000000001   0000000001   GPT Header
03:  Meta    0000000002   0000000033   0000000032   Partition Table
04:  00      0000000040   0000409639   0000409600   EFI system partition
05:  01      0000409640   0196646095   0196236456   Hummingbird
06:  02      0196646096   0197915631   0001269536   Recovery HD
07:  -----   0197915632   0197916671   0000001040   Unallocated
08:  03      0197916672   0236976127   0039059456   BOOTCAMP
09:  -----   0236976128   0236978175   0000002048   Unallocated
# fls -r -o 196646096 /dev/sda | grep -i EncryptedRoot
+++++ r/r 10565:    EncryptedRoot.plist.wipekey
# icat -o 196646096 /dev/sda 10565 > EncryptedRoot.plist.wipekey
# fvdemount -e EncryptedRoot.plist.wipekey -p 'Foo bar' /dev/sda2 /media/osx2/
fvdemount 20140907

Unable to open: /dev/sda2.
libfvde_encrypted_metadata_read_type_0x001a: unable to retrieve XML key element.
libfvde_encrypted_metadata_read: unable to read metadata block type 0x001a.
libfvde_volume_open_read: unable to read primary encrypted metadata.
libfvde_volume_open_file_io_handle: unable to read from volume handle.
mount_handle_open_input: unable to open input volume.

[joachimmetz]

Which version of libfvde are you using?

[joachimmetz]

Similar issue in: https://github.com/libyal/libfvde/issues/5

[saizai]

libfvde-experimental-20140907

(ETA: that info is on the log line right after the fvdemount invocation BTW…)

[onesandzero]

I'm experiencing the same problem, has anyone found a solution? Or am I just doing something wrong? I really appreciate any help :) Thanks

# mmls /dev/sdb
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors

     Slot    Start        End          Length       Description
00:  Meta    0000000000   0000000000   0000000001   Safety Table
01:  -----   0000000000   0000000039   0000000040   Unallocated
02:  Meta    0000000001   0000000001   0000000001   GPT Header
03:  Meta    0000000002   0000000033   0000000032   Partition Table
04:  00      0000000040   0000409639   0000409600   EFI System Partition
05:  01      0000409640   0233172071   0232762432   Main
06:  02      0233172072   0234441607   0001269536   Recovery HD
07:  -----   0234441608   0234441647   0000000040   Unallocated
# fls -r -o 233172072 /dev/sdb | grep EncryptedR
+++++ r/r 613:  EncryptedRoot.plist.wipekey
# icat -o 233172072 /dev/sdb 613 > EncryptedRoot.plist.wipekey 
# fvdemount -e EncryptedRoot.plist.wipekey -p superdoc /dev/sdb2 /mnt/fvdevolume/
fvdemount 20140907

Unable to open: /dev/sdb2.
libfvde_encrypted_metadata_read_type_0x001a: unable to retrieve XML key element.
libfvde_encrypted_metadata_read: unable to read metadata block type 0x001a.
libfvde_volume_open_read: unable to read primary encrypted metadata.
libfvde_volume_open_file_io_handle: unable to read from volume handle.
mount_handle_open_input: unable to open input volume.
#

[joachimmetz]

I opt to try the version in git

[onesandzero]

@joachimmetz , Thanks! :smiley:

The version that i was using was originally built with the latest stable build, but once it was rebuilt using the most recent version it successfully mounted as a raw device fvde1. Unfortunately I was unable to mount it to a readable format using the mount command. It required that I specify the filesystem type. I attempted hfs, hfsplus, and ntfs, but alas, I was unsuccessful. Any other advice/hints? Thanks for your help :smile:

# fvdemount -e EncryptedRoot.plist.wipekey -p superdoc /dev/sdb2 /mnt/fvdevolume
fvdemount 20150222

# mount -o loop,ro /mnt/fvdevolume/fvde1 /mnt/fvdemount/
mount: you must specify the filesystem type

# mount -o loop,ro /mnt/fvdevolume/fvde1 /mnt/fvdemount/ -t hfsplus
mount: wrong fs type, bad option, bad superblock on /dev/loop1,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

# mount -o loop,ro /mnt/fvdevolume/fvde1 /mnt/fvdemount/ -t hfs
mount: wrong fs type, bad option, bad superblock on /dev/loop1,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

# mount -o loop,ro /mnt/fvdevolume/fvde1 /mnt/fvdemount/ -t hpfs
mount: unknown filesystem type 'hpfs'

# mount -o ro,loop /mnt/fvdevolume/fvde1 /mnt/fvdemount/ -t ntfs
NTFS signature is missing.
Failed to mount '/dev/loop1': Invalid argument
The device '/dev/loop1' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?

#

[norpol]

Tell us the output of sudo file --special-files /dev/fvdevolume/fvde1 and make sure you've got hfsutils installed. In addition you can check the output of dmesg | tail, which might give you additional details.

[joachimmetz]

@norpol could also be that the encrypted data is not detected correctly by libfvde. debug output is likely to tell me https://github.com/libyal/libfvde/wiki/Troubleshooting#format-or-behavioral-errors

Format support is still WIP, also see https://github.com/libyal/libfvde/issues/2

[norpol]

@joachimmetz Ah, well that makes sense too.

[onesandzero]

@norpol , See below outputs

root:/mnt/fvdevolume# file --special-files /mnt/fvdevolume/fvde1 
/mnt/fvdevolume/fvde1: data
root:/mnt/fvdevolume# locate hfsutils
/usr/share/doc/hfsutils
/usr/share/doc/hfsutils/CREDITS
/usr/share/doc/hfsutils/README.gz
/usr/share/doc/hfsutils/TODO
/usr/share/doc/hfsutils/changelog.Debian.gz
/usr/share/doc/hfsutils/changelog.gz
/usr/share/doc/hfsutils/copyright
/usr/share/man/man1/hfsutils.1.gz
/var/cache/apt/archives/hfsutils_3.2.6-11_amd64.deb
/var/lib/dpkg/info/hfsutils.list
/var/lib/dpkg/info/hfsutils.md5sums
root:/mnt/fvdevolume# dmesg | tail
[ 3251.370988] Buffer I/O error on dev loop1, logical block 29004671, async page read
[ 3251.371396] Buffer I/O error on dev loop1, logical block 29004671, async page read
[ 3251.427645] ISOFS: Unable to identify CD-ROM format.
[ 3251.427788] squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop1
[ 3251.428334] hfsplus: unable to find HFS+ superblock
[ 3251.429320] hfs: can't find a HFS filesystem on dev loop1
[ 3251.429418] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 3251.429764] FAT-fs (loop1): invalid media value (0x45)
[ 3251.429767] FAT-fs (loop1): Can't find a valid FAT filesystem
[ 3255.171102] autofs: called with bogus options

@joachimmetz , I read that troubleshooting article, but i'm not sure what you want, do you want the debug from when it is built, or does it create some log when it is being run?

I really appreciate the help guys, this is driving me crazy!

[norpol]

Seems like @joachimmetz suggested, creating the volume failed. The link he posted mentions that you should remove 'private' data when submitting verbose/debug logs. To enable the debug log you need to run the configure script with parameters (see here).

[onesandzero]

Thanks @norpol I'll enable the debugging and try it again. I will also attempt to strip any private data when I post next.

[jonathancross]

Hi @onesandzero did you ever get this figured out?

[onesandzero]

@jonathancross nope, I shamefully gave up :(

I ended up using BlackLight on a Mac to mount and view it. If you get it to work let me know!

[joachimmetz]

Closing issue cannot fix without debug log. Reopen if data comes available, otherwise I suspect it getting addressed by https://github.com/libyal/libfvde/issues/2