sgan81
commented
3 years ago Thanks for reporting, I fixed the issue. Let me know if it works (it did for me using your test image).
Closed ydkhatri closed 3 years ago
sgan81
commented
3 years ago Thanks for reporting, I fixed the issue. Let me know if it works (it did for me using your test image).
ydkhatri
commented
3 years ago Awesome, will do! Thanks again for this great tool.
Update - It works.
On a system that was upgraded from Filevaulted HFS to APFS (when OS was upgraded to catalina), the Data volume can be successfully decrypted, but not the System volume.
The VEK for the Data vol is 128 bit, but VEK for System vol appears to be 256 bit. Perhaps this is related to #109 , but it looks like the code suggested there is already incorporated but it does not fix the problem. The problem is unwrapping of 256 bit VEK with 128 bit KEK. I've tried a few different combinations in python, but can't figure out the unwrapping.
Here is a link to the APFS container of this disk. Its 80GB. The debug logs are attached here for both the system(unsuccessful) and data (successful) volume. The user's password is password.
System volume debug.txt Data volume debug.txt