On a system that was upgraded from Filevaulted HFS to APFS (when OS was upgraded to catalina), the Data volume can be successfully decrypted, but not the System volume.
The VEK for the Data vol is 128 bit, but VEK for System vol appears to be 256 bit. Perhaps this is related to #109 , but it looks like the code suggested there is already incorporated but it does not fix the problem. The problem is unwrapping of 256 bit VEK with 128 bit KEK. I've tried a few different combinations in python, but can't figure out the unwrapping.
Here is a link to the APFS container of this disk. Its 80GB. The debug logs are attached here for both the system(unsuccessful) and data (successful) volume. The user's password is password.
On a system that was upgraded from Filevaulted HFS to APFS (when OS was upgraded to catalina), the Data volume can be successfully decrypted, but not the System volume.
The VEK for the Data vol is 128 bit, but VEK for System vol appears to be 256 bit. Perhaps this is related to #109 , but it looks like the code suggested there is already incorporated but it does not fix the problem. The problem is unwrapping of 256 bit VEK with 128 bit KEK. I've tried a few different combinations in python, but can't figure out the unwrapping.
Here is a link to the APFS container of this disk. Its 80GB. The debug logs are attached here for both the system(unsuccessful) and data (successful) volume. The user's password is password.
System volume debug.txt Data volume debug.txt