Encrypted images support

[aatreya]

What's necessary to support encrypted images, such as those created via Time Machine when encryption is turned on? dmg2img supposedly can decrypt these with the password provided, but it didn't work on the DMG mounted under the sparsebundlefs mount point.

[torarnv]

In theory sparsebundlefs should not care about the content of the dmg it exposes, but I haven't tried your use-case. Can you try running sprarsebundlefs in debug mode to see if there are any errors on the console?

[jacklenox]

I am also trying to read encrypted sparsebundles. I'm pleased to say that sparsebundlefs seems to work. However, I'm struggling to mount the .dmg file that gets produced.

When I try a standard mount, I get this error: wrong fs type, bad option, bad superblock on /dev/loop1 (as covered in your README).

When I try to use parted sparsebundle.dmg unit B print (with or without sudo), I get this:

Warning: Unable to open /tmp/my-disk-image-2/sparsebundle.dmg read-write (Read-only file system).  /tmp/my-disk-image-2/sparsebundle.dmg has been opened read-only.
Warning: Unable to open /tmp/my-disk-image-2/sparsebundle.dmg read-write (Read-only file system).  /tmp/my-disk-image-2/sparsebundle.dmg has been opened read-only.
Error: /tmp/my-disk-image-2/sparsebundle.dmg: unrecognised disk label
Model:  (file)                                                            
Disk /tmp/my-disk-image-2/sparsebundle.dmg: 1998251409408B
Sector size (logical/physical): 512B/512B
Partition Table: unknown
Disk Flags: 

I have also tried extracting the .dmg with catacombae's dmgextractor which seems to get further, though by the time the output .iso file reaches about 650MB, I get a runtime exception of "Too many open files". :confused:

I'm thinking of upping the file descriptor limit and trying again...

That aside, thank you for the software! I'm happy to got as far as I so far have.

[torarnv]

Let me know if you figure out what went wrong. You can try running sparsebundlefs in debug mode to see if there are any errors in the logs:

https://github.com/torarnv/sparsebundlefs#troubleshooting

[maxisme]

I have the same problem tried troubleshooting but it sticks on

sparsebundlefs: bundle has band size 8388608 and total size 1048576000000

[jacklenox]

Sorry, just returned to this, same thing happening to me as above:

sparsebundlefs: mounting `/media/capsule/jacks-macbook-pro.sparsebundle' at mount-point `/tmp/my-disk-image'
sparsebundlefs: bundle has band size 8388608 and total size 1998251409408

[torarnv]

And just hangs? Try attaching a debugger and see what the backtrace it, if possible

[torarnv]

That would be e.g. gdb -p <pid>, and then bt all

[jief666]

Hi, I made a version that support encrypted sparse bundle. It's committed here : https://github.com/jief666/sparsebundlefs. Let me know if you'd like a pull request to integrate this in your branch. Regards.

[torarnv]

Hey @jief666 ! Great that you've implemented encrypted sparse bundle support! Could you give a high level overview of how an encrypted sparse bundle differs from a non-encrypted one? In particular why the decryption needs to live inside sparsebundlefs and not by whatever mounts the resulting dmg?

[jief666]

I even didn't think about mounting the result dmg as encrypted one. I had a quick look today and I think Linux can't mount encrypted dmg (but not sure). At least the one on my NAS. I also had a quick look at dmg format. The first sector of an encrypted dmg looks very much like the token file. sparsebundlefs will still has to know that it's an encrypted sparsebundle and replace the content of the first sector by token, maybe fixing some offset too. And then, in my linux, I would another fuse layer to decrypt the dmg. Looks simpler to me to have sparsebundlefs take care of decryption. Basically most of it is in sparsebundle_read_process_band_encrypted.

[KenMacD]

@jief666 I managed to get an image to compile after installing openssl-1.0 (it seems to use some deprecated methods that aren't supported in 1.1), but the mount point then just contains an empty spartsebundle.dmg file. Any idea why?

The code does seem to tell the difference between a correct and incorrect password.

[jief666]

No never got that. Did you try the debug non-daemon mode ?

[KenMacD]

@jief666 Thanks. I've had a bit of time to play with it and it seems the Info.plist file got lost somehow, so the code was using a block size of 0. Although it's an unlikely case it might be worth adding a little more error checking around either the block size or the whole size being 0.

[jief666]

Good you find. Yes, sure. Any code to detect problems is good. Wanna do it and submit it ?

[mafredri]

To me it seems that it is indeed the sparsebundle that is encrypted, not the resulting image. At least this seems to be the case with encrypted Time Machine backups.

Each band is encrypted and decryption requires a token located at *.sparsebundle/token. For this to works, I don't see any way around handling decryption in sparsebundlefs.

I took a quick look at rebasing @jief666's encryption branch on the current master, but they have diverged too much for me to handle. I would love to see support for encrypted sparse images in sparsebundlefs though!

[jief666]

Sorry, because torarnv didn't seem interested, I moved on. I created a project hdimount (https://github.com/jief666/hdimount/tree/wip) which is the union of darling-dmg and APFSFuse. The result can mount a lot of different images (partitionned or not, HFS or APFS, encrypted or not, sparsebundle or dmg) without the need of loop devices or exploring manually partition table. Good luck all.

[torarnv]

Sounds like a nice project! I'll point people who need encrypted images support your way

[torarnv]

@mafredri It seems there are alternate solutions to this: https://gist.github.com/calebgross/6f2633dc952d5ae851eda3c12a608aeb

[jief666]

Sounds like a nice project! I'll point people who need encrypted images support your way

Thanks.

[kode54]

If only it didn't require bloody Eclipse to build!

Even worse, it only compiles on macOS! What kind of crap is that? If I wanted to mount this on macOS, I'd use the system's own tools!

[jief666]

@kode54 : Congratulation for your nice comment. Free is not enough for you, you also want it ready for your platform. Plus, you say wrong things. So please, next time, think twice before being unpleasant.

"If only it didn't require bloody Eclipse to build!"

it's a work in progress, I use Eclipse. Is Eclipse really bloody ? A free multi-platform IDE seems good to me. Feel free to use another IDE and maintain and submit project files

Even worse, it only compiles on macOS!

The goal of these project, is to mimic what macOS do. So compiling for macOS make perfect sense so I can easily compare. If found a lot of bug in darling-dmg by doing that.

Even worse, it only compiles on macOS!

Wrong. I compile for linux 32 bits and 64 bits. I test it on my linux NAS. I paid close attention to int type so they shouldn't be any warning in 32 and 64 bits. It should compile easily on windows but I didn't do it yet. You are welcome to help on that instead of criticising people who give away freely their work.

kode54, welcome to the open source world.

[torarnv]

Please move further discussion about https://github.com/jief666/hdimount to the relevant repo/issue tracker, thanks!

[jief666]

Yes, sorry. There won't be any further comment about that from me.

[joshenders]

@mafredri It seems there are alternate solutions to this: https://gist.github.com/calebgross/6f2633dc952d5ae851eda3c12a608aeb

This gist is 404, here's a mirror I pulled from a Google cached copy.

# Create mount points for decrypted sparse bundle disk image and full Apple disk image.
sudo mkdir /mnt/bundle /mnt/dmg

# Ensure loopback kernel module is loaded. 
lsmod | grep ^loop || sudo modprobe loop

# Decrypt and FUSE-mount sparse bundle disk image. Trailing options help with debugging.
sudo sparsebundlefs <ENCRYPTED_SPARSE_BUNDLE_DISK_IMAGE> /mnt/bundle -s -f -D

# Note partition 2's "Start" and "Size" values. 
sudo parted /mnt/bundle/sparsebundle.dmg unit B print 
Number  Start       End          Size         File system  Name                  Flags
 1      20480B      209735679B   209715200B   fat32        EFI System Partition  boot, esp
 2      210763776B  4095737855B  3884974080B  fat32        disk image            msftdata

# Using values noted above, associate loop device with decrypted sparse bundle disk image.
sudo losetup -f /mnt/bundle/sparsebundle.dmg --offset 210763776 --sizelimit 3884974080 --show

# Mount loop device as full Apple disk image.
sudo mount /dev/loop0 /mnt/dmg

For what it's worth, this won't work with Time Machine backups. It's a similar method that was mentioned previously by @jacklenox. I think @jief666 was onto something and this actually needs to be moved into sparsebundlefs.

[noperator]

This gist is 404, here's a mirror I pulled from a Google cached copy.

Sorry, I changed my GitHub handle a few months ago…looks like it broke my gists. Here's a working link to my instructions for decrypting/mounting an encrypted sparse bundle disk image using sparsebundlefs: https://gist.github.com/noperator/6f2633dc952d5ae851eda3c12a608aeb