On Monday, July 17, 2017 at 9:50:54 PM UTC-4, mil...@gmail.com wrote: > Hello all, > > It's possible this issue has nothing to do with qubes and I am talking to > dislocker as well, but I didn't find anything about it in the search here, > so... > > I am using qubes 3.2 and need to access a Windoh's-10-bitlocker-encrypted > external hard drive. > > SOB story so you know why I must do such a silly thing: > > My windows 10 laptop was locked with syskey configured to read a USB-drive as > A:, and also encrypted with bitlocker. That USB drive was stolen (thankfully > nothing else important on it) but now my windows laptop is inaccessible, and > to even be able to wipe/restore it I need the bitlocker recovery key. I have > the recovery key for the external hard drive and within it is the recovery > key for the laptop. > > I had (or thought I had) the recovery key written down but the key is not > working which has me somewhat concerned the one in the external won't either > but I have to try. > > My current usable machine is Qubes-only. I see three options: > > 1) use dislocker if possible to decrypt the external hard drive and get my > data that way > > 2) set up a windows 10 HVM and use bitlocker from it to open up the external > > 3) Just make a new usb windows10 recovery drive and wipe that way (would > rather not) > > > > link to dislocker: > > https://github.com/Aorimn/dislocker > > Currently I am trying option 1 but I think dislocker is having trouble with > the Qubes filesystem. I am able to create the dislocker-file.ntfs image of > the drive with minimal fuss. > > (Note: external drive is larger capacity than onboard, so I cannot image the > whole drive onto disk, must use the "fuse" method) > > However, when I try to mount it, I have to use the -T option or it complains > about fstab not having the mount point and if I use the -T option it says > that: > > /mnt/dislocker-file.ntfs: failed to parse > > and I'm dead in the water. It also seems to keep the created file active > since during an earlier attempt I created a file with no extension and was > unable to rename it as it was in-use. > > So, I am concerned that if I delete it I'm going to wipe the external drive > because of the way dislocker works... > > As far as I can tell, I am following the dislocker instructions precisely. I > am also performing all the operations in my sys-usb VM which has been tested > and works fine otherwise. > > Is it possible that I need to do some of this in dom0? > > Any other reason I would be running into this fail? > > > > DISLOCKER LOG: > > sudo dislocker -vvv -l dislocker.txt -r -V /dev/sda1 > -p######-######-######-######-######-######-######-###### -- > /mnt/dislocker-file.ntfs > > Mon Jul 17 20:04:22 2017 [INFO] dislocker by Romain Coltel, v0.5.1 (compiled > for Linux/x86_64) > Mon Jul 17 20:04:22 2017 [INFO] Volume GUID (INFORMATION OFFSET) supported > Mon Jul 17 20:04:22 2017 [INFO] BitLocker metadata found and parsed. > Mon Jul 17 20:04:22 2017 [INFO] Stretching the recovery password, it could > take some time... > Mon Jul 17 20:04:23 2017 [INFO] Stretching of the recovery password is now ok! > Mon Jul 17 20:04:23 2017 [INFO] Used recovery password decryption method > Mon Jul 17 20:04:23 2017 [INFO] Found volume's size: 0xe8e0da7e00 > (1000204828160) bytes > Mon Jul 17 20:04:23 2017 [INFO] Running FUSE with these arguments: > Mon Jul 17 20:04:23 2017 [INFO] `--> 'dislocker' > Mon Jul 17 20:04:23 2017 [INFO] `--> '/mnt/dislocker-file.ntfs'
I would do option 2. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e374e50f-2603-465b-974b-b1860c52a31f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
