/libfvde

Library and tools to access FileVault Drive Encryption (FVDE) encrypted volumes

Primary LanguageCGNU Lesser General Public License v3.0LGPL-3.0

libfvde is a library to access FileVault Drive Encryption (FVDE) (or FileVault2) encrypted volumes.

The FVDE format is used by Mac OS X, as of Lion (10.7), to encrypt data on a storage media volume.

Project information:

* Status: experimental
* Licence: LGPLv3+

Supported Core Storage / FileVault2 implementations:

* Mac OS X Lion (10.7)
* Mac OS X Mountain Lion (10.8)
* Mac OS X Mavericks (10.9)
* Mac OS X Yosemite (10.10)
* Mac OS X El Capitan (10.11)
* macOS Sierra (10.12)
* macOS High Sierra (10.13)
* macOS Mojave (10.14)
* macOS Catalina (10.15)

Supported encryption volume types:

* removable media volume - with encrypted context (initial support as of 20121113 version)
* system volume
* multiple logical volumes

Supported protection methods:

* password
* recovery password
* VMK key data (as of 20121114 version)

Unsupported Core Storage format features:

* multiple physical volumes

Also see:

* VileFault; for accessing FileVault encrypted disk images (or user directories): https://code.google.com/p/vilefault/
* Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption: http://eprint.iacr.org/2012/374.pdf
* Security Analysis and Decryption of FileVault 2: http://www.cl.cam.ac.uk/~osc22/docs/slides_fv2_ifip_2013.pdf

If you find this project useful please cite the following paper in your publications:
Omar Choudary, Felix Grobert and Joachim Metz. "Security Analysis and Decryption of Filevault 2",
in Advances in Digital Forensics IX, IFIP Advances in Information and Communication Technology 410,
2013, pp 349-363.

Work in progress:

* DEFLATE compressed XML plist
* removable media volume - without encrypted context
* removable media volume - decrypted
* extend CoreStorage volume support
* partial encrypted volumes

Planned:

* Dokan support

For more information see:

* Project documentation: https://github.com/libyal/libfvde/wiki/Home
* How to build from source: https://github.com/libyal/libfvde/wiki/Building