libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property

Question

libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property

Closed this issue 3 years ago · 6 comments

Hello everyone,
I'm trying to use libfvde but I've encountered several problems:
initialy, I had a couple of error starting with libfvalue_utf8_string_with_index_copy_to_integer: unsupported character value: 0x78 at index: 1. which was resolved by adding the code given in this post #36.

However, it still doesn't work; here is the command line used and their results
sudo mmls /dev/sda
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors

  Slot      Start        End          Length       Description

000: Meta 0000000000 0000000000 0000000001 Safety Table
001: ------- 0000000000 0000000039 0000000040 Unallocated
002: Meta 0000000001 0000000001 0000000001 GPT Header
003: Meta 0000000002 0000000033 0000000032 Partition Table
004: 000 0000000040 0000409639 0000409600 EFI System Partition
005: 001 0000409640 0488965175 0488555536 Customer
006: 002 0488965176 0490234711 0001269536 Recovery HD
007: ------- 0490234712 0490234751 0000000040 Unallocated

sudo fls -r -o 488965176 /dev/sda | grep -i encryptedroot
+++++ r/r 3597: EncryptedRoot.plist.wipekey

sudo icat -o 488965176 /dev/sda 3597 > EncryptedRoot.plist.wipekey

sudo fvdemount -e EncryptedRoot.plist.wipekey -p 'PASSWD' /dev/sda2 test/fvdevolume

Unable to open: /dev/sda2.
libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property.
libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve passphrase wrapped KEK: 1 from encryption context plist.
libfvde_volume_open_read_keys_from_encrypted_metadata: unable to retrieve volume master key from encrypted metadata.
libfvde_volume_open_read: unable to read keys from primary encrypted metadata.
libfvde_volume_open_file_io_handle: unable to read from file IO handle.
mount_handle_open_input: unable to open input volume.

You can find attached the log of the verbose/debug mode :
log_verbose.txt

I'm currently on 4.18.7-arch1-1-ARCH, the password used in for the program is certain.
The drive was encrypted using filevault2 on Sierra 10.12.6 => source of the problem?

Thank you for your help,
Tiago

Answer 1 · 2018-10-03T18:03:51.000Z

I'll have a look as soon a time permits. Note that this project is considered experimental.

Answer 2 · 2018-10-04T10:13:30.000Z

Okay thank you

Answer 3 · 2019-03-17T20:33:13.000Z

I'm bumping into the same issue.

Version: fvdemount 20190122

Made a image of the entire Macbook Air disk with dd.

libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to retrieve PassphraseWrappedKEKStruct sub property.
libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve passphrase wrapped KEK: 1 from encryption context plist.
libfvde_volume_open_read_keys_from_encrypted_metadata: unable to retrieve volume master key from encrypted metadata.
libfvde_volume_open_read: unable to read keys from primary encrypted metadata.
libfvde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.

Answer 4 · 2019-03-25T19:01:49.000Z

Hi! I know this is your freetime project, but any news regarding this issue? @joachimmetz

Answer 5 · 2019-03-26T04:44:01.000Z

Unfortunately no, I did not have the time to work on this yet.

Answer 6 · 2022-01-18T17:29:05.000Z

This should have been addressed in d86baf8. Closing issue.