For example, having two recovery passwords, one will unlock the drive but not the other one, due to the fact that dislocker stops at the first-found protector.

Hello,

I can't manage to install dislocker. I have downloaded the most recent master version from github.
I have also installed the prerequisites through brew, but I get:

And when I try installing it from source, I get following errors :

Any help would be greatly appreciated. Thanks !
Gilles

Hi,
I've searched for the packages in Homebrew, but was not able to find it.
$ brew install src/dislocker.rb returns
Error: No available formula with the name "dislocker" ==> Searching for similarly named formulae... Error: No similarly named formulae found. ==> Searching taps...

And dislocker can not be found either on braumeister.

I've tried to do it manually by following the mbedTLS 2.0.0 subsection but I got confused after You can then resume the installation where you have left it.

hi, I got a strange error,
after typing make in the shell, I get this error. mac osx version 10.9.1
Please help.
Thanks
Frank

make
gcc -Wall -Werror -Wextra -DPROGNAME="dislocker" -DVERSION="0.3" -D_FILE_OFFSET_BITS=64 -D__DARWIN -I/usr/include -I. -L/usr/lib64 -D__ARCH_X86_64 -D__RUN_FUSE -DFUSE_USE_VERSION=26 -c -o outputs/fuse/fuse.o outputs/fuse/fuse.c
clang: error: argument unused during compilation: '-L/usr/lib64'
make: *** [outputs/fuse/fuse.o] Error 1

I was successfully compile dislocker on Ubuntu. After
sudo dislocker -r -u -v -V /dev/sdb1 /mnt/
command I want to mount dislocker-file but if ran command
mount /mnt/dislocker-file /media/virtual/ -o loop
I get
fuse: mount failed: Access Denied
I'm calling this commands from root.

Currently, dislocker can only read bitlocker volumes for windows 8 and windows 8.1. Would it be possible to add write support?

I do have an windows 8.1 installation with bitlocker here, so I can provide disk images to test.

Following installation instructions got an issue with make execution:

/tmp/dislocker/src$ sudo make
make: *** No targets specified and no makefile found.  Stop.

How to solve this issue? I hopped to install it quickly to get files from encrypted memory stick.

On dev build. (because the latest just wont work on 10.11).
I'm not entirely sure what i'm doing, just following the unstructions in install.mb.
So yes, i got osxfuse and that mbedTLS thing installed. See result in screenshot.

I have Windows 10 and Arch Linux dual-booting on my machine. I had Windows 10 encrypt its partition with Bitlocker (XTS-AES).

In Arch Linux, I installed dislocker 0.6.1 from https://aur.archlinux.org/packages/dislocker/

I tried to use dislocker-fuse to decrypt my drive so I could mount it, but I get the following output:

nticompass@archlinuxpc ~ % sudo dislocker-fuse -f XXX-YYY-ZZZ.BEK -vvvv -V /dev/sda2 -- /mnt/tmp
Fri Apr  8 11:27:24 2016 [DEBUG] Verbosity level to DEBUG (4) into 'stdout'
Fri Apr  8 11:27:24 2016 [INFO] dislocker by Romain Coltel, v0.6.1 (compiled for Linux/x86_64)
Fri Apr  8 11:27:24 2016 [INFO] Compiled version: :
Fri Apr  8 11:27:24 2016 [DEBUG] --- Config...
Fri Apr  8 11:27:24 2016 [DEBUG]    Verbosity: 4
Fri Apr  8 11:27:24 2016 [DEBUG]    Trying to decrypt '/dev/sda2'
Fri Apr  8 11:27:24 2016 [DEBUG]        using the bek file at 'XXX-YYY-ZZZ.BEK'
Fri Apr  8 11:27:24 2016 [DEBUG]    Using the first valid metadata block
Fri Apr  8 11:27:24 2016 [DEBUG] ... End config ---
Fri Apr  8 11:27:24 2016 [DEBUG] Trying to open '/dev/sda2'...
Fri Apr  8 11:27:24 2016 [DEBUG] Trying to open '/dev/sda2'...
Fri Apr  8 11:27:24 2016 [DEBUG] Opened (fd #3).
Fri Apr  8 11:27:24 2016 [DEBUG] Opened (fd #3).
Fri Apr  8 11:27:24 2016 [DEBUG] New memory allocation at 0x562d45e8aee0 (0x18 bytes allocated)
Fri Apr  8 11:27:24 2016 [DEBUG] New memory allocation at 0x562d45e8af00 (0x90 bytes allocated)
Fri Apr  8 11:27:24 2016 [DEBUG] New memory allocation at 0x562d45e8afa0 (0x200 bytes allocated)
Fri Apr  8 11:27:24 2016 [DEBUG] Positionnong #3 at offset 0 from 0
Fri Apr  8 11:27:24 2016 [DEBUG] Reading volume header...
Fri Apr  8 11:27:24 2016 [DEBUG] Reading 0x200 bytes from #3 into 0x562d45e8afa0
Fri Apr  8 11:27:25 2016 [DEBUG] Volume header read
Fri Apr  8 11:27:25 2016 [DEBUG] =====[ Volume header informations ]=====
Fri Apr  8 11:27:25 2016 [DEBUG]   Signature: '-FVE-FS-'
Fri Apr  8 11:27:25 2016 [DEBUG]   Sector size: 0x0200 (512) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Sector per cluster: 0x08 (8) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Reserved clusters: 0x0000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Fat count: 0x00 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Root entries: 0x0000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Number of sectors (16 bits): 0x0000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Media descriptor: 0xf8 (248) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Sectors per fat: 0x0000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Hidden sectors: 0x00032800 (206848) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Number of sectors (32 bits): 0x00000000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Number of sectors (64 bits): 0x0000000000000000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   MFT start cluster: 0x0000000000060001 (393217) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Metadata Lcn: 0x0000000000000000 (0) bytes
Fri Apr  8 11:27:25 2016 [DEBUG]   Volume GUID: 'XYZ-XYZ-XYZ'
Fri Apr  8 11:27:25 2016 [DEBUG]   First metadata header offset:  0x00000000062a0000
Fri Apr  8 11:27:25 2016 [DEBUG]   Second metadata header offset: 0x000000004eae7000
Fri Apr  8 11:27:25 2016 [DEBUG]   Third metadata header offset:  0x00000000857b4000
Fri Apr  8 11:27:25 2016 [DEBUG]   Boot Partition Identifier: '0xaa55'
Fri Apr  8 11:27:25 2016 [DEBUG] ========================================
Fri Apr  8 11:27:25 2016 [INFO] Volume has EOW_INFORMATION_OFFSET_GUID.
Fri Apr  8 11:27:25 2016 [DEBUG] Positionnong #3 at offset 88739840 from 0
Fri Apr  8 11:27:25 2016 [DEBUG] Reading EOW Information header at 0x54a1000...
Fri Apr  8 11:27:25 2016 [DEBUG] Reading 0x38 bytes from #3 into 0x7ffceaacb390
Fri Apr  8 11:27:25 2016 [DEBUG] New memory allocation at 0x562d45e8b1b0 (0x3b8 bytes allocated)
Fri Apr  8 11:27:25 2016 [DEBUG] Reading EOW information's payload...
Fri Apr  8 11:27:25 2016 [DEBUG] Reading 0x348 bytes from #3 into 0x562d45e8b1e8
Fri Apr  8 11:27:25 2016 [DEBUG] End get_eow_information.
Fri Apr  8 11:27:25 2016 [DEBUG] =======================[ BitLocker EOW informations ]========================
Fri Apr  8 11:27:25 2016 [DEBUG]   Signature: 'FVE-EOW'
Fri Apr  8 11:27:25 2016 [DEBUG]   Structure size: 0x0038 (56)
Fri Apr  8 11:27:25 2016 [DEBUG]   On-disk size: 0x03b8 (952)
Fri Apr  8 11:27:25 2016 [DEBUG]   Sector size (1): 0x0200 (512)
Fri Apr  8 11:27:25 2016 [DEBUG]   Sector size (2): 0x0200 (512)
Fri Apr  8 11:27:25 2016 [DEBUG]   Unknown (0x14): 0x00100000 (1048576)
Fri Apr  8 11:27:25 2016 [DEBUG]   Convlog size: 0x00010c00 (68608)
Fri Apr  8 11:27:25 2016 [DEBUG]   Unknown (0x1c): 0x00008400 (33792)
Fri Apr  8 11:27:25 2016 [DEBUG]   Number of regions: 112
Fri Apr  8 11:27:25 2016 [DEBUG]   Crc32: 46971904
Fri Apr  8 11:27:25 2016 [DEBUG]   On-disk offsets: 0x562d45e8b1d8
Fri Apr  8 11:27:25 2016 [DEBUG] ============================================================================
=
Fri Apr  8 11:27:25 2016 [DEBUG] Freeing pointer at address 0x562d45e8b1b0
Fri Apr  8 11:27:25 2016 [DEBUG] Entering get_eow_check_valid
Fri Apr  8 11:27:25 2016 [DEBUG] Positionnong #3 at offset 88739840 from 0
Fri Apr  8 11:27:25 2016 [DEBUG] Reading EOW Information header at 0x54a1000...
Fri Apr  8 11:27:25 2016 [DEBUG] Reading 0x38 bytes from #3 into 0x7ffceaacb390
Fri Apr  8 11:27:25 2016 [DEBUG] New memory allocation at 0x562d45e8b1b0 (0x3b8 bytes allocated)
Fri Apr  8 11:27:25 2016 [DEBUG] Reading EOW information's payload...
Fri Apr  8 11:27:25 2016 [DEBUG] Reading 0x348 bytes from #3 into 0x562d45e8b1e8
Fri Apr  8 11:27:25 2016 [DEBUG] End get_eow_information.
Fri Apr  8 11:27:25 2016 [DEBUG] Looking if 0xf38377b3 == 0x46971904 for EOW information validation
Fri Apr  8 11:27:25 2016 [DEBUG] Freeing pointer at address 0x562d45e8b1b0
Fri Apr  8 11:27:25 2016 [DEBUG] Positionnong #3 at offset 1702043648 from 0
Fri Apr  8 11:27:25 2016 [DEBUG] Reading EOW Information header at 0x65732000...
Fri Apr  8 11:27:25 2016 [DEBUG] Reading 0x38 bytes from #3 into 0x7ffceaacb390
Fri Apr  8 11:27:25 2016 [DEBUG] New memory allocation at 0x562d45e8b1b0 (0x3b8 bytes allocated)
Fri Apr  8 11:27:25 2016 [DEBUG] Reading EOW information's payload...
Fri Apr  8 11:27:25 2016 [DEBUG] Reading 0x348 bytes from #3 into 0x562d45e8b1e8
Fri Apr  8 11:27:25 2016 [DEBUG] End get_eow_information.
Fri Apr  8 11:27:25 2016 [DEBUG] Looking if 0xf38377b3 == 0x46971904 for EOW information validation
Fri Apr  8 11:27:25 2016 [DEBUG] Freeing pointer at address 0x562d45e8b1b0
Fri Apr  8 11:27:25 2016 [INFO] EOW information at offset 54a1000 passed the tests
Fri Apr  8 11:27:25 2016 [DEBUG] Freeing pointer at address 0x562d45e8b1b0
*** Error in `dislocker-fuse': double free or corruption (top): 0x0000562d45e8b1b0 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x6f364)[0x7f90498cd364]
/usr/lib/libc.so.6(+0x74d96)[0x7f90498d2d96]
/usr/lib/libc.so.6(+0x7557e)[0x7f90498d357e]
/usr/lib/libdislocker.so.0.6(dis_free+0x25)[0x7f9049c06b13]
/usr/lib/libdislocker.so.0.6(dis_metadata_initialize+0xa40)[0x7f9049c094dd]
/usr/lib/libdislocker.so.0.6(dis_initialize+0x1ed)[0x7f9049c05323]
dislocker-fuse(main+0x5b)[0x562d44b87161]
/usr/lib/libc.so.6(__libc_start_main+0xf0)[0x7f904987e710]
dislocker-fuse(_start+0x29)[0x562d44b86d19]
======= Memory map: ========
562d44b86000-562d44b88000 r-xp 00000000 fe:02 2372389                    /usr/bin/dislocker-fuse
562d44d87000-562d44d88000 r--p 00001000 fe:02 2372389                    /usr/bin/dislocker-fuse
562d44d88000-562d44d89000 rw-p 00002000 fe:02 2372389                    /usr/bin/dislocker-fuse
562d45e89000-562d45eaa000 rw-p 00000000 00:00 0                          [heap]
7f9044000000-7f9044021000 rw-p 00000000 00:00 0
7f9044021000-7f9048000000 ---p 00000000 00:00 0
7f9048361000-7f9048377000 r-xp 00000000 fe:02 2228586                    /usr/lib/libgcc_s.so.1
7f9048377000-7f9048576000 ---p 00016000 fe:02 2228586                    /usr/lib/libgcc_s.so.1
7f9048576000-7f9048577000 rw-p 00015000 fe:02 2228586                    /usr/lib/libgcc_s.so.1
7f90485a9000-7f90486ac000 r-xp 00000000 fe:02 2228319                    /usr/lib/libm-2.23.so
7f90486ac000-7f90488ac000 ---p 00103000 fe:02 2228319                    /usr/lib/libm-2.23.so
7f90488ac000-7f90488ad000 r--p 00103000 fe:02 2228319                    /usr/lib/libm-2.23.so
7f90488ad000-7f90488ae000 rw-p 00104000 fe:02 2228319                    /usr/lib/libm-2.23.so
7f90488ae000-7f90488b6000 r-xp 00000000 fe:02 2228310                    /usr/lib/libcrypt-2.23.so
7f90488b6000-7f9048ab5000 ---p 00008000 fe:02 2228310                    /usr/lib/libcrypt-2.23.so
7f9048ab5000-7f9048ab6000 r--p 00007000 fe:02 2228310                    /usr/lib/libcrypt-2.23.so
7f9048ab6000-7f9048ab7000 rw-p 00008000 fe:02 2228310                    /usr/lib/libcrypt-2.23.so
7f9048ab7000-7f9048ae5000 rw-p 00000000 00:00 0
7f9048ae5000-7f9048b5c000 r-xp 00000000 fe:02 2228692                    /usr/lib/libgmp.so.10.3.0
7f9048b5c000-7f9048d5b000 ---p 00077000 fe:02 2228692                    /usr/lib/libgmp.so.10.3.0
7f9048d5b000-7f9048d5c000 r--p 00076000 fe:02 2228692                    /usr/lib/libgmp.so.10.3.0
7f9048d5c000-7f9048d5d000 rw-p 00077000 fe:02 2228692                    /usr/lib/libgmp.so.10.3.0
7f9048d5d000-7f9048fd0000 r-xp 00000000 fe:02 2240528                    /usr/lib/libruby.so.2.3.0
7f9048fd0000-7f90491cf000 ---p 00273000 fe:02 2240528                    /usr/lib/libruby.so.2.3.0
7f90491cf000-7f90491d7000 rw-p 00272000 fe:02 2240528                    /usr/lib/libruby.so.2.3.0
7f90491d7000-7f90491e8000 rw-p 00000000 00:00 0
7f90491e8000-7f9049237000 r-xp 00000000 fe:02 2240531                    /usr/lib/libmbedcrypto.so.0
7f9049237000-7f9049436000 ---p 0004f000 fe:02 2240531                    /usr/lib/libmbedcrypto.so.0
7f9049436000-7f9049439000 r--p 0004e000 fe:02 2240531                    /usr/lib/libmbedcrypto.so.0
7f9049439000-7f904943a000 rw-p 00051000 fe:02 2240531                    /usr/lib/libmbedcrypto.so.0
7f904943a000-7f904943d000 rw-p 00000000 00:00 0
7f904943d000-7f9049455000 r-xp 00000000 fe:02 2228242                    /usr/lib/libpthread-2.23.so
7f9049455000-7f9049654000 ---p 00018000 fe:02 2228242                    /usr/lib/libpthread-2.23.so
7f9049654000-7f9049655000 r--p 00017000 fe:02 2228242                    /usr/lib/libpthread-2.23.so
7f9049655000-7f9049656000 rw-p 00018000 fe:02 2228242                    /usr/lib/libpthread-2.23.so
7f9049656000-7f904965a000 rw-p 00000000 00:00 0
7f904965a000-7f904965c000 r-xp 00000000 fe:02 2228318                    /usr/lib/libdl-2.23.so
7f904965c000-7f904985c000 ---p 00002000 fe:02 2228318                    /usr/lib/libdl-2.23.so
7f904985c000-7f904985d000 r--p 00002000 fe:02 2228318                    /usr/lib/libdl-2.23.so
7f904985d000-7f904985e000 rw-p 00003000 fe:02 2228318                    /usr/lib/libdl-2.23.so
7f904985e000-7f90499f6000 r-xp 00000000 fe:02 2228261                    /usr/lib/libc-2.23.so
7f90499f6000-7f9049bf5000 ---p 00198000 fe:02 2228261                    /usr/lib/libc-2.23.so
7f9049bf5000-7f9049bf9000 r--p 00197000 fe:02 2228261                    /usr/lib/libc-2.23.so
7f9049bf9000-7f9049bfb000 rw-p 0019b000 fe:02 2228261                    /usr/lib/libc-2.23.so
7f9049bfb000-7f9049bff000 rw-p 00000000 00:00 0
7f9049bff000-7f9049c18000 r-xp 00000000 fe:02 2240540                    /usr/lib/libdislocker.so.0.6.1
7f9049c18000-7f9049e17000 ---p 00019000 fe:02 2240540                    /usr/lib/libdislocker.so.0.6.1
7f9049e17000-7f9049e18000 r--p 00018000 fe:02 2240540                    /usr/lib/libdislocker.so.0.6.1
7f9049e18000-7f9049e19000 rw-p 00019000 fe:02 2240540                    /usr/lib/libdislocker.so.0.6.1
7f9049e19000-7f9049e44000 r-xp 00000000 fe:02 2233715                    /usr/lib/libfuse.so.2.9.4
7f9049e44000-7f904a044000 ---p 0002b000 fe:02 2233715                    /usr/lib/libfuse.so.2.9.4
7f904a044000-7f904a056000 r--p 0002b000 fe:02 2233715                    /usr/lib/libfuse.so.2.9.4
7f904a056000-7f904a057000 rw-p 0003d000 fe:02 2233715                    /usr/lib/libfuse.so.2.9.4
7f904a057000-7f904a07a000 r-xp 00000000 fe:02 2228260                    /usr/lib/ld-2.23.so
7f904a0a9000-7f904a241000 r--p 00000000 fe:02 2233713                    /usr/lib/locale/locale-archive
7f904a241000-7f904a248000 rw-p 00000000 00:00 0
7f904a279000-7f904a27a000 rw-p 00000000 00:00 0
7f904a27a000-7f904a27b000 r--p 00023000 fe:02 2228260                    /usr/lib/ld-2.23.so
7f904a27b000-7f904a27c000 rw-p 00024000 fe:02 2228260                    /usr/lib/ld-2.23.so
7f904a27c000-7f904a27d000 rw-p 00000000 00:00 0
7ffceaaab000-7ffceaacc000 rw-p 00000000 00:00 0                          [stack]
7ffceabb2000-7ffceabb4000 r--p 00000000 00:00 0                          [vvar]
7ffceabb4000-7ffceabb6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
zsh: abort      sudo dislocker-fuse -f XXX-YYY-ZZZ.BEK -vvvv -V  --

Satisfying the ruby dependency (by installing ruby-devel) leads to libdislocker.so* being installed into /usr/lib64 on ix86 (32 bit) on Fedora Rawhide. Removing ruby-devel again, corrects the build again.

error while loading shared libraries: libdislocker.so.0: cannot open shared object file: No such file or directory

Building dislocker 0.4.1 on RHEL/CentOS 5 fails as follows:

In file included from ./dislocker.h:28,
                 from accesses/accesses.h:27,
                 from dislocker.c:28:
./config.h:87: error: expected specifier-qualifier-list before 'off_t'

and

dislocker.c: In function 'dis_initialize':
dislocker.c:112: error: 'dis_config_t' has no member named 'is_ro'
dislocker.c:144: error: 'dis_config_t' has no member named 'offset'
dislocker.c:344: error: 'dis_config_t' has no member named 'dont_check_state'

root@kali:/downloads/dislocker-4bc45ead252c6d2f6d7e9a08686d5b9181acf89d/src# make uninstall
rm -rf -- dislocker.o common.o config.o sectors.o xstd/xstdio.o xstd/xstdlib.o metadata/datums.o metadata/metadata.o metadata/vmk.o metadata/fvek.o metadata/extended_info.o metadata/guid.o metadata/print_metadata.o accesses/rp/recovery_password.o accesses/stretch_key.o accesses/user_pass/user_pass.o accesses/bek/bekfile.o encryption/decrypt.o encryption/encrypt.o encryption/diffuser.o encryption/crc32.o ntfs/clock.o ntfs/encoding.o outputs/prepare.o _ *.swp dislocker-fuse dislocker-file dislocker-metadata dislocker-bek dislocker-fuse.o dislocker-file.o dislocker-metadata.o dislocker-bek.o libdislocker.so
for prog in dislocker-fuse dislocker-file dislocker-metadata dislocker-bek; do
[ -f /usr/bin/${prog} ] && rm /usr/bin/${prog};
done
[ -f /usr/lib/libdislocker.so ] && rm /usr/lib/libdislocker.so
make: *_* [uninstall] Error 1

# dislocker -r -v -V /dev/sdb1 -p[...] -- /mnt/hdd
Sun Apr  3 00:53:45 2016 [CRITICAL] Can't recognize the encryption algorithm used: 0x8004. Abort
Sun Apr  3 00:53:45 2016 [CRITICAL] Unable to grab VMK or FVEK. Abort.

Windows 10 👎

hi there,

I tried to build dislocker on mavericks 10.9.4 but it fails. I'm using the last commit in the develop branch, as mentioned in an earlier report.

I do have polarssl and osxfuse installed through brew.

$ make
touch dislocker.c
cc -Wall -Werror -Wextra -DPROGNAME=\"dislocker\" -DVERSION=\"0.3.1\" -D_FILE_OFFSET_BITS=64 -DAUTHOR="\"Romain Coltel\"" -D__OS=\"Darwin\" -D__ARCH=\"x86_64\" -D__ARCH_X86_64 -D__DARWIN -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -D__RUN_FUSE -DFUSE_USE_VERSION=26 -c -o dislocker.o dislocker.c
make[2]: Nothing to be done for `library'.
cc -Wall -Werror -Wextra -DPROGNAME=\"dislocker\" -D_FILE_OFFSET_BITS=64 -D__DARWIN -I/usr/include -I../../ -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o recovery_password.o recovery_password.c
In file included from recovery_password.c:25:
In file included from ./recovery_password.h:28:
./../stretch_key.h:29:10: fatal error: 'polarssl/config.h' file not found
#include "polarssl/config.h"
         ^
1 error generated.
make[2]: *** [recovery_password.o] Error 1
make[1]: *** [library] Error 2
make: *** [libs] Error 2

Any suggestions?

Building dislocker 0.4.1 on Fedora 22 leads to this:

metadata/fvek.c: In function 'build_fvek_from_file':
metadata/fvek.c:153:2: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
  datum_key->algo = *(cipher_t*)enc_method;
  ^
cc1: all warnings being treated as errors

Hello

Im trying using this command : dislocker -r -V /dev/sda2 -uXXXXX -- /media/bitlocker
I get this error :
[CRITICAL] None of the provided decryption mean is decrypting the keys. Abort.
[CRITICAL] Unable to grab VMK or FVEK. Abort.
I run the command on Ubuntu live (on USB key).
Normally booting Windows after the BIOS the bitlocker asks me the numeric password using the Fn keys of the keyboard. In the Ubuntu terminal I type the password with the standard numeric keys. Can it be the origin of the trouble ?

I would like to configure an fstab entry for dislocker.

I added a symlink mount.dislocker -> /usr/local/bin/dislocker-fuse and then added the fstab entry

/dev/sda2 /mnt/bitlocker/dislocker-file fuse.dislocker V=/dev/sda2,F=/path/to/key

However

# mount /mnt/bitlocker/dislocker-file

complains that

[CRITICAL] No BitLocker volume path given. Abort.

Is there a way to pass the required options from fstab?

Hi,

new ubuntu 16.04 does not allow me to install libpolarssl-dev. Repository doesn't contain polarssl anymore. Is there any way how to use this perfect project again?

Thanks a lot
Josef

Hi Aorimn,
Can you help me? When I install this program,the problem got me stumped。

/usr/bin/ld: /usr/local/lib/libmbedcrypto.a(aes.o): relocation R_X86_64_32S against `.bss' can not be used when making a shared object;
/usr/local/lib/libmbedcrypto.a: could not read symbols: Bad value
collect2: ld 返回 1
make[2]: *** [src/libdislocker.so.0.6.1] 错误 1
make[1]: *** [src/CMakeFiles/dislocker.dir/all] 错误 2
make: *** [all] 错误 2

Thanks!

Be able to encrypt and decrypt drives.

Hi

I am trying to build dislocker on Yosemite 10.10.2 which has fuse 2.7.5 already installed.
I am getting this error (see image):

Were you able to build it on Yosemite before?

Regards and thank you

Jean-Luc

Hey all...

I'm new to Linux and just worked out a way to update Kali Linux and install dislocker. I'll leave it here, in case it can help someone else...

Using Kali Linux 1.0.9a i386 bootable DVD

Edit "/etc/apt/sources.list" and add "deb http://us.archive.ubuntu.com/ubuntu trusty main universe"

Install programs using Terminal
"apt-get update"
"apt-get install git libfuse-dev libpolarssl-dev" Continue through update text, allow services to restart if needed
"git clone git://github.com/Aorimn/dislocker.git"
"cd /dislocker/src"
"make"
"make install"

Find drive Bitlocker volume
"fdisk -l"

Make two folders in /MNT
"TMP"
"DIS"

Run dislocker
"dislocker -v -V /dev/ -p -- /mnt/tmp"

Check if file exists to confirm proper Bitlocker key
"ls /mnt/tmp"
Should return "dislocker-file" if correct

Mount volume
"mount -o loop,ro /mnt/tmp/dislocker-file /mnt/dis"

Browse to "/mnt/dis" for access to files

No longer compiles or runs after latest update to libpolarssl. I now get the following compilation error:

/usr/bin/ld: /usr/local/lib/libpolarssl.a(aes.o): relocation R_X86_64_32 against `.bss' can not be used when making a shared object; recompile with -fPIC

...and the following error when trying to run the already-compiled binary:

dislocker: error while loading shared libraries: libpolarssl.so.6: cannot open shared object file: No such file or directory

Hi Aorimn,

Where i can i find make file? i couldn't "make" it due to missing make file. even i download from page http://www.hsc.fr/ressources/outils/dislocker/ (Version 0.5.2) or your GIT, there's no "make" file.

develop branch.
root@kali:~/downloads/dislocker-develop/src# make fuse
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -DFUSE_USE_VERSION=26 -c -o dislocker.o dislocker.c
In file included from accesses/rp/recovery_password.h:28:0,
from dislocker.c:29:
accesses/rp/../stretch_key.h:29:29: fatal error: polarssl/config.h: No such file or directory
compilation terminated.
make: *** [dislocker.o] Error 1

clang -Wall -Werror -Wextra -Qunused-arguments -DPROGNAME="dislocker" -DVERSION="0.4.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Darwin" -D__ARCH="x86_64" -D__ARCH_X86_64 -D__DARWIN -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o dislocker.o dislocker.c
In file included from dislocker.c:28:
In file included from ./accesses/accesses.h:27:
In file included from ./dislocker.h:29:
./encommon.h:34:10: fatal error: 'polarssl/aes.h' file not found

include "polarssl/aes.h"

     ^

1 error generated.
make: *** [dislocker.o] Error 1

==> Downloading https://github.com/Aorimn/dislocker/archive/v0.4.tar.gz
Already downloaded: /Library/Caches/Homebrew/dislocker-0.4.0.tar.gz
==> make -C src

include "polarssl/aes.h"

     ^

1 error generated.
make: *** [dislocker.o] Error 1
make: *** Waiting for unfinished jobs....

I have to admit this is all very new to me, I have not used terminal much in Mac OS X. I need to be able to access a Bitlocker encrypted USB drive to alter a PDF file (legitimately with a password). I installed polarssl and homebrew.

Please add /usr/local/lib/libpolarssl.a to the list of modules (for compiling on OS X).

The DESTDIR environment variable is ignored during installation:

[…]
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/lib64/libdislocker.so.0.5.1
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/lib64/libdislocker.so.0.5
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/lib64/libdislocker.so
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-fuse
-- Removed runtime path from "/builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-fuse"
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/share/man/man1/dislocker-fuse.1.gz
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-file
-- Removed runtime path from "/builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-file"
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/share/man/man1/dislocker-file.1.gz
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-metadata
-- Removed runtime path from "/builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-metadata"
-- Installing: /builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-bek
-- Removed runtime path from "/builddir/build/BUILDROOT/dislocker-0.5.1-1.fc24.x86_64/usr/bin/dislocker-bek"
failed to create symbolic link '/usr/bin/dislocker': Permission denied
failed to create symbolic link '/usr/share/man/man1/dislocker.1.gz': Permission denied
[…]

Hey

It's cool that you are continuing working on this lib. I found that the 0.4.1 version is a little bit slow (I only get a write speed of 5 MB/s), so I wanted to test the develop branch.

INSTALL.txt says, that I would need FUSE 2.6
But my fedora, as well as Ubuntu 10.04 comes with FUSE 2.9

Is this an is outdated information?

Thank you,
Phaiax

First, thanks for dislocker, it's great to be able to read BitLocker disks on Linux!

I have a 4TB BitLocker volume that I created on Windows 10. I checksummed 1.8TB of files on this volume, and found a single file that dislocker appears to be reading incorrectly. Specifically, two 4KB blocks in the file appear to be garbled. Windows 10 reads the file correctly (tested twice on different weeks) while dislocker reads the file incorrectly (tested twice across two physical-power-off events).

I built dislocker@develop 564420c on Ubuntu 15.10 (64-bit).

With dislocker:

# cd /home/dislocker/dislocker/src

# ./dislocker-fuse --readonly --verbosity --user-password -V /dev/sda4 /mnt/bitlocker-C
Enter the user password:

# ls -l /mnt/bitlocker-C/dislocker-file 
-r--r--r-- 1 root root 4,000,191,610,368 1970-01-01 00:00 /mnt/bitlocker-C/dislocker-file

# mount -t ntfs-3g -o ro,uid=1000,gid=1000,umask=077 /mnt/bitlocker-C/dislocker-file /mnt/C

# cd /mnt/C/YouTube/UCNHAsCPp3tfbV3O3t7RxYMA

# ls -l 'Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm'
-rwx------ 2 at at 605,594,334 2015-10-13 08:00 Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm*

# md5sum 'Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm' 
f943abbd99343db0d4e384524e8d588a  Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm

# ffmpeg -v error -i 'Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm' -f null - 
[matroska,webm @ 0x13c5c00] Invalid EBML number size tag 0x05 at pos 572409231 (0x221e458f)

I booted into Windows 10 after seeing the incorrect hash f943abbd99343db0d4e384524e8d588a and confirmed that Windows 10 still saw the correct hash 61ac59d3b615cf191b22351b706d7db4.

On a known-good copy of the data created on Windows 10, copying into a Linux Samba share:

# md5sum 'Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm'
61ac59d3b615cf191b22351b706d7db4  Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm

# ffmpeg -v error -i 'Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm' -f null -

(no errors)

Binary-diffing the file shows these differences, indicating that two 4KB blocks are garbled.

strace'ing the mount.ntfs-3g process and then running this program to read the garbled block:

python -c "f=open('Forbush, Colombatto, Shuen, Polleit, Huelsmann, Discusssion, Q & A (PFS 2015)-v5zr8s0Zmn8.webm', 'rb');f.seek(568303648);print hash(f.read(8*1024))"

shows

read(4, "8\0\0\0\3\0\0\0\357\22\0\0\0\0\0\0\3\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 56
writev(4, [{"x\0\0\0\0\0\0\0\357\22\0\0\0\0\0\0", 16}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\232\372;\0\0\0\0\0\0\0\2\0\0\0\0\0"..., 104}], 2) = 120
read(4, "\207\0\0\0\1\0\0\0\360\22\0\0\0\0\0\0\3\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 135
writev(4, [{"\220\0\0\0\0\0\0\0\360\22\0\0\0\0\0\0", 16}, {"\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 128}], 2) = 144
read(4, "8\0\0\0\3\0\0\0\361\22\0\0\0\0\0\0\4\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 56
writev(4, [{"x\0\0\0\0\0\0\0\361\22\0\0\0\0\0\0", 16}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Y\373;\0\0\0\0\0\336\242\30$\0\0\0\0"..., 104}], 2) = 120
read(4, "0\0\0\0\16\0\0\0\362\22\0\0\0\0\0\0\4\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 48
writev(4, [{" \0\0\0\0\0\0\0\362\22\0\0\0\0\0\0", 16}, {"\0\0\0\0\0\0\0\0\2\0\0\0\0\0\0\0", 16}], 2) = 32
read(4, "8\0\0\0\3\0\0\0\363\22\0\0\0\0\0\0\4\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 56
writev(4, [{"x\0\0\0\0\0\0\0\363\22\0\0\0\0\0\0", 16}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Y\373;\0\0\0\0\0\336\242\30$\0\0\0\0"..., 104}], 2) = 120
read(4, "8\0\0\0\3\0\0\0\364\22\0\0\0\0\0\0\4\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 56
writev(4, [{"x\0\0\0\0\0\0\0\364\22\0\0\0\0\0\0", 16}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0Y\373;\0\0\0\0\0\336\242\30$\0\0\0\0"..., 104}], 2) = 120
read(4, "@\0\0\0\22\0\0\0\365\22\0\0\0\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 135168) = 64
writev(4, [{"\20\0\0\0\0\0\0\0\365\22\0\0\0\0\0\0", 16}], 1) = 16
read(4, "8\0\0\0\3\0\0\0\366\22\0\0\0\0\0\0\3\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 56
writev(4, [{"x\0\0\0\0\0\0\0\366\22\0\0\0\0\0\0", 16}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\232\372;\0\0\0\0\0\0\0\2\0\0\0\0\0"..., 104}], 2) = 120
read(4, "-\0\0\0\1\0\0\0\367\22\0\0\0\0\0\0\3\0\0\0\0\0\0\0\350\3\0\0\350\3\0\0"..., 135168) = 45
pread(3, "INDX(\0\t\0h\0019\366\10\0\0\0\3\0\0\0\0\0\0\0(\0\0\0\0\10\0\0"..., 4096, 2905324924928) = 4096
pread(3, "INDX(\0\t\0\204\0051\366\10\0\0\0\0\0\0\0\0\0\0\0(\0\0\0\250\7\0\0"..., 4096, 2778237616128) = 4096
writev(4, [{"\20\0\0\0\376\377\377\377\367\22\0\0\0\0\0\0", 16}], 1) = 16

Is there any other debugging information that might be useful?

I am trying to install dislocker from develop on ubuntu. I am getting errors. Please help

CMakeError.log
Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags:

The output was:
No such file or directory

Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags: -c

The output was:
No such file or directory

Checking whether the CXX compiler is IAR using "" did not match "IAR .+ Compiler":
Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags:

The output was:
No such file or directory

Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags: -c

The output was:
No such file or directory

Checking whether the CXX compiler is IAR using "" did not match "IAR .+ Compiler":
Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags:

The output was:
No such file or directory

Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: CMAKE_CXX_COMPILER-NOTFOUND
Build flags:
Id flags: -c

The output was:
No such file or directory

Checking whether the CXX compiler is IAR using "" did not match "IAR .+ Compiler":

I'm using dislocker on Linux Mint 17 to access a bitlocker encrypted partition, and I'v discovered that it can't decrypt logical partitions inside an extended partition. Nor can it decrypt primary partitions that are located after an extended partition on the harddrive. The error message in both cases is "The signature of the volume () doesn't match the BitLocker's one". Once I moved the partition before the extended partition everything works nicely.

I would also like to see dislocker support encrypted virtual disks (.vhd files), possibly using vdfuse.

Can do you add a bruteForce by wordlist option? wmi its too slow!

It looks like when you mount the partition without fuse it's merely decrypted, but changes are not written back (those performed on the unencrypted ntfs). What's the real difference in this case?

The filesystem image file within a fuse mount is a rather unusual way of implementing what amounts to a block device 'shim'. IMO a network block device simulator (like qemu-nbd) would be a more usual way of doing exactly this. However, using the kernel encryption routines in the way that truecrypt on Linux does would be the most 'correct' (and fastest) solution, if it's possible. (Truecrypt just sets up a dmsetup/cryptsetup mapping for the device then steps aside and lets the kernel do all the heavy lifting).

Obviously, Microsoft have an almost terminal case of "not invented here" which will probably prevent the kernel solution without adding special purpose code to the kernel itself.

But, I would like to see something in the repository to document why these choices were made, and perhaps any you may foresee changing. (eg: new kernel module)

So in short, how about starting a FAQ ?

Hello,

Whenever I use the --user-password option (Really the only option that I can use), I get this error:

"[ERROR] Error, cant find a valid and matching VMK datum. Abort.
[CRITICAL] None of the provided decryption mean is decrypting the keys. Abort
*** Error in `dislocker': double free or corruption (!prev): 0x00007f25d4d6d6a0 ***"

The password I am using is definitely correct.
I am using Xubuntu 64-bit and the Bitlocker-ed drive is Windows 8 64-bit
Any ideas?

The pendrive was formated to FAT32 under windows 7 and then encrypted.
root@kali:~# dislocker -v -V /dev/sdd1 -uAAbb.111 -- /mnt/bitlocker -d
Wed Aug 20 21:48:56 2014 [CRITICAL] The signature of the volume (MSWIN4.1) doesn't match the BitLocker's one (-FVE-FS-). Abort.

With NTFS works.

I have a recovery password that is supplied by our IT department. It is all numbers in the following format: XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX. I execute sudo dislocker -r -V /dev/sda1 -p XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX -- /media/windows
I get 5 lines on screen as follows:
Enter the recover password: "password I entered above"
Enter the recover password: "password I entered above"
Enter the recover password: "password I entered above"
Enter the recover password: "password I entered above"
Enter the recover password: "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX" actual x's not the password.
Valid password format, continuing.
fuse: bad mount point 'password I entered': No such file or directory

What I am missing? Any help appreciated.

Thanks,
M

I'm working on a script to quick mount encrypted Windows volume. I want to give password in a command line, as a parameter. Is it possible?

Hi,
I'm getting the below error when running "cmake ." in the root folder of dislocker. I run Ubuntu 15.10 and can't continue after this.

could you please help ? Not much knowledge in linux from my side I'm afraid..

thank you very much

root@ubuntu:/home/ubuntu/Downloads/dislocker-develop/src# cmake .
-- The C compiler identification is GNU 5.2.1
-- The CXX compiler identification is GNU 5.2.1
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
CMake Warning (dev) at CMakeLists.txt:21 (add_definitions):
Policy CMP0005 is not set: Preprocessor definition values are now escaped
automatically. Run "cmake --help-policy CMP0005" for policy details. Use
the cmake_policy command to set the policy and suppress this warning.
This warning is for project developers. Use -Wno-dev to suppress it.

CMake Warning (dev) at CMakeLists.txt:22 (add_definitions):
Policy CMP0005 is not set: Preprocessor definition values are now escaped
automatically. Run "cmake --help-policy CMP0005" for policy details. Use
the cmake_policy command to set the policy and suppress this warning.
This warning is for project developers. Use -Wno-dev to suppress it.

CMake Warning (dev) at CMakeLists.txt:23 (add_definitions):
Policy CMP0005 is not set: Preprocessor definition values are now escaped
automatically. Run "cmake --help-policy CMP0005" for policy details. Use
the cmake_policy command to set the policy and suppress this warning.
This warning is for project developers. Use -Wno-dev to suppress it.

CMake Warning (dev) at CMakeLists.txt:25 (add_definitions):
Policy CMP0005 is not set: Preprocessor definition values are now escaped
automatically. Run "cmake --help-policy CMP0005" for policy details. Use
the cmake_policy command to set the policy and suppress this warning.
This warning is for project developers. Use -Wno-dev to suppress it.

CMake Warning (dev) at CMakeLists.txt:30 (add_definitions):
Policy CMP0005 is not set: Preprocessor definition values are now escaped
automatically. Run "cmake --help-policy CMP0005" for policy details. Use
the cmake_policy command to set the policy and suppress this warning.
This warning is for project developers. Use -Wno-dev to suppress it.

CMake Error at CMakeLists.txt:109 (find_package):
By not providing "FindPolarSSL.cmake" in CMAKE_MODULE_PATH this project has
asked CMake to find a package configuration file provided by "PolarSSL",
but CMake did not find one.

Could not find a package configuration file provided by "PolarSSL" with any
of the following names:

PolarSSLConfig.cmake
polarssl-config.cmake

Add the installation prefix of "PolarSSL" to CMAKE_PREFIX_PATH or set
"PolarSSL_DIR" to a directory containing one of the above files. If
"PolarSSL" provides a separate development package or SDK, be sure it has
been installed.

CMake Warning (dev) in CMakeLists.txt:
No cmake_minimum_required command is present. A line of code such as

cmake_minimum_required(VERSION 3.2)

should be added at the top of the file. The version specified may be lower
if you wish to support older CMake versions for this project. For more
information run "cmake --help-policy CMP0000".
This warning is for project developers. Use -Wno-dev to suppress it.

-- Configuring incomplete, errors occurred!
See also "/home/ubuntu/Downloads/dislocker-develop/src/CMakeFiles/CMakeOutput.log".

CMakeOutput.log.txt

In more than half the cases, dislocker automatically selects the wrong place for the metadata. As a workaround I just search for the "-FVE-FS-" magic string and put its location in the source.....

in metadata.c:
uint64_t new_offset = vh->metadata_lcn * vh->sectors_per_cluster * vh->sector_size;
xprintf(L_INFO, "X1 Changing first metadata offset from %#llx to %#llx\n", vh->offset_bl_header[0], new_offset);
new_offset = 0x5b0e000;
new_offset -= 0x100000;
xprintf(L_INFO, "X2 Changing first metadata offset from %#llx to %#llx\n", vh->offset_bl_header[0], new_offset);
vh->offset_bl_header[0] = new_offset;

% mygrepall -FVE-FS-
100003
5b0e000
255f1000
...
%

Bitlocker printed:
Fri Aug 23 10:22:17 2013 [INFO] X1 Changing first metadata offset from 0x1e04000f2ec1000f to 0x5b1c000
Fri Aug 23 10:22:17 2013 [INFO] X2 Changing first metadata offset from 0x1e04000f2ec1000f to 0x5a0e000

% hd /dev/nbd0 |head -16
00000 eb 52 90 2d 46 56 45 2d 46 53 2d 00 02 08 00 00 kR.-FVE-FS-.....
00010 00 00 00 00 00 f8 00 00 3f 00 ff 00 00 08 00 00 .....x..?.......
00020 00 00 00 00 80 00 80 00 ff 8f da 39 00 00 00 00 ..........Z9....
00030 00 00 0c 00 00 00 00 00 1c 5b 00 00 00 00 00 00 .........[......
00040 f6 00 00 00 01 00 00 00 49 53 e1 1e 65 e1 1e c2 v.......ISa.ea.B
00050 00 00 00 00 fa 33 c0 8e d0 bc 00 7c fb 68 c0 07 [email protected]<.|{h@.
00060 1f 1e 68 66 00 cb 88 16 0e 00 66 81 3e 03 00 4e ..hf.K....f.>..N
00070 54 46 53 75 15 b4 41 bb aa 55 cd 13 72 0c 81 fb TFSu.4A;_UM.r..{
00080 55 aa 75 06 f7 c1 01 00 75 03 e9 d2 00 1e 83 ec U_u.wA..u.iR...l
00090 18 68 1a 00 b4 48 8a 16 0e 00 8b f4 16 1f cd 13 .h..4H.....t..M.
000a0 9f 83 c4 18 9e 58 1f 72 e1 3b 06 0b 00 75 db a3 ..D..X.ra;...u[#
000b0 0f 00 c1 2e 0f 00 04 1e 5a 33 db b9 00 20 2b c8 ..A.....Z3[9. +H
000c0 66 ff 06 11 00 03 16 0f 00 8e c2 ff 06 16 00 e8 f.........B....h
000d0 40 00 2b c8 77 ef b8 00 bb cd 1a 66 23 c0 75 2d @.+Hwo8.;M.f#@u-
000e0 66 81 fb 54 43 50 41 75 24 81 f9 02 01 72 1e 16 f.{TCPAu$.y..r..
000f0 68 07 bb 16 68 70 0e 16 68 09 00 66 53 66 53 66 h.;.hp..h..fSfSf
%

I understand why 5b1c000 is tried, but not where the correct 5a0e000 comes from. Or where the difference of 0x10e000 comes from.

Note that I have dislocker working on /dev/nbd0, which is just the partition, not the whole disk. If the cluster number in the partition header is absolute (i.e. relative to the whole disk) that might explain 0x100000 of the difference, but 0xe000 then remains unexplained.....

root@kali:~/downloads/dislocker-4bc45ead252c6d2f6d7e9a08686d5b9181acf89d/src# make install
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o dislocker.o dislocker.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o common.o common.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o config.o config.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o sectors.o sectors.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o xstd/xstdio.o xstd/xstdio.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o xstd/xstdlib.o xstd/xstdlib.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/datums.o metadata/datums.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/metadata.o metadata/metadata.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/vmk.o metadata/vmk.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/fvek.o metadata/fvek.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/extended_info.o metadata/extended_info.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/guid.o metadata/guid.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o metadata/print_metadata.o metadata/print_metadata.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o accesses/rp/recovery_password.o accesses/rp/recovery_password.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o accesses/stretch_key.o accesses/stretch_key.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o accesses/user_pass/user_pass.o accesses/user_pass/user_pass.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o accesses/bek/bekfile.o accesses/bek/bekfile.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o encryption/decrypt.o encryption/decrypt.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o encryption/encrypt.o encryption/encrypt.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o encryption/diffuser.o encryption/diffuser.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o encryption/crc32.o encryption/crc32.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o ntfs/clock.o ntfs/clock.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o ntfs/encoding.o ntfs/encoding.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o outputs/prepare.o outputs/prepare.c
cc -shared -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -o libdislocker.so dislocker.o common.o config.o sectors.o xstd/xstdio.o xstd/xstdlib.o metadata/datums.o metadata/metadata.o metadata/vmk.o metadata/fvek.o metadata/extended_info.o metadata/guid.o metadata/print_metadata.o accesses/rp/recovery_password.o accesses/stretch_key.o accesses/user_pass/user_pass.o accesses/bek/bekfile.o encryption/decrypt.o encryption/encrypt.o encryption/diffuser.o encryption/crc32.o ntfs/clock.o ntfs/encoding.o outputs/prepare.o
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -DFUSE_USE_VERSION=26 -c -o dislocker-fuse.o dislocker-fuse.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -DFUSE_USE_VERSION=26 -o dislocker-fuse dislocker-fuse.o -ldislocker -lpthread -lpolarssl -L. -pie -fPIE -Wl,-z,relro -Wl,-z,now -lfuse
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o dislocker-file.o dislocker-file.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -o dislocker-file dislocker-file.o -ldislocker -lpthread -lpolarssl -L. -pie -fPIE -Wl,-z,relro -Wl,-z,now
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o dislocker-metadata.o dislocker-metadata.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -o dislocker-metadata dislocker-metadata.o -ldislocker -lpthread -lpolarssl -L. -pie -fPIE -Wl,-z,relro -Wl,-z,now
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -c -o dislocker-bek.o dislocker-bek.c
cc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -DAUTHOR=""Romain Coltel"" -D__OS="Linux" -D__ARCH="i686" -D__ARCH_I686 -D__LINUX -I. -I/usr/local/include -fstack-protector -fPIC -D_FORTIFY_SOURCE=2 -O1 -o dislocker-bek dislocker-bek.o -ldislocker -lpthread -lpolarssl -L. -pie -fPIE -Wl,-z,relro -Wl,-z,now
install -pm755 dislocker-fuse dislocker-file dislocker-metadata dislocker-bek /usr/bin/
cd /usr/bin/ && ln dislocker-fuse dislocker && cd -
ln: failed to create hard link `dislocker': File exists
make: *** [install] Error 1

Copying a big file to the encrypted usb pendrive. Tried a lot of times and always fails after performing md5 checksum. It only seems to work for small files. Apparently the error triggers always when the file exceeds a specified size, and sometimes on lower sizes.

[ 115.628640] usb 2-1.2: new high-speed USB device number 5 using ehci-pci
[ 115.815027] usb 2-1.2: New USB device found, idVendor=058f, idProduct=6387
[ 115.815033] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 115.815038] usb 2-1.2: Product: Mass Storage Device
[ 115.815041] usb 2-1.2: Manufacturer: Generic
[ 115.815044] usb 2-1.2: SerialNumber: 2NSFNRH4
[ 115.815562] usb-storage 2-1.2:1.0: USB Mass Storage device detected
[ 115.816135] usb-storage 2-1.2:1.0: Quirks match for vid 058f pid 6387: 400
[ 115.816179] scsi7 : usb-storage 2-1.2:1.0
[ 116.817075] scsi 7:0:0:0: Direct-Access JetFlash TS2GJF150 8.07 PQ: 0 ANSI: 2
[ 116.817744] sd 7:0:0:0: Attached scsi generic sg4 type 0
[ 116.818727] sd 7:0:0:0: [sdd] 4095998 512-byte logical blocks: (2.09 GB/1.95 GiB)
[ 116.819333] sd 7:0:0:0: [sdd] Write Protect is off
[ 116.819340] sd 7:0:0:0: [sdd] Mode Sense: 03 00 00 00
[ 116.819998] sd 7:0:0:0: [sdd] No Caching mode page found
[ 116.820004] sd 7:0:0:0: [sdd] Assuming drive cache: write through
[ 116.823725] sd 7:0:0:0: [sdd] No Caching mode page found
[ 116.823731] sd 7:0:0:0: [sdd] Assuming drive cache: write through
[ 116.825514] sdd: sdd1
[ 116.827967] sd 7:0:0:0: [sdd] No Caching mode page found
[ 116.827972] sd 7:0:0:0: [sdd] Assuming drive cache: write through
[ 116.827977] sd 7:0:0:0: [sdd] Attached SCSI removable disk
[ 151.093172] fuse init (API version 7.22)
[ 825.672248] perf samples too long (2511 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
[ 1316.695257] loop: Write error at byte offset 1409003520, length 4096.
[ 1316.695263] Buffer I/O error on device loop1, logical block 343995
[ 1316.695265] lost page write due to I/O error on loop1
[ 1437.050065] loop: Write error at byte offset 1408933888, length 4096.
[ 1437.050073] Buffer I/O error on device loop1, logical block 343978
[ 1437.050075] lost page write due to I/O error on loop1
[ 1704.457363] loop: Write error at byte offset 34676736, length 4096.
[ 1704.457369] Buffer I/O error on device loop1, logical block 8466
[ 1704.457370] lost page write due to I/O error on loop1
[ 1998.417629] usb 2-1.2: USB disconnect, device number 5

I'm getting this error while attempting to compile bitlocker in Kali Linux. Would anybody be so kind as to tell me what the cause of this is?

root@kali:/opt/dislocker/src# make
make[1]: Entering directory /media/sdb1/dislocker/dislocker-git/src/polarssl' make[1]: Leaving directory/media/sdb1/dislocker/dislocker-git/src/polarssl'
make[1]: Entering directory /media/sdb1/dislocker/dislocker-git/src/accesses' make[2]: Entering directory/media/sdb1/dislocker/dislocker-git/src/accesses/bek'
make[2]: Leaving directory /media/sdb1/dislocker/dislocker-git/src/accesses/bek' make[2]: Entering directory/media/sdb1/dislocker/dislocker-git/src/accesses/rp'
make[2]: Leaving directory /media/sdb1/dislocker/dislocker-git/src/accesses/rp' make[2]: Entering directory/media/sdb1/dislocker/dislocker-git/src/accesses/user_pass'
make[2]: Leaving directory /media/sdb1/dislocker/dislocker-git/src/accesses/user_pass' make[1]: Leaving directory/media/sdb1/dislocker/dislocker-git/src/accesses'
make[1]: Entering directory /media/sdb1/dislocker/dislocker-git/src/metadata' make[1]: Leaving directory/media/sdb1/dislocker/dislocker-git/src/metadata'
make[1]: Entering directory /media/sdb1/dislocker/dislocker-git/src/ntfs' make[1]: Leaving directory/media/sdb1/dislocker/dislocker-git/src/ntfs'
make[1]: Entering directory /media/sdb1/dislocker/dislocker-git/src/encryption' make[1]: Leaving directory/media/sdb1/dislocker/dislocker-git/src/encryption'
gcc -Wall -Werror -Wextra -Wconversion -DPROGNAME="dislocker" -DVERSION="0.3.1" -D_FILE_OFFSET_BITS=64 -I/usr/include -I. -L/usr/lib -D__RUN_FUSE -DFUSE_USE_VERSION=26 -o dislocker dislocker.o common.o sectors.o config.o xstd/xstdio.o xstd/xstdlib.o outputs/fuse/fuse.o metadata/datums.o metadata/metadata.o metadata/vmk.o metadata/fvek.o metadata/extended_info.o accesses/rp/recovery_password.o accesses/bek/read_bekfile.o accesses/user_pass/user_pass.o accesses/stretch_key.o encryption/decrypt.o encryption/encrypt.o encryption/diffuser.o encryption/crc32.o ntfs/guid.o ntfs/clock.o ntfs/encoding.o polarssl/aes.o polarssl/sha2.o -lpthread -lfuse

I'm trying to read a drive using the develop branch. The reported filesystem on the drive is HPFS/NTFS/exFAT

This is a WD My Passport drive, encrypted on Windows 8.1 with BitLockerToGo.

Any idea what might be causing this?

Edit: HPFS/NTFS/exFAT is the system that fdisk reports, lsblk does not show anything for the filesystem on the drive.

Latest version of dislocker (0.4.1) doesn't compile when you have your brew up-to-date (when you ran brew update before the installation of dislocker).
The issue is that although the polarssl dependency formula is downloaded and installed, the installed library is not named libpolarssl.a but libmbedtls.a (see the buying announcement).

I'm not sure how to consistently and conveniently fix it yet, so no update is planned right now.

In the meantime, to install dislocker, you could edit the src/Makefile file, look for the line beginning by 'LIB' and replace '-lpolarssl' by '-lmbedtls' on that line. Make sure to have 'brew install polarssl' (to install this mbedtls library) and then you can run 'make -C src/' (or 'cd src/ && make', it's the same).

Hi,

I have successfully installed dislocker, but when I am running dislocker -V '/Volumes/NO NAME' I am getting following error message:
Wed Jan 15 12:17:34 2014 [CRITICAL] The signature of the volume () doesn't match the BitLocker's one (-FVE-FS-). Abort.

'NO NAME' is the name of the USB key that I am using and that was BitLocked under Windows 7. I guess I might be doing something wrong...

FYI, I am running Mac OS X Mavericks 10.9.1 and I have compiled dislocker the standard way with OSXFUSE version 2.6.2.

Thanks in advance for your help!

master branch.
This happens on commit ed0a751. Looks like bitlocker reads from some type of cache and assumes all file operations go right. In this case the file operation went wrong and keeps reading a valid file. Couldn't reproduce on windows but seems to work the same.

1- copy KA.rar and rar.md5 to pendrive in windows
2- mount pendrive in linux
root@kali:# dislocker -v -V /dev/sdd1 -uAAbb.111 -- /mnt/bitlocker
root@kali:# mount -o loop,rw /mnt/bitlocker/dislocker-file /mnt/bitlocker-mount
3- check KA.rar md5 (takes lot of time)
root@kali:/mnt/bitlocker-mount# md5sum -c rar.md5
KA.rar: OK
4- copy again KA.rar to the pendrive under linux while it fails
root@kali:/mnt/bitlocker-mount# cp /root/downloads/KA.rar .
[ 795.744121] lost page write due to I/O error on loop1
5- check checksum again (take little time)
root@kali:/mnt/bitlocker-mount# md5sum -c rar.md5
KA.rar: OK
6- umount and remount the partition
cd
root@kali:# umount /mnt/bitlocker-mount
root@kali:# umount /mnt/bitlocker
root@kali:# dislocker -v -V /dev/sdd1 -uAAbb.111 -- /mnt/bitlocker
root@kali:# mount -o loop,rw /mnt/bitlocker/dislocker-file /mnt/bitlocker-mount
7- check checksum again (takes lot of time)
root@kali:/mnt/bitlocker-mount# md5sum -c rar.md5
KA.rar: FAILED
md5sum: WARNING: 1 computed checksum did NOT match