Error when using --user-password option about dislocker HOT 33 OPEN

Just as an issue, handling TPM with default settings is impossible. This has to be stated in the documentation if it isn't already.

from dislocker.

It works fine with the recovery key. This worked for me:

sudo mkdir -p /mnt/windows-dislocker
sudo mkdir -p /mnt/windows
sudo dislocker /dev/nvme0n1p3 -p123456-123456-123456-123456-123456-123456-123456-123456 -- /mnt/windows-dislocker
sudo mount -o loop /mnt/windows-dislocker/dislocker-file /mnt/windows

Alternatively, add the following to /etc/fstab:

/dev/nvme0n1p3 /mnt/windows-dislocker fuse.dislocker recovery-password=123456-123456-123456-123456-123456-123456-123456-123456,nofail 0 0
/mnt/windows-dislocker/dislocker-file /mnt/windows auto nofail 0 0 

(Obviously, you need to replace the arguments with your device and recovery key.)

from dislocker.

The password was correct. The issue is documentation.

Neither the man page, nor the help text, nor the README mention TPM at all. Nor do they mention the crucial fact that it's impossible with default settings.

from dislocker.

Hi,
Could you provide the exact command line you're using (replacing your password with something else)? Most probably: you have to put an equal between the --user-password option and your password, as so: --user-password=yourpassword.

from dislocker.

I used this (Without the quotes):

"dislocker -v -V /dev/sda4 --user-password FUBAR -- /mnt/tmp"

from dislocker.

When I use that command, I get a "Enter Password:" prompt but then I get the error that I mentioned above. I've also used "-u".

from dislocker.

Yeah, that's the problem: you have to put an equal sign (=) as so: "dislocker -v -V /dev/sda4 --user-password=FUBAR -- /mnt/tmp"
With the -u option would be as following: "dislocker -v -V /dev/sda4 -uFUBAR -- /mnt/tmp"

from dislocker.

Hmm, I am still getting the same error even when using the "=" or when using the abbreviated flag "-u" as you also suggested :(

from dislocker.

Question: The user-password option requires the user to use the same password that is used to unlock the drive when starting Windows, correct?

from dislocker.

It's correct. Are you using the PIN+TPM scheme (which dislocker doesn't understand yet)? Or are you using a plain password (which is used by the -u option)?

from dislocker.

Plain password :)

from dislocker.

Then I don't understand what's going on as is. Can you set a dummy password and send me the output of dislocker using the -vvvv option? It will print a lot of stuff, the password you gave included in various forms (plain and hexa dumped), so be sure to give a dummy password.

from dislocker.

Want me to just put it in a pastebin?

from dislocker.

Sure

from dislocker.

Here you go! :) http://pastebin.com/W5Q5ELTT

from dislocker.

Okay so, from what I see, you have 8 protectors (datum). None of them is of a type which is destined to be used by the user password scheme. Although, only 2 protectors are used to decrypt the VMK: the recovery password and the PIN+TPM. Therefore, I think - not 100% sure though - that the password you're entering while booting your Windows is from the PIN+TPM.
If you have access to the recovery password, could you try to use the -p (--recovery-password=) option?

from dislocker.

Just to confirm it can be decrypt this disk.

from dislocker.

Hi Aorimn,

Sorry to reach you on a closed issue, but I have the same problem as theatre-x, which states that Dislocker can't find a valid and matching VMK datum.

As it ended with a double free or corruption event catched by glibc when I made my initial test on my real SSD, I tried to do some more tests on a DCFLDD image... But the problem remains. So I run Dislocker in verbose more, and results are here:
http://pastebin.com/B0yT1qWB

Can you please be so kind to tell me if it's the same problem as theatre-x had? And do you plan to add a feature for the PIN+TPM schema? This would really be a life saver... :-]

Cheers,

Kwan

from dislocker.

Hi,

This seems to be the same problem: you're not using the user-password scheme on the volume.

It would be nice to be able to decrypt PIN+TPM encrypted disks indeed. My current problem for this is my hardware where there's no TPM. If you have an easy way to emulate a TPM in VirtualBox or vmplayer, that would be nice. So far I've only found http://www.trust.rub.de/projects/vTPM/, but it involves recompiling VirtualBox so I'd prefer a solution where if there's a problem I know it's because of my code and not another third party code/compilation problem.

from dislocker.

That would be really nice, and very useful for IT guys as PIN+TPM is probably the most adopted schema.

I guess most tools probably involve recompiling, but maybe of of them is mature enough to rely on him. Did you have a look on Mario Strasser's TPM Emulator?

Cheers

from dislocker.

Hi Aorimn;
I tried -u, --user-password, --user-password=... option.
I'm getting this error:

[ERROR] The MACs don't match.
[ERROR] Can't decrypt correctly the VMK. Abort.
[CRITICAL] None of the provided decryption mean is decrypting the keys. Abort.
*** Error in `dislocker': double free or corruption (!prev): 0x00007fe606c746c0

from dislocker.

Hi,
it seems like it's the same error as the original question: either you have the wrong password, or it's because you don't have the user-password scheme, but more likely the TPM+Password scheme.

from dislocker.

Hi Aorimn;
Did password --user-password option is computer password or harddisk bitlocker password?
If a bitlocker password then password is a correct, I'm sure.
Else computer was password not defined.
What is a TPM+Password scheme?

Thanks..

from dislocker.

It's the harddisk BitLocker password indeed. The user-password scheme is used as-is, but the TPM+Password scheme uses the TPM and a password (which is also defined by the user).

Can you use a dummy password (one which won't decrypt the volume) and send me the output (or pastebin it) of dislocker using the -vvvv option? It will print a lot of information, including your password so be careful to use a dummy one.

from dislocker.

This output:

http://pastebin.com/jwPAhWcm

from dislocker.

You have indeed a user-password it seems. Then I guess, either there's a bug, or you don't use the correct password.

How did you set up your drive exactly? As I don't think you would have used an incorrect password, I'll try to reproduce the bug.

Is this the stable version of dislocker or the one on the develop branch? Would you mind trying the one of the develop branch if you're curently using the stable one?

from dislocker.

No. I used incorrect password.

My HDD don't open. I guess, bad sector error. I can unlock HDD on Windows from console, but don't access to data. I aim recovery datas.

I using the stable version.

from dislocker.

Then is the version on the develop branch better for you?

from dislocker.

The dislocker-fuse man page (which man dislocker redirects to) makes no mention whatsoever of TPM, nor that it's impossible with default settings. Nor does the README. Please add this.

from dislocker.

What is the status here?

from dislocker.

--user-password works for passwords in the "data-like" (without TPM) password-only protection. It doesn't work with TPM and PIN/password which is used to unlock the TPM. In fact, TPM will refuse to give out key data on a dual boot. So it will never be supported.

Documentation should be updated and when that happens this issue can be closed.

from dislocker.

@alexchandel it's impossible with default settings what settings should I use?

from dislocker.

@alexchandel it's impossible with default settings what settings should I use?

Bitlocker should be enable in non-TPM mode and with a password, like you'd do for data drives, OR you'd have to have the recovery key and mount using that instead. Only two ways.

from dislocker.