john-users - Re: Filevault2 volume without password

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <3dc91d85-fffb-9eb8-b3e3-d77e0e0cc272@gmail.com>
Date: Wed, 29 Aug 2018 18:33:07 +0200
From: CRO <enigmista1980@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Filevault2 volume without password

> Does this mean that Kali Linux is somehow broken in some subtle way?
> 
Maybe. I don't know

> Shouldn't the above command be something like the following?
> 
> sudo fvdetools/fvdeinfo -e Encrypted.plist.wipekey -p dummy  /dev/mapper/loop2p2
> 
$ sudo fvdetools/fvdeinfo -e EncryptedRoot.plist.wipekey -p dummy 
/dev/mapper/loop2p2
fvdeinfo 20180108

$fvde$1$16$73d49f736090a65.........45c3e49ae34c12
Unable to open: /dev/mapper/loop2p2.
libfvde_encryption_context_plist_get_passphrase_wrapped_kek: unable to 
retrieve PassphraseWrappedKEKStruct sub property.
libfvde_encrypted_metadata_get_volume_master_key: unable to retrieve 
passphrase wrapped KEK: 1 from encryption context plist.
libfvde_volume_open_read_keys_from_encrypted_metadata: unable to 
retrieve volume master key from encrypted metadata.
libfvde_volume_open_read: unable to read keys from primary encrypted 
metadata.
libfvde_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.

Is $fvde$1$16$73d49f736090a65.........45c3e49ae34c12 the hash?

If yes, BINGO! Thank you!
Are "normal" errors after the hash?
Why used EncryptedRoot.plist.wipekey?

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.