GitHub - MyriadBugs/fvde2john: See README.txt for usage instructions. Use http://www.openwall.com/lists/john-users/ for support.

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
common		common
dpkg		dpkg
fvdetools		fvdetools
include		include
libbfio		libbfio
libcaes		libcaes
libcdata		libcdata
libcerror		libcerror
libcfile		libcfile
libclocale		libclocale
libcnotify		libcnotify
libcpath		libcpath
libcsplit		libcsplit
libcstring		libcstring
libcsystem		libcsystem
libcthreads		libcthreads
libfcache		libfcache
libfdata		libfdata
libfguid		libfguid
libfplist		libfplist
libfvalue		libfvalue
libfvde		libfvde
libhmac		libhmac
libuna		libuna
m4		m4
manuals		manuals
msvscpp		msvscpp
po		po
pyfvde-python2		pyfvde-python2
pyfvde-python3		pyfvde-python3
pyfvde		pyfvde
tests		tests
ABOUT-NLS		ABOUT-NLS
AUTHORS		AUTHORS
COPYING		COPYING
ChangeLog		ChangeLog
INSTALL		INSTALL
Makefile.am		Makefile.am
Makefile.in		Makefile.in
NEWS		NEWS
README		README
README.original		README.original
acinclude.m4		acinclude.m4
aclocal.m4		aclocal.m4
compile		compile
config.guess		config.guess
config.rpath		config.rpath
config.sub		config.sub
configure		configure
configure.ac		configure.ac
depcomp		depcomp
fvde-1.raw.tar.xz		fvde-1.raw.tar.xz
install-sh		install-sh
libfvde.pc.in		libfvde.pc.in
libfvde.spec		libfvde.spec
libfvde.spec.in		libfvde.spec.in
ltmain.sh		ltmain.sh
missing		missing
setup.py		setup.py
test-driver		test-driver
ylwrap		ylwrap

Repository files navigation

Usage
-----

$ tar -xJf fvde-1.raw.tar.xz

$ sudo kpartx -v -a fvde-1.raw
add map loop2p1 (253:5): 0 1048496 linear /dev/loop2 40

$ sudo fvdetools/fvdeinfo -p <dummy-or-fake-password-here> /dev/mapper/loop2p1
fvdeinfo 20160918

$fvde$16$e7eebaabacaffe04dd33d22fd09e30e5$41000$e9acbb4bc6dafb74aadb72c576fecf69c2ad45ccd4776d76
...

Give this hash string to JtR jumbo to crack.

See https://github.com/libyal/libfvde/wiki/Mounting#obtaining-encryptedrootplistwipekey
for information on obtaining the EncryptedRoot.plist.wipekey file for system volumes.

After obtaining EncryptedRoot.plist.wipekey run the following commands against
the Apple_Corestorage partition,

sudo fvdetools/fvdeinfo -e Encrypted.plist.wipekey -p <dummy-or-fake-password-here> /dev/disk2s2

Replace /dev/disk2s2 with an appropriate value.

Note: For encrypted APFS volumes, use https://github.com/kholia/apfs2john instead of this project.

Help
----

https://github.com/libyal/libfvde/wiki

https://github.com/libyal/libfvde/wiki/Troubleshooting

Build
-----

The standard "./configure; make -sj4" invocation should work.

In case of problems, see https://github.com/libyal/libfvde/wiki/Building.

Key Functions
-------------

libfvde_encrypted_metadata_get_volume_master_key (libfvde/libfvde_encrypted_metadata.c)