GitHub - kholia/fvde2john: See README.txt for usage instructions. Use http://www.openwall.com/lists/john-users/ for support.

This repository was archived by the owner on Jun 29, 2020. It is now read-only.

Name	Name	Last commit message	Last commit date
Latest commit kholia Introduce apfs2john project Aug 31, 2018 92dad1f · Aug 31, 2018 History 7 Commits
common	common	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
dpkg	dpkg	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
fvdetools	fvdetools	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
include	include	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libbfio	libbfio	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcaes	libcaes	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcdata	libcdata	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcerror	libcerror	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcfile	libcfile	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libclocale	libclocale	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcnotify	libcnotify	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcpath	libcpath	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcsplit	libcsplit	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libcstring	libcstring	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
libcsystem	libcsystem	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
libcthreads	libcthreads	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfcache	libfcache	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfdata	libfdata	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfguid	libfguid	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfplist	libfplist	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfvalue	libfvalue	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfvde	libfvde	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libhmac	libhmac	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libuna	libuna	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
m4	m4	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
manuals	manuals	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
msvscpp	msvscpp	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
po	po	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
pyfvde-python2	pyfvde-python2	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
pyfvde-python3	pyfvde-python3	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
pyfvde	pyfvde	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
tests	tests	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
ABOUT-NLS	ABOUT-NLS	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
AUTHORS	AUTHORS	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
COPYING	COPYING	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
ChangeLog	ChangeLog	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
INSTALL	INSTALL	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
Makefile.am	Makefile.am	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
Makefile.in	Makefile.in	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
NEWS	NEWS	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
README	README	Introduce apfs2john project	Aug 31, 2018
README.original	README.original	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
acinclude.m4	acinclude.m4	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
aclocal.m4	aclocal.m4	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
compile	compile	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
config.guess	config.guess	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
config.rpath	config.rpath	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
config.sub	config.sub	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
configure	configure	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
configure.ac	configure.ac	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
depcomp	depcomp	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
fvde-1.raw.tar.xz	fvde-1.raw.tar.xz	Add a disk image sample and usage notes	Feb 21, 2017
install-sh	install-sh	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
libfvde.pc.in	libfvde.pc.in	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfvde.spec	libfvde.spec	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
libfvde.spec.in	libfvde.spec.in	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
ltmain.sh	ltmain.sh	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
missing	missing	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
setup.py	setup.py	Rebase on top of libfvde-experimental-20180108.tar.gz	Aug 27, 2018
test-driver	test-driver	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017
ylwrap	ylwrap	pristine libfvde-experimental-20160918.tar.gz	Feb 7, 2017

Repository files navigation

Usage
-----

$ tar -xJf fvde-1.raw.tar.xz

$ sudo kpartx -v -a fvde-1.raw
add map loop2p1 (253:5): 0 1048496 linear /dev/loop2 40

$ sudo fvdetools/fvdeinfo -p <dummy-or-fake-password-here> /dev/mapper/loop2p1
fvdeinfo 20160918

$fvde$16$e7eebaabacaffe04dd33d22fd09e30e5$41000$e9acbb4bc6dafb74aadb72c576fecf69c2ad45ccd4776d76
...

Give this hash string to JtR jumbo to crack.

See https://github.com/libyal/libfvde/wiki/Mounting#obtaining-encryptedrootplistwipekey
for information on obtaining the EncryptedRoot.plist.wipekey file for system volumes.

After obtaining EncryptedRoot.plist.wipekey run the following commands against
the Apple_Corestorage partition,

sudo fvdetools/fvdeinfo -e Encrypted.plist.wipekey -p <dummy-or-fake-password-here> /dev/disk2s2

Replace /dev/disk2s2 with an appropriate value.

Note: For encrypted APFS volumes, use https://github.com/kholia/apfs2john instead of this project.

Help
----

https://github.com/libyal/libfvde/wiki

https://github.com/libyal/libfvde/wiki/Troubleshooting

Build
-----

The standard "./configure; make -sj4" invocation should work.

In case of problems, see https://github.com/libyal/libfvde/wiki/Building.

Key Functions
-------------

libfvde_encrypted_metadata_get_volume_master_key (libfvde/libfvde_encrypted_metadata.c)