This repository was archived by the owner on Jun 29, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathREADME
46 lines (28 loc) · 1.26 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Usage
-----
$ tar -xJf fvde-1.raw.tar.xz
$ sudo kpartx -v -a fvde-1.raw
add map loop2p1 (253:5): 0 1048496 linear /dev/loop2 40
$ sudo fvdetools/fvdeinfo -p <dummy-or-fake-password-here> /dev/mapper/loop2p1
fvdeinfo 20160918
$fvde$16$e7eebaabacaffe04dd33d22fd09e30e5$41000$e9acbb4bc6dafb74aadb72c576fecf69c2ad45ccd4776d76
...
Give this hash string to JtR jumbo to crack.
See https://github.com/libyal/libfvde/wiki/Mounting#obtaining-encryptedrootplistwipekey
for information on obtaining the EncryptedRoot.plist.wipekey file for system volumes.
After obtaining EncryptedRoot.plist.wipekey run the following commands against
the Apple_Corestorage partition,
sudo fvdetools/fvdeinfo -e Encrypted.plist.wipekey -p <dummy-or-fake-password-here> /dev/disk2s2
Replace /dev/disk2s2 with an appropriate value.
Note: For encrypted APFS volumes, use https://github.com/kholia/apfs2john instead of this project.
Help
----
https://github.com/libyal/libfvde/wiki
https://github.com/libyal/libfvde/wiki/Troubleshooting
Build
-----
The standard "./configure; make -sj4" invocation should work.
In case of problems, see https://github.com/libyal/libfvde/wiki/Building.
Key Functions
-------------
libfvde_encrypted_metadata_get_volume_master_key (libfvde/libfvde_encrypted_metadata.c)