手抜きOS Windows 10 Part102 / Win10 BitLocker サルベージ作戦 その5
手抜きOS Windows 10 Part98 / Lenovo には ディスクアクセスランプがない
手抜きOS Windows 10 Part99 / Win10 BitLocker サルベージ作戦 その2
手抜きOS Windows 10 Part100 / Win10 BitLocker サルベージ作戦 その3
手抜きOS Windows 10 Part101 / Win10 BitLocker サルベージ作戦 その4
なんとなく、WIndows でダメでも Mac なら何とかなるんじゃね?
と思ったので試してみました
Decrypt Bitlocker encrypted partition on Linux and macOS | Christian Engvall
参考にしたのはここ
dislocker というのを入れるとマウントできるという話
とりあえず、brew update しようとしたら、 brew update unknown option list ってエラーが出るので 先に brew update git を実行した。その後はこんな感じ
|
mofmac$ brew update
Already up-to-date.
mofmac$ brew install Caskroom/cask/osxfuse
==> Tapping caskroom/cask
Cloning into '/usr/local/Homebrew/Library/Taps/caskroom/homebrew-cask'...
remote: Counting objects: 4142, done.
remote: Compressing objects: 100% (4127/4127), done.
remote: Total 4142 (delta 28), reused 609 (delta 12), pack-reused 0
Receiving objects: 100% (4142/4142), 1.30 MiB | 833.00 KiB/s, done.
Resolving deltas: 100% (28/28), done.
Tapped 1 command and 4045 casks (4,151 files, 4.1MB).
==> brew cask install Caskroom/cask/osxfuse
==> Caveats
To install and/or use osxfuse you may need to enable their kernel extension in
System Preferences → Security & Privacy → General
For more information refer to vendor documentation or the Apple Technical Note:
https://developer.apple.com/library/content/technotes/tn2459/_index.html
You must reboot for the installation of osxfuse to take effect.
==> Satisfying dependencies
==> Downloading https://github.com/osxfuse/osxfuse/releases/download/osxfuse-3.8
==> Downloading from https://github-production-release-asset-2e65be.s3.amazonaws
######################################################################## 100.0%
==> Verifying checksum for Cask osxfuse
==> Installing Cask osxfuse
==> Running installer for osxfuse; your password may be necessary.
==> Package installers may write to any location; options such as --appdir are i
Password:
installer: Package name is FUSE for macOS
installer: choices changes file '/var/folders/65/79v1d9tj38d0f0p7y5b8cpnr0000gp/T/choices20180903-9850-1hkp74a.xml' applied
installer: Installing at base path /
installer: The install was successful.
==> Changing ownership of paths required by osxfuse; your password may be necess
🍺 osxfuse was successfully installed!
|
これで、 osxfuse までインストール
https://github.com/Aorimn/dislocker/archive/master.zip
をダウンロードして、先に解凍しておく
| mofmac:~ mofuser$ cd Downloads/dislocker-master/src/
mofmac:src mofuser$ brew install dislocker.rb
Updating Homebrew...
Warning: dislocker 0.7.1_3 is available and more recent than version 0.7.0.
==> Installing dependencies for dislocker: mbedtls, cmake
==> Installing dislocker dependency: mbedtls
==> Downloading https://homebrew.bintray.com/bottles/mbedtls-2.12.0.high_sierra.
######################################################################## 100.0%
==> Pouring mbedtls-2.12.0.high_sierra.bottle.tar.gz
🍺 /usr/local/Cellar/mbedtls/2.12.0: 136 files, 3.4MB
==> Installing dislocker dependency: cmake
==> Downloading https://homebrew.bintray.com/bottles/cmake-3.12.1.high_sierra.bo
######################################################################## 100.0%
==> Pouring cmake-3.12.1.high_sierra.bottle.tar.gz
Error: The `brew link` step did not complete successfully
The formula built, but is not symlinked into /usr/local
Could not symlink share/emacs/site-lisp/cmake
/usr/local/share/emacs/site-lisp is not writable.
You can try again using:
brew link cmake
==> Caveats
Emacs Lisp files have been installed to:
/usr/local/share/emacs/site-lisp/cmake
==> Summary
🍺 /usr/local/Cellar/cmake/3.12.1: 2,417 files, 33.6MB
==> Installing dislocker
==> Downloading https://github.com/Aorimn/dislocker/archive/v0.7.zip
==> Downloading from https://codeload.github.com/Aorimn/dislocker/zip/v0.7
######################################################################## 100.0%
==> cmake -DCMAKE_C_FLAGS_RELEASE=-DNDEBUG -DCMAKE_CXX_FLAGS_RELEASE=-DNDEBUG -D
==> make
==> make install
🍺 /usr/local/Cellar/dislocker/0.7.0: 19 files, 281KB, built in 27 seconds
==> Caveats
==> cmake
Emacs Lisp files have been installed to:
/usr/local/share/emacs/site-lisp/cmake
|
これでインストール完了
|
mofmac:src mofuser$ diskutil list
/dev/disk0 (internal, physical):
/dev/disk1 (synthesized):
/dev/disk2 (disk image):
/dev/disk3 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *256.1 GB disk3
1: EFI SYSTEM 272.6 MB disk3s1
2: Microsoft Reserved 16.8 MB disk3s2
3: Microsoft Basic Data 254.7 GB disk3s3
4: Windows Recovery 1.0 GB disk3s4
mofmac:src mofuser$ sudo mkdir /exthdd
Password:
mofmac:src mofuser$ sudo dislocker -V /dev/disk3s3 -u -- /exthdd/
Enter the user password:
Mon Sep 3 17:04:01 2018 [CRITICAL] None of the provided decryption mean is decrypting the keys. Abort.
Mon Sep 3 17:04:01 2018 [CRITICAL] Unable to grab VMK or FVEK. Abort.
mofmac:src mofuser$ sudo dislocker -V /dev/disk3s3 -p******-******-******-******-******-******-******-****** -u -- /exthdd/
Enter the user password:
mofmac:src mofuser$ sudo ls -lh /exthdd
total 497500160
-rw-rw-rw- 1 root wheel 237G Jan 1 1970 dislocker-file
mofmac:src mofuser$ sudo mkdir /win10
mofmac:src mofuser$ sudo mount -r -t ntfs /exthdd/dislocker-file /win10
mount_ntfs: /exthdd/dislocker-file on /win10: Block device required
mofmac:src mofuser$ sudo hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount /exthdd/dislocker-file
/dev/disk4
mofmac:src mofuser$ sudo mount -r -t ntfs /dev/disk4 /win10
mofmac:src mofuser$ ls /win10
$Recycle.Bin
ProgramData
Recovery
Config.Msi
System Volume Information
DRIVERS
Users
Documents and Settings
Windows
Intel
hiberfil.sys
MSOCache
pagefile.sys
PerfLogs
swapfile.sys
Program Files
temp
Program Files (x86)
|
復元したいdisk3s3をブロックデバイスにして それをマウントした所、フォルダが見えるようになった!
Mac偉い! (((・ω・)))
この後無事 exfat の外付けSSDに転送して無事救出しました
Translate
「240GB以上のSSDDどれでも500円引き! 」
流石に、一つだけでした。