12-11-2020, 09:28 AM
(This post was last modified: 12-11-2020, 12:08 PM by Zen6.
Edit Reason: Add aditional info about volume header
)
This doesn't work. I get the same Initialization of KeyManager failed error.
I try this with Banaanhangwagen's apfs2hashcat and also with sgan81's apfs-fuse.
What kind of image i chose?
I select Raw DD. Now in Macquisition i need to input the password or Recovery Key to image the whole disk3.
Here are the compile log of Banaanhangwagen's apfs2hashcat :
And here the Error:
sgan81's apfs-fuse give a little more info:
With gdb I get the following Info:
The EncryptedRoot.plist file is encrypted using AES-XTS. The Key1 is on the main volume header/CoreStorage Header. My first goal is, to get the key1 out of the CoreStorage Header. Key2 must be 128bit of zeros.
The Output of mmls
And the fresh dd of the synthesized disk. I make this image under macOS with dd, because Maquisition need a Password to create the image.
I try this with Banaanhangwagen's apfs2hashcat and also with sgan81's apfs-fuse.
What kind of image i chose?
I select Raw DD. Now in Macquisition i need to input the password or Recovery Key to image the whole disk3.
Here are the compile log of Banaanhangwagen's apfs2hashcat :
Code:
cmake ..
-- The C compiler identification is GNU 10.2.0
-- The CXX compiler identification is GNU 10.2.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/apfs2hashcat/buildCode:
make
Scanning dependencies of target lzfse
[ 2%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_decode.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode.c:25:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 4%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_decode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:22:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c: In function ‘lzfse_decode_lmd’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:240:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int32_t’ {aka ‘int’} [-Wsign-compare]
240 | for (size_t i = 0; i < M; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:256:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int32_t’ {aka ‘int’} [-Wsign-compare]
256 | for (size_t i = 0; i < L; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:268:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘ptrdiff_t’ {aka ‘long int’} [-Wsign-compare]
268 | for (size_t i = 0; i < remaining_bytes; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:280:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int32_t’ {aka ‘int’} [-Wsign-compare]
280 | for (size_t i = 0; i < M; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:294:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘ptrdiff_t’ {aka ‘long int’} [-Wsign-compare]
294 | for (size_t i = 0; i < remaining_bytes; i++)
| ^
[ 6%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_encode.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode.c:25:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 8%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_encode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode_base.c:24:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode_base.c: In function ‘setField’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode_base.c:36:61: warning: unused parameter ‘nbits’ [-Wunused-parameter]
36 | static inline uint64_t setField(uint32_t v, int offset, int nbits) {
| ~~~~^~~~~
[ 10%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_fse.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.c:22:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 12%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzvn_decode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.h:29,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.c:24:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.c: In function ‘lzvn_decode’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.c:431:9: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘long int’ [-Wsign-compare]
431 | if (D > dst_ptr - state->dst_begin || D == 0)
| ^
[ 14%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzvn_encode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_encode_base.h:27,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_encode_base.c:24:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 16%] Linking C static library liblzfse.a
[ 16%] Built target lzfse
Scanning dependencies of target apfs
[ 18%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Aes.cpp.o
[ 20%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/AesXts.cpp.o
[ 22%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsContainer.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsContainer.cpp: In member function ‘void ApfsContainer::dump(BlockDumper&)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsContainer.cpp:391:9: warning: unused variable ‘k’ [-Wunused-variable]
391 | size_t k;
| ^
[ 25%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsDir.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp: In member function ‘bool ApfsDir::ListDirectory(std::vector<ApfsDir::DirRec>&, uint64_t)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:330:14: warning: array subscript 0 is outside array bounds of ‘uint8_t [0]’ {aka ‘unsigned char [0]’} [-Warray-bounds]
330 | key->name[0] = 0;
| ~~~~~~~~~~~^
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.h:25,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:27:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DiskStruct.h:482:10: note: while referencing ‘j_drec_key_t::name’
482 | uint8_t name[0];
| ^~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:321:14: warning: array subscript 0 is outside array bounds of ‘uint8_t [0]’ {aka ‘unsigned char [0]’} [-Warray-bounds]
321 | key->name[0] = 0;
| ~~~~~~~~~~~^
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.h:25,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:27:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DiskStruct.h:488:10: note: while referencing ‘j_drec_hashed_key_t::name’
488 | uint8_t name[0];
| ^~~~
[ 27%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsNodeMapper.cpp.o
[ 29%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsNodeMapperBTree.cpp.o
[ 31%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsVolume.cpp.o
[ 33%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/BlockDumper.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/BlockDumper.cpp: In member function ‘void BlockDumper::DumpBTEntry_FusionMT(const void*, size_t, const void*, size_t, bool)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/BlockDumper.cpp:1171:68: warning: unused parameter ‘key_len’ [-Wunused-parameter]
1171 | void BlockDumper::DumpBTEntry_FusionMT(const void* key_ptr, size_t key_len, const void* val_ptr, size_t val_len, bool index)
| ~~~~~~~^~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/BlockDumper.cpp:1171:105: warning: unused parameter ‘val_len’ [-Wunused-parameter]
1171 | void BlockDumper::DumpBTEntry_FusionMT(const void* key_ptr, size_t key_len, const void* val_ptr, size_t val_len, bool index)
| ~~~~~~~^~~~~~~
[ 35%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/BTree.cpp.o
[ 37%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/CheckPointMap.cpp.o
[ 39%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Crc32.cpp.o
[ 41%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Crypto.cpp.o
[ 43%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Decmpfs.cpp.o
[ 45%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Des.cpp.o
[ 47%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Device.cpp.o
[ 50%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceDMG.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DeviceDMG.cpp: In member function ‘bool DeviceDMG::ProcessHeaderRsrc(uint64_t, uint64_t)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DeviceDMG.cpp:458:44: warning: unused parameter ‘off’ [-Wunused-parameter]
458 | bool DeviceDMG::ProcessHeaderRsrc(uint64_t off, uint64_t size)
| ~~~~~~~~~^~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DeviceDMG.cpp:458:58: warning: unused parameter ‘size’ [-Wunused-parameter]
458 | bool DeviceDMG::ProcessHeaderRsrc(uint64_t off, uint64_t size)
| ~~~~~~~~~^~~~
[ 52%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceLinux.cpp.o
[ 54%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceMac.cpp.o
[ 56%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceSparseImage.cpp.o
[ 58%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceWinFile.cpp.o
[ 60%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceWinPhys.cpp.o
[ 62%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DiskImageFile.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DiskImageFile.cpp: In member function ‘bool DiskImageFile::SetupEncryptionV1()’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/DiskImageFile.cpp:254:11: warning: variable ‘total_size’ set but not used [-Wunused-but-set-variable]
254 | uint64_t total_size;
| ^~~~~~~~~~
[ 64%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/GptPartitionMap.cpp.o
[ 66%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/KeyMgmt.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp: In member function ‘void Keybag::dump(std::ostream&, Keybag*, const unsigned char (&)[16])’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp:280:14: warning: variable ‘typestr’ set but not used [-Wunused-but-set-variable]
280 | const char *typestr;
| ^~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp: In member function ‘bool KeyManager::GetVolumeKey(uint8_t*, const unsigned char (&)[16], const char*)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp:578:2: warning: ‘ke_recs’ may be used uninitialized in this function [-Wmaybe-uninitialized]
578 | if (!ke_recs)
| ^~
[ 68%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/PList.cpp.o
[ 70%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Sha1.cpp.o
[ 72%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Sha256.cpp.o
[ 75%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/TripleDes.cpp.o
[ 77%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Util.cpp.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.h:29,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsLib/Util.cpp:41:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘int fse_check_freq(const uint16_t*, size_t, size_t)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘const size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ~~^~~~~~~~~~~~
[ 79%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Unicode.cpp.o
[ 81%] Linking CXX static library libapfs.a
[ 81%] Built target apfs
Scanning dependencies of target apfsutil
[ 83%] Building CXX object CMakeFiles/apfsutil.dir/ApfsUtil/ApfsUtil.cpp.o
[ 85%] Linking CXX executable apfsutil
[ 85%] Built target apfsutil
Scanning dependencies of target apfs-fuse
[ 87%] Building CXX object CMakeFiles/apfs-fuse.dir/apfsfuse/ApfsFuse.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/apfsfuse/ApfsFuse.cpp: In function ‘int apfs_parse_fuse_opt(void*, const char*, int, fuse_args*)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/apfsfuse/ApfsFuse.cpp:667:38: warning: unused parameter ‘data’ [-Wunused-parameter]
667 | static int apfs_parse_fuse_opt(void *data, const char *arg, int key, struct fuse_args* outargs)
| ~~~~~~^~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/apfsfuse/ApfsFuse.cpp:667:88: warning: unused parameter ‘outargs’ [-Wunused-parameter]
667 | static int apfs_parse_fuse_opt(void *data, const char *arg, int key, struct fuse_args* outargs)
| ~~~~~~~~~~~~~~~~~~^~~~~~~
[ 89%] Linking CXX executable apfs-fuse
[ 89%] Built target apfs-fuse
Scanning dependencies of target apfs-dump-quick
[ 91%] Building CXX object CMakeFiles/apfs-dump-quick.dir/ApfsDumpQuick/ApfsDumpQuick.cpp.o
[ 93%] Linking CXX executable apfs-dump-quick
[ 93%] Built target apfs-dump-quick
Scanning dependencies of target apfs-dump
[ 95%] Building CXX object CMakeFiles/apfs-dump.dir/ApfsDump/Dumper.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp: In member function ‘bool Dumper::DumpContainer(std::ostream&)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp:129:11: warning: variable ‘block_size’ set but not used [-Wunused-but-set-variable]
129 | uint32_t block_size;
| ^~~~~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp:131:11: warning: variable ‘chunks_per_cib’ set but not used [-Wunused-but-set-variable]
131 | uint32_t chunks_per_cib;
| ^~~~~~~~~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp:132:11: warning: variable ‘cibs_per_cab’ set but not used [-Wunused-but-set-variable]
132 | uint32_t cibs_per_cab;
| ^~~~~~~~~~~~
[ 97%] Building CXX object CMakeFiles/apfs-dump.dir/ApfsDump/Apfs.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsDump/Apfs.cpp: In function ‘int main(int, const char**)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)/DeLOCK/apfs2hashcat/ApfsDump/Apfs.cpp:406:8: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
406 | printf("main: %s\n", name_dev_main);
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[100%] Linking CXX executable apfs-dump
[100%] Built target apfs-dumpCode:
sudo ./build/apfs-dump-quick /disk3.dmg hash.txt
starting LoadKeybag
Initialization of KeyManager failed.
Unable to init container.sgan81's apfs-fuse give a little more info:
Code:
sudo ./apfs-dump-quick disk3.dmg hash.txt
Mounting xid different from NXSB at 0 (xid = 52985). xid = 52985
Mounting xid 52985
omap: oid=55190 xid=52985 flags=0 size=0 paddr=55190
omap: oid=1029 xid=52985 flags=0 size=0 paddr=1029
starting LoadKeybag @ 6a0471
Initialization of KeyManager failed.
Unable to init container.With gdb I get the following Info:
Code:
"/disk3.dmg" is not a core dump: file format not recognizedThe EncryptedRoot.plist file is encrypted using AES-XTS. The Key1 is on the main volume header/CoreStorage Header. My first goal is, to get the key1 out of the CoreStorage Header. Key2 must be 128bit of zeros.
The Output of mmls
Code:
mmls disk2.dmg
[/font][/size]
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 4096-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Safety Table
001: ------- 0000000000 0000000005 0000000006 Unallocated
002: Meta 0000000001 0000000001 0000000001 GPT Header
003: Meta 0000000002 0000000005 0000000004 Partition Table
004: 000 0000000006 0000076805 0000076800 EFI System Partition
005: 001 0000076806 0061279338 0061202533
006: ------- 0061279339 0061279343 0000000005 Unallocated
[size=large][font=monospace]And the fresh dd of the synthesized disk. I make this image under macOS with dd, because Maquisition need a Password to create the image.
Code:
mmls disk3.dmg
Cannot determine partition type