12-30-2023, 02:36 PM
(12-11-2020, 09:28 AM)Zen6 Wrote: This doesn't work. I get the same Initialization of KeyManager failed error.
I try this with Banaanhangwagen's apfs2hashcat and also with sgan81's apfs-fuse.
What kind of image i chose?
I select Raw DD. Now in Macquisition i need to input the password or Recovery Key to image the whole disk3.
Here are the compile log of Banaanhangwagen's apfs2hashcat :
Code:cmake ..
-- The C compiler identification is GNU 10.2.0
-- The CXX compiler identification is GNU 10.2.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/apfs2hashcat/buildAnd here the Error:Code:make
Scanning dependencies of target lzfse
[ 2%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_decode.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode.c:25:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 4%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_decode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:22:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c: In function ‘lzfse_decode_lmd’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:240:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int32_t’ {aka ‘int’} [-Wsign-compare]
240 | for (size_t i = 0; i < M; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:256:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int32_t’ {aka ‘int’} [-Wsign-compare]
256 | for (size_t i = 0; i < L; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:268:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘ptrdiff_t’ {aka ‘long int’} [-Wsign-compare]
268 | for (size_t i = 0; i < remaining_bytes; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:280:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int32_t’ {aka ‘int’} [-Wsign-compare]
280 | for (size_t i = 0; i < M; i++)
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_decode_base.c:294:30: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘ptrdiff_t’ {aka ‘long int’} [-Wsign-compare]
294 | for (size_t i = 0; i < remaining_bytes; i++)
| ^
[ 6%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_encode.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode.c:25:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 8%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_encode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode_base.c:24:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode_base.c: In function ‘setField’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_encode_base.c:36:61: warning: unused parameter ‘nbits’ [-Wunused-parameter]
36 | static inline uint64_t setField(uint32_t v, int offset, int nbits) {
| ~~~~^~~~~
[ 10%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzfse_fse.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.c:22:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 12%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzvn_decode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.h:29,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.c:24:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.c: In function ‘lzvn_decode’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.c:431:9: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘long int’ [-Wsign-compare]
431 | if (D > dst_ptr - state->dst_begin || D == 0)
| ^
[ 14%] Building C object CMakeFiles/lzfse.dir/3rdparty/lzfse/src/lzvn_encode_base.c.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_encode_base.h:27,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_encode_base.c:24:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘fse_check_freq’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ^
[ 16%] Linking C static library liblzfse.a
[ 16%] Built target lzfse
Scanning dependencies of target apfs
[ 18%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Aes.cpp.o
[ 20%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/AesXts.cpp.o
[ 22%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsContainer.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsContainer.cpp: In member function ‘void ApfsContainer::dump(BlockDumper&)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsContainer.cpp:391:9: warning: unused variable ‘k’ [-Wunused-variable]
391 | size_t k;
| ^
[ 25%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsDir.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp: In member function ‘bool ApfsDir::ListDirectory(std::vector<ApfsDir::DirRec>&, uint64_t)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:330:14: warning: array subscript 0 is outside array bounds of ‘uint8_t [0]’ {aka ‘unsigned char [0]’} [-Warray-bounds]
330 | key->name[0] = 0;
| ~~~~~~~~~~~^
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.h:25,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:27:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DiskStruct.h:482:10: note: while referencing ‘j_drec_key_t::name’
482 | uint8_t name[0];
| ^~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:321:14: warning: array subscript 0 is outside array bounds of ‘uint8_t [0]’ {aka ‘unsigned char [0]’} [-Warray-bounds]
321 | key->name[0] = 0;
| ~~~~~~~~~~~^
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.h:25,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/ApfsDir.cpp:27:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DiskStruct.h:488:10: note: while referencing ‘j_drec_hashed_key_t::name’
488 | uint8_t name[0];
| ^~~~
[ 27%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsNodeMapper.cpp.o
[ 29%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsNodeMapperBTree.cpp.o
[ 31%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/ApfsVolume.cpp.o
[ 33%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/BlockDumper.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/BlockDumper.cpp: In member function ‘void BlockDumper::DumpBTEntry_FusionMT(const void*, size_t, const void*, size_t, bool)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/BlockDumper.cpp:1171:68: warning: unused parameter ‘key_len’ [-Wunused-parameter]
1171 | void BlockDumper::DumpBTEntry_FusionMT(const void* key_ptr, size_t key_len, const void* val_ptr, size_t val_len, bool index)
| ~~~~~~~^~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/BlockDumper.cpp:1171:105: warning: unused parameter ‘val_len’ [-Wunused-parameter]
1171 | void BlockDumper::DumpBTEntry_FusionMT(const void* key_ptr, size_t key_len, const void* val_ptr, size_t val_len, bool index)
| ~~~~~~~^~~~~~~
[ 35%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/BTree.cpp.o
[ 37%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/CheckPointMap.cpp.o
[ 39%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Crc32.cpp.o
[ 41%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Crypto.cpp.o
[ 43%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Decmpfs.cpp.o
[ 45%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Des.cpp.o
[ 47%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Device.cpp.o
[ 50%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceDMG.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DeviceDMG.cpp: In member function ‘bool DeviceDMG::ProcessHeaderRsrc(uint64_t, uint64_t)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DeviceDMG.cpp:458:44: warning: unused parameter ‘off’ [-Wunused-parameter]
458 | bool DeviceDMG::ProcessHeaderRsrc(uint64_t off, uint64_t size)
| ~~~~~~~~~^~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DeviceDMG.cpp:458:58: warning: unused parameter ‘size’ [-Wunused-parameter]
458 | bool DeviceDMG::ProcessHeaderRsrc(uint64_t off, uint64_t size)
| ~~~~~~~~~^~~~
[ 52%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceLinux.cpp.o
[ 54%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceMac.cpp.o
[ 56%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceSparseImage.cpp.o
[ 58%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceWinFile.cpp.o
[ 60%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DeviceWinPhys.cpp.o
[ 62%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/DiskImageFile.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DiskImageFile.cpp: In member function ‘bool DiskImageFile::SetupEncryptionV1()’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/DiskImageFile.cpp:254:11: warning: variable ‘total_size’ set but not used [-Wunused-but-set-variable]
254 | uint64_t total_size;
| ^~~~~~~~~~
[ 64%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/GptPartitionMap.cpp.o
[ 66%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/KeyMgmt.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp: In member function ‘void Keybag::dump(std::ostream&, Keybag*, const unsigned char (&)[16])’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp:280:14: warning: variable ‘typestr’ set but not used [-Wunused-but-set-variable]
280 | const char *typestr;
| ^~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp: In member function ‘bool KeyManager::GetVolumeKey(uint8_t*, const unsigned char (&)[16], const char*)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/KeyMgmt.cpp:578:2: warning: ‘ke_recs’ may be used uninitialized in this function [-Wmaybe-uninitialized]
578 | if (!ke_recs)
| ^~
[ 68%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/PList.cpp.o
[ 70%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Sha1.cpp.o
[ 72%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Sha256.cpp.o
[ 75%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/TripleDes.cpp.o
[ 77%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Util.cpp.o
In file included from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_internal.h:30,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzvn_decode_base.h:29,
from /media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsLib/Util.cpp:41:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h: In function ‘int fse_check_freq(const uint16_t*, size_t, size_t)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/3rdparty/lzfse/src/lzfse_fse.h:564:21: warning: comparison of integer expressions of different signedness: ‘int’ and ‘const size_t’ {aka ‘const long unsigned int’} [-Wsign-compare]
564 | for (int i = 0; i < table_size; i++) {
| ~~^~~~~~~~~~~~
[ 79%] Building CXX object CMakeFiles/apfs.dir/ApfsLib/Unicode.cpp.o
[ 81%] Linking CXX static library libapfs.a
[ 81%] Built target apfs
Scanning dependencies of target apfsutil
[ 83%] Building CXX object CMakeFiles/apfsutil.dir/ApfsUtil/ApfsUtil.cpp.o
[ 85%] Linking CXX executable apfsutil
[ 85%] Built target apfsutil
Scanning dependencies of target apfs-fuse
[ 87%] Building CXX object CMakeFiles/apfs-fuse.dir/apfsfuse/ApfsFuse.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/apfsfuse/ApfsFuse.cpp: In function ‘int apfs_parse_fuse_opt(void*, const char*, int, fuse_args*)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/apfsfuse/ApfsFuse.cpp:667:38: warning: unused parameter ‘data’ [-Wunused-parameter]
667 | static int apfs_parse_fuse_opt(void *data, const char *arg, int key, struct fuse_args* outargs)
| ~~~~~~^~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/apfsfuse/ApfsFuse.cpp:667:88: warning: unused parameter ‘outargs’ [-Wunused-parameter]
667 | static int apfs_parse_fuse_opt(void *data, const char *arg, int key, struct fuse_args* outargs)
| ~~~~~~~~~~~~~~~~~~^~~~~~~
[ 89%] Linking CXX executable apfs-fuse
[ 89%] Built target apfs-fuse
Scanning dependencies of target apfs-dump-quick
[ 91%] Building CXX object CMakeFiles/apfs-dump-quick.dir/ApfsDumpQuick/ApfsDumpQuick.cpp.o
[ 93%] Linking CXX executable apfs-dump-quick
[ 93%] Built target apfs-dump-quick
Scanning dependencies of target apfs-dump
[ 95%] Building CXX object CMakeFiles/apfs-dump.dir/ApfsDump/Dumper.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp: In member function ‘bool Dumper::DumpContainer(std::ostream&)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp:129:11: warning: variable ‘block_size’ set but not used [-Wunused-but-set-variable]
129 | uint32_t block_size;
| ^~~~~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp:131:11: warning: variable ‘chunks_per_cib’ set but not used [-Wunused-but-set-variable]
131 | uint32_t chunks_per_cib;
| ^~~~~~~~~~~~~~
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsDump/Dumper.cpp:132:11: warning: variable ‘cibs_per_cab’ set but not used [-Wunused-but-set-variable]
132 | uint32_t cibs_per_cab;
| ^~~~~~~~~~~~
[ 97%] Building CXX object CMakeFiles/apfs-dump.dir/ApfsDump/Apfs.cpp.o
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsDump/Apfs.cpp: In function ‘int main(int, const char**)’:
/media/The-Distribution-Which-Does-Not-Handle-OpenCL-Well (The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali))/DeLOCK/apfs2hashcat/ApfsDump/Apfs.cpp:406:8: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
406 | printf("main: %s\n", name_dev_main);
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[100%] Linking CXX executable apfs-dump
[100%] Built target apfs-dump
Code:sudo ./build/apfs-dump-quick /disk3.dmg hash.txt
starting LoadKeybag
Initialization of KeyManager failed.
Unable to init container.
sgan81's apfs-fuse give a little more info:
Code:sudo ./apfs-dump-quick disk3.dmg hash.txt
Mounting xid different from NXSB at 0 (xid = 52985). xid = 52985
Mounting xid 52985
omap: oid=55190 xid=52985 flags=0 size=0 paddr=55190
omap: oid=1029 xid=52985 flags=0 size=0 paddr=1029
starting LoadKeybag @ 6a0471
Initialization of KeyManager failed.
Unable to init container.
With gdb I get the following Info:
Code:"/disk3.dmg" is not a core dump: file format not recognized
The EncryptedRoot.plist file is encrypted using AES-XTS. The Key1 is on the main volume header/CoreStorage Header. My first goal is, to get the key1 out of the CoreStorage Header. Key2 must be 128bit of zeros.
The Output of mmls
Code:mmls disk2.dmg
[/font][/size]
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 4096-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Safety Table
001: ------- 0000000000 0000000005 0000000006 Unallocated
002: Meta 0000000001 0000000001 0000000001 GPT Header
003: Meta 0000000002 0000000005 0000000004 Partition Table
004: 000 0000000006 0000076805 0000076800 EFI System Partition
005: 001 0000076806 0061279338 0061202533
006: ------- 0061279339 0061279343 0000000005 Unallocated
[size=large][font=monospace]
And the fresh dd of the synthesized disk. I make this image under macOS with dd, because Maquisition need a Password to create the image.
Code:mmls disk3.dmg
Cannot determine partition type
Hi, maybe you had success in your previous question here?