If we have an external SSD encrypted with BitLocker and want to mount it and access it on Ubuntu we can use dislocker package.
dislocker(1) - Linux man page
We can install it from Ubuntu repository:
$ sudo apt install dislocker
Let's explore its arguments:
# dislocker --help
dislocker by Romain Coltel, v0.7.1 (compiled for Linux/x86_64)
Usage: dislocker [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...]
with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-c
Options:
-c, --clearkey decrypt volume using a clear key (default)
-f, --bekfile BEKFILE
decrypt volume using the bek file (on USB key)
-F, --force-block=[N] force use of metadata block number N (1, 2 or 3)
-h, --help print this help and exit
-k, --fvek FVEK_FILE decrypt volume using the FVEK directly
-l, --logfile LOG_FILE
put messages into this file (stdout by default)
-O, --offset OFFSET BitLocker partition offset, in bytes (default is 0)
-p, --recovery-password=[RECOVERY_PASSWORD]
decrypt volume using the recovery password method
-q, --quiet do NOT display anything
-r, --readonly do not allow one to write on the BitLocker volume
-s, --stateok do not check the volume's state, assume it's ok to mount it
-u, --user-password=[USER_PASSWORD]
decrypt volume using the user password method
-v, --verbosity increase verbosity (CRITICAL errors are displayed by default)
-V, --volume VOLUME volume to get metadata and keys from
-- end of program options, beginning of FUSE's ones
ARGS are any arguments you want to pass to FUSE. You need to pass at least
the mount-point.
Now we need to create two directories: one where we want dislocker to place a virtual NTFS partition which will be created as file named dislocker-file and its mount point:
root@bobox:~# mkdir /media/bitlocker
root@bobox:~# mkdir /media/mount
To find the device name of the external drive, you can execute the following command (as root) before and after connecting it to your computer and then compare the outputs:
root@bobox:~# fdisk -l
In my case the difference was:
Disk /dev/sdb: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 33553920 bytes
Disklabel type: dos
Disk identifier: 0xdeadbeef
Device Boot Start End Sectors Size Id Type
/dev/sdb1 2048 1953521663 1953519616 931.5G 7 HPFS/NTFS/exFAT
We can now decrypt the drive (note that we need root permissions):
root@bobox:~# dislocker -v -V /dev/sdb1 -uPASSWORD -- /media/bitlocker
Use -r to make BitLocker drive read-only.
Now we need to mount BitLocker drive onto the mount directory (note that we need root permissions here as well):
root@bobox:~# mount -o loop,rw /media/bitlocker/dislocker-file /media/mount
If we don't elevate to root, we'll get:
mount: only root can use "--options" option
If we haven't removed properly drive from Windows, we might get the following warning:
The disk contains an unclean file system (0, 0).
The file system wasn't safely closed on Windows. Fixing.
To check all arguments for mount:
$ mount --help
Usage:
mount [-lhV]
mount -a [options]
mount [options] [--source] <source> | [--target] <directory>
mount [options] <source> <directory>
mount <operation> <mountpoint> [<target>]
Mount a filesystem.
Options:
-a, --all mount all filesystems mentioned in fstab
-c, --no-canonicalize don't canonicalise paths
-f, --fake dry run; skip the mount(2) syscall
-F, --fork fork off for each device (use with -a)
-T, --fstab <path> alternative file to /etc/fstab
-i, --internal-only don't call the mount.<type> helpers
-l, --show-labels show also filesystem labels
-n, --no-mtab don't write to /etc/mtab
-o, --options <list> comma-separated list of mount options
-O, --test-opts <list> limit the set of filesystems (use with -a)
-r, --read-only mount the filesystem read-only (same as -o ro)
-t, --types <list> limit the set of filesystem types
--source <src> explicitly specifies source (path, label, uuid)
--target <target> explicitly specifies mountpoint
-v, --verbose say what is being done
-w, --rw, --read-write mount the filesystem read-write (default)
-h, --help display this help
-V, --version display version
Source:
-L, --label <label> synonym for LABEL=<label>
-U, --uuid <uuid> synonym for UUID=<uuid>
LABEL=<label> specifies device by filesystem label
UUID=<uuid> specifies device by filesystem UUID
PARTLABEL=<label> specifies device by partition label
PARTUUID=<uuid> specifies device by partition UUID
<device> specifies device by path
<directory> mountpoint for bind mounts (see --bind/rbind)
<file> regular file for loopdev setup
Operations:
-B, --bind mount a subtree somewhere else (same as -o bind)
-M, --move move a subtree to some other place
-R, --rbind mount a subtree and all submounts somewhere else
--make-shared mark a subtree as shared
--make-slave mark a subtree as slave
--make-private mark a subtree as private
--make-unbindable mark a subtree as unbindable
--make-rshared recursively mark a whole subtree as shared
--make-rslave recursively mark a whole subtree as slave
--make-rprivate recursively mark a whole subtree as private
--make-runbindable recursively mark a whole subtree as unbindable
For more details, see mount(8).
We can now browse files on encrypted disk mounted to local directory:
$ ls /media/mount/
To unmount drives use umount:
$ sudo umount /media/bitlocker
dislocker(1) - Linux man page
We can install it from Ubuntu repository:
$ sudo apt install dislocker
Let's explore its arguments:
# dislocker --help
dislocker by Romain Coltel, v0.7.1 (compiled for Linux/x86_64)
Usage: dislocker [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...]
with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-c
Options:
-c, --clearkey decrypt volume using a clear key (default)
-f, --bekfile BEKFILE
decrypt volume using the bek file (on USB key)
-F, --force-block=[N] force use of metadata block number N (1, 2 or 3)
-h, --help print this help and exit
-k, --fvek FVEK_FILE decrypt volume using the FVEK directly
-l, --logfile LOG_FILE
put messages into this file (stdout by default)
-O, --offset OFFSET BitLocker partition offset, in bytes (default is 0)
-p, --recovery-password=[RECOVERY_PASSWORD]
decrypt volume using the recovery password method
-q, --quiet do NOT display anything
-r, --readonly do not allow one to write on the BitLocker volume
-s, --stateok do not check the volume's state, assume it's ok to mount it
-u, --user-password=[USER_PASSWORD]
decrypt volume using the user password method
-v, --verbosity increase verbosity (CRITICAL errors are displayed by default)
-V, --volume VOLUME volume to get metadata and keys from
-- end of program options, beginning of FUSE's ones
ARGS are any arguments you want to pass to FUSE. You need to pass at least
the mount-point.
Now we need to create two directories: one where we want dislocker to place a virtual NTFS partition which will be created as file named dislocker-file and its mount point:
root@bobox:~# mkdir /media/bitlocker
root@bobox:~# mkdir /media/mount
To find the device name of the external drive, you can execute the following command (as root) before and after connecting it to your computer and then compare the outputs:
root@bobox:~# fdisk -l
In my case the difference was:
Disk /dev/sdb: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 33553920 bytes
Disklabel type: dos
Disk identifier: 0xdeadbeef
Device Boot Start End Sectors Size Id Type
/dev/sdb1 2048 1953521663 1953519616 931.5G 7 HPFS/NTFS/exFAT
We can now decrypt the drive (note that we need root permissions):
root@bobox:~# dislocker -v -V /dev/sdb1 -uPASSWORD -- /media/bitlocker
Use -r to make BitLocker drive read-only.
Now we need to mount BitLocker drive onto the mount directory (note that we need root permissions here as well):
root@bobox:~# mount -o loop,rw /media/bitlocker/dislocker-file /media/mount
If we don't elevate to root, we'll get:
mount: only root can use "--options" option
If we haven't removed properly drive from Windows, we might get the following warning:
The disk contains an unclean file system (0, 0).
The file system wasn't safely closed on Windows. Fixing.
$ mount --help
Usage:
mount [-lhV]
mount -a [options]
mount [options] [--source] <source> | [--target] <directory>
mount [options] <source> <directory>
mount <operation> <mountpoint> [<target>]
Mount a filesystem.
Options:
-a, --all mount all filesystems mentioned in fstab
-c, --no-canonicalize don't canonicalise paths
-f, --fake dry run; skip the mount(2) syscall
-F, --fork fork off for each device (use with -a)
-T, --fstab <path> alternative file to /etc/fstab
-i, --internal-only don't call the mount.<type> helpers
-l, --show-labels show also filesystem labels
-n, --no-mtab don't write to /etc/mtab
-o, --options <list> comma-separated list of mount options
-O, --test-opts <list> limit the set of filesystems (use with -a)
-r, --read-only mount the filesystem read-only (same as -o ro)
-t, --types <list> limit the set of filesystem types
--source <src> explicitly specifies source (path, label, uuid)
--target <target> explicitly specifies mountpoint
-v, --verbose say what is being done
-w, --rw, --read-write mount the filesystem read-write (default)
-h, --help display this help
-V, --version display version
Source:
-L, --label <label> synonym for LABEL=<label>
-U, --uuid <uuid> synonym for UUID=<uuid>
LABEL=<label> specifies device by filesystem label
UUID=<uuid> specifies device by filesystem UUID
PARTLABEL=<label> specifies device by partition label
PARTUUID=<uuid> specifies device by partition UUID
<device> specifies device by path
<directory> mountpoint for bind mounts (see --bind/rbind)
<file> regular file for loopdev setup
Operations:
-B, --bind mount a subtree somewhere else (same as -o bind)
-M, --move move a subtree to some other place
-R, --rbind mount a subtree and all submounts somewhere else
--make-shared mark a subtree as shared
--make-slave mark a subtree as slave
--make-private mark a subtree as private
--make-unbindable mark a subtree as unbindable
--make-rshared recursively mark a whole subtree as shared
--make-rslave recursively mark a whole subtree as slave
--make-rprivate recursively mark a whole subtree as private
--make-runbindable recursively mark a whole subtree as unbindable
For more details, see mount(8).
$ ls /media/mount/
To unmount drives use umount:
$ sudo umount /media/bitlocker
4 comments:
Simple procedure and easy to follow, worked great for me
Thanks man!
BE SMART AND BECOME RICH IN LESS THAN 3DAYS....It all depends on how fast
you can be to get the new PROGRAMMED blank ATM card that is capable of
hacking into any ATM machine,anywhere in the world. I got to know about
this BLANK ATM CARD when I was searching for job online about a month
ago..It has really changed my life for good and now I can say I'm rich and
I can never be poor again. The least money I get in a day with it is about
$50,000.(fifty thousand USD) Every now and then I keeping pumping money
into my account. Though is illegal,there is no risk of being caught
,because it has been programmed in such a way that it is not traceable,it
also has a technique that makes it impossible for the CCTVs to detect
you..For details on how to get yours today, email the hackers on : (
atmmachinehackers1@gmail.com ). Tell your
loved once too, and start to live large. That's the simple testimony of how
my life changed for good...Love you all ...the email address again is ;
atmmachinehackers1@gmail.com
Worked for me with Lubuntu 20.04 using the following:
sudo dislocker -v -V /dev/sdc1 -u -- /media/bitlocker
Where sdc1 was my bitlocked external hdd
THE ONLY GENUINE AND GUARANTEED RECOVERY AGENT EVER ( MORRIS GRAY )
I was scammed of $573,000 worth of bitcoins with a scam forest investment unknowingly then, I didn’t know what to do.. I felt like committing suicide, but I fortunately for me I had a good start again after my friend introduced me to a cyber crime investigator ( Mr Morris Gray ) who helped me recovered all my stolen funds and profit that where held form me, by those bastard scammers, in just few days of working with him, if you feel scammed with fake forex company you don’t need to be worried, you can Text Him Via his Email: Morris Gray 830@ gmail . com or WhatsApp +1 (607) 698-0239. And he will recover your stolen coins back in your wallet account in full...he has all it takes and his a very straight forward person!!!
I recommend him too anyone out there, who has fall a victim of crypto scam before.
Post a Comment