1DISLOCKER-FUSE(1)               DISLOCKER-FUSE               DISLOCKER-FUSE(1)
2
3
4

NAME

6       Dislocker  fuse  -  Read/write BitLocker encrypted volumes under Linux,
7       OSX and FreeBSD.
8

SYNOPSIS

10       dislocker-fuse [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V  VOLUME  DECRYPT‐
11       METHOD -F[N]] [-- ARGS...]
12
13       Where   DECRYPTMETHOD   =   {-p[RECOVERY_PASSWORD]   |  -f  BEK_FILE  |
14       -u[USER_PASSWORD] | -k FVEK_FILE | -K VMK_FILE | -c}
15

DESCRIPTION

17       Given a decryption mean, the program is used to read or write BitLocker
18       encrypted  volumes. Technically, the program will create a virtual NTFS
19       partition that you can mount as any other NTFS partition.
20
21       The virtual partition is linked to the underlying BitLocker volume,  so
22       any  write  to this volume is put on the BitLocker volume as well. How‐
23       ever, you can use dd(1) to get rid of this limitation -- if it's a lim‐
24       itation for you. An example is provided in the EXAMPLES section of this
25       man page.
26

OPTIONS

28       Program's options are described below:
29
30       -c, --clearkey
31              decrypt volume using a clear key which is searched on the volume
32              (default)
33
34       -f, --bekfile BEK_FILE
35              decrypt volume using the bek file (present on a USB key)
36
37       -F, --force-block=[N]
38              force  use  of  metadata block number N (1, 2 or 3).  Without N,
39              the first block is forced.  Without  this  option,  the  program
40              will try each block until a valid one is found
41
42       -h     print the help and exit
43
44       -k, --fvek FVEK_FILE
45              decrypt  volume using the FVEK directly.  See the FVEK FILE sec‐
46              tion below to understand what is to be put into this FVEK_FILE
47
48       -K, --vmk VMK_FILE
49              decrypt volume using the VMK directly.  See the VMK FILE section
50              below to understand what is to be put into this VMK_FILE
51
52       -l, --logfile LOG_FILE
53              put messages into this file (stdout by default)
54
55       -O, --offset OFFSET
56              BitLocker partition offset, in bytes, in base 10 (default is 0).
57              Protip: in your shell, you probably can pass -O  $((0xdeadbeef))
58              if  you have a 16-based number and are too lazy to convert it in
59              another way.
60
61       -p, --recovery-password=[RECOVERY_PASSWORD]
62              decrypt volume using the recovery password method.  If no recov‐
63              ery-password  is  provided, it will be asked afterward; this has
64              the advantage that the program will validate each block  one  by
65              one,  on the fly, as you type it and not to leak the password on
66              the commandline
67
68       -q, --quiet
69              do NOT display any information.  This option has priority on any
70              previous  `-v'.  One probably wants to check the return value of
71              the program when using this option
72
73       -r, --readonly
74              do not allow to write on the BitLocker volume (read only mode)
75
76       -s, --stateok
77              do not check the volume's state, assume it's ok to mount it.  Do
78              not use this if you don't know what you're doing
79
80       -u, --user-password=[USER_PASSWORD]
81              decrypt  the volume using the user password method.  If no user-
82              password is provided, it will be asked afterward; this  has  the
83              advantage not to leak the password on the commandline
84
85       -v, --verbosity
86              increase verbosity (CRITICAL level by default), see also `-q'
87
88       -V, --volume VOLUME
89              volume to get metadata and encrypted keys from
90
91       --     mark  the  end  of program's options and the beginning of FUSE's
92              ones (useful if you want to pass something like -d to FUSE)
93
94       ARGS are any arguments you want to pass to FUSE. Note that you need  to
95       pass at least the mount-point.
96

FVEK FILE

98       The  FVEK file option expects a specific format from the file. The file
99       is split into two major parts:
100              - 2 bytes describing the  encryption  in  use,  from  0x8000  to
101              0x8003 for AES 128 or 256 bits, with or without diffuser.
102
103              - 64 bytes (512 bits) which are the FVEK as in the FVEK key pro‐
104              tector once decrypted.
105
106       The file is therefore 66 bytes long, not more nor less.  Note that  you
107       may have to deal with endianness.
108

EXAMPLES

110       These  are  examples you can run directly.  First, you may want to copy
111       the BitLocker volume:
112
113              % dd if=/dev/sda2 of=encrypted.bitlocker
114
115              This will copy the  entire  volume  located  into  /dev/sda2  to
116              encrypted.bitlocker.   You're  not  forced  to do this step, but
117              this will ensure no write whatsoever is performed  on  the  Bit‐
118              Locker volume.
119
120       Then dislock it:
121
122              %  dislocker  -V encrypted.bitlocker -f /path/to/usb/file.BEK --
123              /mnt/ntfs
124
125              This will create a file into /mnt/ntfs named dislocker-file.
126
127       To mount partitions once decrypted, use this sort of line:
128              % mount -o loop /mnt/ntfs/dislocker-file /mnt/clear
129
130       --
131
132       It seems that you have to unmount the NTFS partition and the  dislocker
133       one  before  halting the system, or you will run into unexpected behav‐
134       iour. In order to do so, you may run  these  commands  (replacing  your
135       mount points):
136              % umount /mnt/clear && umount /mnt/ntfs/dislocker-file
137
138       --
139
140       Note that these are examples and, as such, may need to be modified. For
141       instance, you may want to change the decryption method used in them.
142

AUTHOR

144       This  tool  is  developed  by  Romain   Coltel   on   behalf   of   HSC
145       (http://www.hsc.fr/)
146
147       Feel free to send bugs report to <dislocker __AT__ hsc __DOT__ fr>
148
149
150
151Linux                             2011-09-07                 DISLOCKER-FUSE(1)
Impressum