EncryptedRoot.plist.wipekey missing on Recovery HD #67
Description
Hi
I am working with the wiki tutorial to access the disk on my broken laptopt. I run mmls and find a Recovery partition:
lex@workstation:~$ sudo mmls -v /dev/sdb
tsk_img_open: Type: 0 NumImg: 1 Img1: /dev/sdb
aff_open: Error determining type of file: /dev/sdb
aff_open: Success
Error opening vmdk file
Error checking file signature for vhd file
tsk_img_findFiles: /dev/sdb found
tsk_img_findFiles: 1 total segments found
raw_open: segment: 0 size: 500107862016 max offset: 500107862016 path: /dev/sdb
dos_load_prim: Table Sector: 0
raw_read: byte offset: 0 len: 65536
raw_read: found in image 0 relative offset: 0 len: 65536
raw_read_segment: opening file into slot 0: /dev/sdb
dos_load_prim_table: Testing FAT/NTFS conditions
load_pri:0:0 Start: 1 Size: 976773167 Type: 238
load_pri:0:1 Start: 0 Size: 0 Type: 0
load_pri:0:2 Start: 0 Size: 0 Type: 0
load_pri:0:3 Start: 0 Size: 0 Type: 0
bsd_load_table: Table Sector: 1
gpt_load_table: Sector: 1
gpt_load: 0 Starting Sector: 40 End: 409639 Flag: 0
gpt_load: 1 Starting Sector: 409640 End: 975503591 Flag: 0
gpt_load: 2 Starting Sector: 975503592 End: 976773127 Flag: 2000000000000
gpt_load: 3 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 4 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 5 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 6 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 7 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 8 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 9 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 10 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 11 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 12 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 13 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 14 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 15 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 16 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 17 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 18 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 19 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 20 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 21 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 22 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 23 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 24 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 25 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 26 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 27 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 28 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 29 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 30 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 31 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 32 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 33 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 34 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 35 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 36 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 37 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 38 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 39 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 40 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 41 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 42 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 43 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 44 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 45 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 46 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 47 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 48 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 49 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 50 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 51 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 52 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 53 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 54 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 55 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 56 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 57 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 58 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 59 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 60 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 61 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 62 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 63 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 64 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 65 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 66 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 67 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 68 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 69 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 70 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 71 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 72 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 73 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 74 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 75 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 76 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 77 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 78 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 79 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 80 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 81 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 82 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 83 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 84 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 85 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 86 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 87 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 88 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 89 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 90 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 91 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 92 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 93 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 94 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 95 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 96 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 97 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 98 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 99 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 100 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 101 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 102 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 103 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 104 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 105 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 106 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 107 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 108 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 109 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 110 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 111 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 112 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 113 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 114 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 115 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 116 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 117 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 118 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 119 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 120 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 121 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 122 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 123 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 124 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 125 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 126 Starting Sector: 0 End: 0 Flag: 0
gpt_load: 127 Starting Sector: 0 End: 0 Flag: 0
mm_open: Ignoring DOS Safety GPT Partition
sun_load_table: Trying sector: 0
sun_load_table: Trying sector: 1
mac_load_table: Sector: 1
mac_load: Missing initial magic value
mac_open: Trying 4096-byte sector size instead of 512-byte
mac_load_table: Sector: 1
mac_load: Missing initial magic value
GUID Partition Table (EFI)
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description
000: Meta 0000000000 0000000000 0000000001 Safety Table
001: ------- 0000000000 0000000039 0000000040 Unallocated
002: Meta 0000000001 0000000001 0000000001 GPT Header
003: Meta 0000000002 0000000033 0000000032 Partition Table
004: 000 0000000040 0000409639 0000409600 EFI System Partition
005: 001 0000409640 0975503591 0975093952 main
006: 002 0975503592 0976773127 0001269536 Recovery HD
007: ------- 0976773128 0976773167 0000000040 Unallocated
Now I use the offset of the Recovery Partition and get nothing
$ sudo fls -r -o 0975503592 /dev/sdb |grep -i key
$
Ok, let the grep be and I find:
$ sudo fls -r -o 0975503592 /dev/sdb
r/r 3: $ExtentsFile
r/r 4: $CatalogFile
r/r 5: $BadBlockFile
r/r 6: $AllocationFile
r/r 8: $AttributesFile
d/d 22: .fseventsd
+ r/r 23: no_log
d/d 19: .HFS+ Private Directory Data^
r/r 16: .journal
r/r 17: .journal_info_block
r/r 21: .metadata_never_index
d/d 20: .Trashes
d/d 643: com.apple.boot.R
+ d/d 644: Library
++ d/d 645: Preferences
+++ d/d 646: SystemConfiguration
++++ r/r 647: com.apple.Boot.plist
+ d/d 664: System
++ d/d 665: Library
+++ d/d 666: PrelinkedKernels
++++ r/r 667: prelinkedkernel
+ d/d 648: usr
++ d/d 649: standalone
+++ d/d 650: i386
++++ d/d 651: EfiLoginUI
+++++ r/r 652: appleLogo.efires
+++++ r/r 653: battery.efires
+++++ r/r 654: disk_passwordUI.efires
+++++ r/r 655: flag_picker.efires
+++++ r/r 656: guest_userUI.efires
+++++ r/r 657: loginui.efires
+++++ r/r 658: Lucida13.efires
+++++ r/r 659: Lucida13White.efires
+++++ r/r 660: recovery_user.efires
+++++ r/r 661: recoveryUI.efires
+++++ r/r 662: sound.efires
+++++ r/r 663: unknown_userUI.efires
d/d 24: com.apple.recovery.boot
+ r/r 32: .disk_label
+ r/r 33: .disk_label_2x
+ r/r 30: BaseSystem.chunklist
+ r/r 27: BaseSystem.dmg
+ r/r 25: boot.efi
+ r/r 31: com.apple.Boot.plist
+ r/r 29: PlatformSupport.plist
+ r/r 26: prelinkedkernel
+ r/r 28: SystemVersion.plist
d/d 59: System
+ d/d 60: Library
++ d/d 61: CoreServices
+++ r/r 673: .disk_label
+++ r/r 675: .disk_label.contentDetails
+++ r/r 674: .disk_label_2x
+++ r/r 672: .root_uuid
+++ r/r 671: boot.efi
+++ r/r 669: PlatformSupport.plist
+++ r/r 668: SystemVersion.plist
d/d 18: ^^^^HFS+ Private Data
What is going on? Is is an older format?
fvdeinfo says it is locked
$ sudo fvdeinfo /dev/sdb2
fvdeinfo 20190104
Unable to unlock keys.