dissect.fve¶
A Dissect module implementing parsers for full volume encryption implementations, currently Microsoft’s Bitlocker Disk Encryption (BDE) and Linux Unified Key Setup (LUKS1 and LUKS2).
Full volume and disk encryption schemes
Installation¶
dissect.fve
is available on PyPI.
$ pip install dissect.fve
This module is also automatically installed if you install the dissect
package.
Usage¶
This package is a library with a CLI tool, so you primarily interact with it from Python. For example, to open and decrypt a BitLocker encrypted volume for reading:
from dissect.fve import BDE
from dissect.ntfs import NTFS
with open("path/to/bitlocker/file.dd", "rb") as fh:
bde = BDE(fh)
bde.unlock_with_passphrase("kusjesvansrt<3")
fs = NTFS(bde.open())
print(fs.get("/").listdir())
file_fh = fs.get("/file.txt").open() # This is just another file-like object
print(file_fh.read())
Tools¶
fve-dd - CLI interface¶
Utility to decrypt BitLocker or LUKS volumes and write them to a file.
fve-dd [-h] [-p PASSPHRASE] [-r RECOVERY] [-f UNLOCK_FILE] [--key-slot KEY_SLOT]
[--keyfile-offset KEYFILE_OFFSET] [--keyfile-size KEYFILE_SIZE] -o OUTPUT [-v]
input
fve-dd positional arguments¶
input
- path to container with encrypted volume (default:None
)
fve-dd optional arguments¶
-p
PASSPHRASE
,--passphrase
PASSPHRASE
- user passphrase (default:None
)-r
RECOVERY
,--recovery
RECOVERY
- recovery passphrase (default:None
)-f
UNLOCK_FILE
,--unlock-file
UNLOCK_FILE
- unlock file (default:None
)--key-slot
KEY_SLOT
- LUKS keyslot (default:None
)--keyfile-offset
KEYFILE_OFFSET
- LUKS keyfile offset (default:None
)--keyfile-size
KEYFILE_SIZE
- LUKS keyfile size (default:None
)-o
OUTPUT
,--output
OUTPUT
- path to output file (default:None
)
Reference¶
For more details, please refer to the API documentation of dissect.fve
.