CentOS 7 fuse-dislocker 0.5.1-2.el7 double free on Windows 10 standard TPM encrypted volume #102

nealian · 2017-02-08T21:29:47Z

[root@localhost ~]# dislocker-fuse -vvvv -V /dev/sda4 /mnt/bs1
Wed Feb  8 14:12:51 2017 [DEBUG] Verbosity level to DEBUG (4) into 'stdout'
Wed Feb  8 14:12:51 2017 [INFO] dislocker by Romain Coltel, v0.5.1 (compiled for Linux/x86_64)
Wed Feb  8 14:12:51 2017 [DEBUG] --- Config...
Wed Feb  8 14:12:51 2017 [DEBUG]    Verbosity: 4
Wed Feb  8 14:12:51 2017 [DEBUG]    Trying to decrypt '/dev/sda4'
Wed Feb  8 14:12:51 2017 [DEBUG]    	using a clear key on the volume
Wed Feb  8 14:12:51 2017 [DEBUG]    Using the first valid metadata block
Wed Feb  8 14:12:51 2017 [DEBUG] ... End config ---
Wed Feb  8 14:12:51 2017 [DEBUG] Trying to open '/dev/sda4'...
Wed Feb  8 14:12:51 2017 [DEBUG] Trying to open '/dev/sda4'...
Wed Feb  8 14:12:51 2017 [DEBUG] Opened (fd #3).
Wed Feb  8 14:12:51 2017 [DEBUG] Opened (fd #3).
Wed Feb  8 14:12:51 2017 [DEBUG] New memory allocation at 0x7f190577b7d0 (0x18 bytes allocated)
Wed Feb  8 14:12:51 2017 [DEBUG] New memory allocation at 0x7f190577b7f0 (0x90 bytes allocated)
Wed Feb  8 14:12:51 2017 [DEBUG] New memory allocation at 0x7f190577b890 (0x200 bytes allocated)
Wed Feb  8 14:12:51 2017 [DEBUG] Positionnong #3 at offset 0 from 0
Wed Feb  8 14:12:51 2017 [DEBUG] Reading volume header...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0x200 bytes from #3 into 0x7f190577b890
Wed Feb  8 14:12:51 2017 [DEBUG] Volume header read
Wed Feb  8 14:12:51 2017 [DEBUG] =====[ Volume header informations ]=====
Wed Feb  8 14:12:51 2017 [DEBUG]   Signature: '-FVE-FS-'
Wed Feb  8 14:12:51 2017 [DEBUG]   Sector size: 0x0200 (512) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Sector per cluster: 0x08 (8) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Reserved clusters: 0x0000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Fat count: 0x00 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Root entries: 0x0000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Number of sectors (16 bits): 0x0000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Media descriptor: 0xf8 (248) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Sectors per fat: 0x0000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Hidden sectors: 0x0011b800 (1161216) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Number of sectors (32 bits): 0x00000000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Number of sectors (64 bits): 0x0000000000000000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   MFT start cluster: 0x0000000000060001 (393217) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Metadata Lcn: 0x0000000000000000 (0) bytes
Wed Feb  8 14:12:51 2017 [DEBUG]   Volume GUID: '92A84D3B-DD80-4D0E-9E4E-B1E3284EAED8'
Wed Feb  8 14:12:51 2017 [DEBUG]   First metadata header offset:  0x000000000ecb9000
Wed Feb  8 14:12:51 2017 [DEBUG]   Second metadata header offset: 0x000000004eaa4000
Wed Feb  8 14:12:51 2017 [DEBUG]   Third metadata header offset:  0x0000000083ae3000
Wed Feb  8 14:12:51 2017 [DEBUG]   Boot Partition Identifier: '0xaa55'
Wed Feb  8 14:12:51 2017 [DEBUG] ========================================
Wed Feb  8 14:12:51 2017 [INFO] Volume has EOW_INFORMATION_OFFSET_GUID.
Wed Feb  8 14:12:51 2017 [DEBUG] Positionnong #3 at offset 70541312 from 0
Wed Feb  8 14:12:51 2017 [DEBUG] Reading EOW Information header at 0x4346000...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0x38 bytes from #3 into 0x7ffc4c187370
Wed Feb  8 14:12:51 2017 [DEBUG] New memory allocation at 0x7f190577baa0 (0x70 bytes allocated)
Wed Feb  8 14:12:51 2017 [DEBUG] Reading EOW information's payload...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0 bytes from #3 into 0x7f190577bad8
Wed Feb  8 14:12:51 2017 [DEBUG] End get_eow_information.
Wed Feb  8 14:12:51 2017 [DEBUG] =======================[ BitLocker EOW informations ]========================
Wed Feb  8 14:12:51 2017 [DEBUG]   Signature: 'FVE-EOW'
Wed Feb  8 14:12:51 2017 [DEBUG]   Structure size: 0x0038 (56)
Wed Feb  8 14:12:51 2017 [DEBUG]   On-disk size: 0x0070 (112)
Wed Feb  8 14:12:51 2017 [DEBUG]   Sector size (1): 0x0200 (512)
Wed Feb  8 14:12:51 2017 [DEBUG]   Sector size (2): 0x1000 (4096)
Wed Feb  8 14:12:51 2017 [DEBUG]   Unknown (0x14): 0x00100000 (1048576)
Wed Feb  8 14:12:51 2017 [DEBUG]   Convlog size: 0x00010c00 (68608)
Wed Feb  8 14:12:51 2017 [DEBUG]   Unknown (0x1c): 0x00008400 (33792)
Wed Feb  8 14:12:51 2017 [DEBUG]   Number of regions: 7
Wed Feb  8 14:12:51 2017 [DEBUG]   Crc32: cbda89c
Wed Feb  8 14:12:51 2017 [DEBUG]   On-disk offsets: 0x7f190577bac8
Wed Feb  8 14:12:51 2017 [DEBUG] =============================================================================
Wed Feb  8 14:12:51 2017 [DEBUG] Freeing pointer at address 0x7f190577baa0
Wed Feb  8 14:12:51 2017 [DEBUG] Entering get_eow_check_valid
Wed Feb  8 14:12:51 2017 [DEBUG] Positionnong #3 at offset 70541312 from 0
Wed Feb  8 14:12:51 2017 [DEBUG] Reading EOW Information header at 0x4346000...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0x38 bytes from #3 into 0x7ffc4c187370
Wed Feb  8 14:12:51 2017 [DEBUG] New memory allocation at 0x7f190577baa0 (0x70 bytes allocated)
Wed Feb  8 14:12:51 2017 [DEBUG] Reading EOW information's payload...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0 bytes from #3 into 0x7f190577bad8
Wed Feb  8 14:12:51 2017 [DEBUG] End get_eow_information.
Wed Feb  8 14:12:51 2017 [DEBUG] Looking if 0xd3a99ea4 == 0xcbda89c for EOW information validation
Wed Feb  8 14:12:51 2017 [DEBUG] Freeing pointer at address 0x7f190577baa0
Wed Feb  8 14:12:51 2017 [DEBUG] Positionnong #3 at offset 1679491072 from 0
Wed Feb  8 14:12:51 2017 [DEBUG] Reading EOW Information header at 0x641b0000...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0x38 bytes from #3 into 0x7ffc4c187370
Wed Feb  8 14:12:51 2017 [DEBUG] New memory allocation at 0x7f190577baa0 (0x70 bytes allocated)
Wed Feb  8 14:12:51 2017 [DEBUG] Reading EOW information's payload...
Wed Feb  8 14:12:51 2017 [DEBUG] Reading 0 bytes from #3 into 0x7f190577bad8
Wed Feb  8 14:12:51 2017 [DEBUG] End get_eow_information.
Wed Feb  8 14:12:51 2017 [DEBUG] Looking if 0xd3a99ea4 == 0xcbda89c for EOW information validation
Wed Feb  8 14:12:51 2017 [DEBUG] Freeing pointer at address 0x7f190577baa0
Wed Feb  8 14:12:51 2017 [INFO] EOW information at offset 4346000 passed the tests
Wed Feb  8 14:12:51 2017 [DEBUG] Freeing pointer at address 0x7f190577baa0
*** Error in `dislocker-fuse': double free or corruption (fasttop): 0x00007f190577baa0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7f190396f503]
/lib64/libdislocker.so.0.5(dis_free+0x25)[0x7f1904588cce]
/lib64/libdislocker.so.0.5(dis_metadata_initialize+0xa30)[0x7f190458b6f7]
/lib64/libdislocker.so.0.5(dis_initialize+0x1d7)[0x7f190458752b]
dislocker-fuse(main+0x5a)[0x7f1904bfc21d]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f1903914b35]
dislocker-fuse(+0xda9)[0x7f1904bfbda9]
======= Memory map: ========
7f18f8000000-7f18f8021000 rw-p 00000000 00:00 0 
7f18f8021000-7f18fc000000 ---p 00000000 00:00 0 
7f18fc66c000-7f18fc681000 r-xp 00000000 fd:00 131098                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f18fc681000-7f18fc880000 ---p 00015000 fd:00 131098                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f18fc880000-7f18fc881000 r--p 00014000 fd:00 131098                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f18fc881000-7f18fc882000 rw-p 00015000 fd:00 131098                     /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f18fc882000-7f1902dab000 r--p 00000000 fd:00 135413                     /usr/lib/locale/locale-archive
7f1902dab000-7f1902dad000 r-xp 00000000 fd:00 135311                     /usr/lib64/libfreebl3.so
7f1902dad000-7f1902fac000 ---p 00002000 fd:00 135311                     /usr/lib64/libfreebl3.so
7f1902fac000-7f1902fad000 r--p 00001000 fd:00 135311                     /usr/lib64/libfreebl3.so
7f1902fad000-7f1902fae000 rw-p 00002000 fd:00 135311                     /usr/lib64/libfreebl3.so
7f1902fae000-7f19030ae000 r-xp 00000000 fd:00 135372                     /usr/lib64/libm-2.17.so
7f19030ae000-7f19032ae000 ---p 00100000 fd:00 135372                     /usr/lib64/libm-2.17.so
7f19032ae000-7f19032af000 r--p 00100000 fd:00 135372                     /usr/lib64/libm-2.17.so
7f19032af000-7f19032b0000 rw-p 00101000 fd:00 135372                     /usr/lib64/libm-2.17.so
7f19032b0000-7f19032b8000 r-xp 00000000 fd:00 135368                     /usr/lib64/libcrypt-2.17.so
7f19032b8000-7f19034b7000 ---p 00008000 fd:00 135368                     /usr/lib64/libcrypt-2.17.so
7f19034b7000-7f19034b8000 r--p 00007000 fd:00 135368                     /usr/lib64/libcrypt-2.17.so
7f19034b8000-7f19034b9000 rw-p 00008000 fd:00 135368                     /usr/lib64/libcrypt-2.17.so
7f19034b9000-7f19034e7000 rw-p 00000000 00:00 0 
7f19034e7000-7f19034ee000 r-xp 00000000 fd:00 135394                     /usr/lib64/librt-2.17.so
7f19034ee000-7f19036ed000 ---p 00007000 fd:00 135394                     /usr/lib64/librt-2.17.so
7f19036ed000-7f19036ee000 r--p 00006000 fd:00 135394                     /usr/lib64/librt-2.17.so
7f19036ee000-7f19036ef000 rw-p 00007000 fd:00 135394                     /usr/lib64/librt-2.17.so
7f19036ef000-7f19036f1000 r-xp 00000000 fd:00 135370                     /usr/lib64/libdl-2.17.so
7f19036f1000-7f19038f1000 ---p 00002000 fd:00 135370                     /usr/lib64/libdl-2.17.so
7f19038f1000-7f19038f2000 r--p 00002000 fd:00 135370                     /usr/lib64/libdl-2.17.so
7f19038f2000-7f19038f3000 rw-p 00003000 fd:00 135370                     /usr/lib64/libdl-2.17.so
7f19038f3000-7f1903aa9000 r-xp 00000000 fd:00 135364                     /usr/lib64/libc-2.17.so
7f1903aa9000-7f1903ca9000 ---p 001b6000 fd:00 135364                     /usr/lib64/libc-2.17.so
7f1903ca9000-7f1903cad000 r--p 001b6000 fd:00 135364                     /usr/lib64/libc-2.17.so
7f1903cad000-7f1903caf000 rw-p 001ba000 fd:00 135364                     /usr/lib64/libc-2.17.so
7f1903caf000-7f1903cb4000 rw-p 00000000 00:00 0 
7f1903cb4000-7f1903eea000 r-xp 00000000 fd:00 141923                     /usr/lib64/libruby.so.2.0.0
7f1903eea000-7f19040e9000 ---p 00236000 fd:00 141923                     /usr/lib64/libruby.so.2.0.0
7f19040e9000-7f19040ee000 r--p 00235000 fd:00 141923                     /usr/lib64/libruby.so.2.0.0
7f19040ee000-7f19040f1000 rw-p 0023a000 fd:00 141923                     /usr/lib64/libruby.so.2.0.0
7f19040f1000-7f1904111000 rw-p 00000000 00:00 0 
7f1904111000-7f190415f000 r-xp 00000000 fd:00 137214                     /usr/lib64/libmbedcrypto.so.2.3.0
7f190415f000-7f190435e000 ---p 0004e000 fd:00 137214                     /usr/lib64/libmbedcrypto.so.2.3.0
7f190435e000-7f1904361000 r--p 0004d000 fd:00 137214                     /usr/lib64/libmbedcrypto.so.2.3.0
7f1904361000-7f1904362000 rw-p 00050000 fd:00 137214                     /usr/lib64/libmbedcrypto.so.2.3.0
7f1904362000-7f1904365000 rw-p 00000000 00:00 0 
7f1904365000-7f190437c000 r-xp 00000000 fd:00 135390                     /usr/lib64/libpthread-2.17.so
7f190437c000-7f190457b000 ---p 00017000 fd:00 135390                     /usr/lib64/libpthread-2.17.so
7f190457b000-7f190457c000 r--p 00016000 fd:00 135390                     /usr/lib64/libpthread-2.17.so
7f190457c000-7f190457d000 rw-p 00017000 fd:00 135390                     /usr/lib64/libpthread-2.17.so
7f190457d000-7f1904581000 rw-p 00000000 00:00 0 
7f1904581000-7f1904599000 r-xp 00000000 fd:00 142758                     /usr/lib64/libdislocker.so.0.5.1
7f1904599000-7f1904799000 ---p 00018000 fd:00 142758                     /usr/lib64/libdislocker.so.0.5.1
7f1904799000-7f190479a000 r--p 00018000 fd:00 142758                     /usr/lib64/libdislocker.so.0.5.1
7f190479a000-7f190479b000 rw-p 00019000 fd:00 142758                     /usr/lib64/libdislocker.so.0.5.1
7f190479b000-7f19047c6000 r-xp 00000000 fd:00 136859                     /usr/lib64/libfuse.so.2.9.2
7f19047c6000-7f19049c6000 ---p 0002b000 fd:00 136859                     /usr/lib64/libfuse.so.2.9.2
7f19049c6000-7f19049d8000 r--p 0002b000 fd:00 136859                     /usr/lib64/libfuse.so.2.9.2
7f19049d8000-7f19049d9000 rw-p 0003d000 fd:00 136859                     /usr/lib64/libfuse.so.2.9.2
7f19049d9000-7f19049f9000 r-xp 00000000 fd:00 135357                     /usr/lib64/ld-2.17.so
7f1904bdd000-7f1904be4000 rw-p 00000000 00:00 0 
7f1904bf5000-7f1904bf8000 rw-p 00000000 00:00 0 
7f1904bf8000-7f1904bf9000 r--p 0001f000 fd:00 135357                     /usr/lib64/ld-2.17.so
7f1904bf9000-7f1904bfa000 rw-p 00020000 fd:00 135357                     /usr/lib64/ld-2.17.so
7f1904bfa000-7f1904bfb000 rw-p 00000000 00:00 0 
7f1904bfb000-7f1904bfd000 r-xp 00000000 fd:00 166210                     /usr/bin/dislocker-fuse
7f1904dfc000-7f1904dfd000 r--p 00001000 fd:00 166210                     /usr/bin/dislocker-fuse
7f1904dfd000-7f1904dfe000 rw-p 00002000 fd:00 166210                     /usr/bin/dislocker-fuse
7f190577a000-7f190579b000 rw-p 00000000 00:00 0                          [heap]
7ffc4c168000-7ffc4c189000 rw-p 00000000 00:00 0                          [stack]
7ffc4c195000-7ffc4c197000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted (core dumped)

The same thing happens with a recovery-password method.

The text was updated successfully, but these errors were encountered:

Aorimn · 2017-02-09T11:40:54Z

Hi,
This is indeed a bug in this version. To workaround this, resume the encryption in windows, wait for it to finish ad then reuse dislocker.

Sjigd · 2017-11-24T13:19:17Z

Hi,
Same issue here. I am booting a Linux Ubuntu Os and using dislocker there. Problem is i do know the user key of Bitlocker but have no access to the recovery key. And if i resume Windows encryption and get passed the Bitlocker screen then i can not boot into Linux. Is there a way to decrypt the disk and retrieve the files with this scenario?.
Thanks in advance.

Aorimn · 2017-12-02T12:23:54Z

I might have not been entirely clear here.
The workaround is to resume the encryption process done by Windows and wait for it to finish, then reboot on linux and use dislocker.

nealian · 2017-12-02T13:14:08Z

For what it's worth, I don't think that you understood in my case that it had been so already. The drive was successfully encrypted using bitlocker in Windows, but it still hit this double-free. I had honestly just given up and used more crude methods within Windows itself and with the Windows recovery environment to solve the problems I needed to open the drive for. It was much more crude than it would have been with all of the file and filesystem tools available in Linux, had I been able to open the drive with Dislocker.

…

On Sat, Dec 2, 2017, 05:23 Aorimn ***@***.***> wrote: I might have not been entirely clear here. The workaround is to resume the *encryption process* done by Windows and wait for it to finish, *then* reboot on linux and use dislocker. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#102 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA0zW_4NC4Iv-VwwbMKH1VpAdeyBMuWOks5s8UFbgaJpZM4L7Yxk> .

Aorimn · 2017-12-02T14:16:11Z

Thanks @nealian for your reply, I indeed did not understood this for you.
I'll have a look into this.

Andrew-J-Larson mentioned this issue Jun 15, 2021

Missing identifier for Bitlocker Used Disk Space Only encryption libyal/libbde#39

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CentOS 7 fuse-dislocker 0.5.1-2.el7 double free on Windows 10 standard TPM encrypted volume #102

CentOS 7 fuse-dislocker 0.5.1-2.el7 double free on Windows 10 standard TPM encrypted volume #102

nealian commented Feb 8, 2017

Aorimn commented Feb 9, 2017

Sjigd commented Nov 24, 2017

Aorimn commented Dec 2, 2017

nealian commented Dec 2, 2017 via email

Aorimn commented Dec 2, 2017

CentOS 7 fuse-dislocker 0.5.1-2.el7 double free on Windows 10 standard TPM encrypted volume #102

CentOS 7 fuse-dislocker 0.5.1-2.el7 double free on Windows 10 standard TPM encrypted volume #102

Comments

nealian commented Feb 8, 2017

Aorimn commented Feb 9, 2017

Sjigd commented Nov 24, 2017

Aorimn commented Dec 2, 2017

nealian commented Dec 2, 2017 via email

Aorimn commented Dec 2, 2017