Open source tools for accessing FileVault-encrypted Macs

FileVault logoThe libfvde project’s open source library and tools allow users to access data on volumes that have been encrypted with Apple’s FileVault2hard disk encryption program on Mac OS X 10.7 Lion. With libfvde and fvdetools, these volumes can be read using either a Mac OS X or a Linux system.

The tools use Filesystem in Userspace (FUSE) to, for example, mount an image of a Mac system disk encrypted with FileVault2. To this end, they extract the volume master key – although the user still needs to unlock it by entering the password. This means that if a user doesn’t know the volume’s password, libfvde can’t access the encoded data. A wiki page explains the first steps involved for working with fvdemount and other programs.

However, a few quick tests conducted by The H’s associates at heise Security revealed a significant limitation: libfvde currently only works with system volumes, for which Mac OS X creates a special recovery partition that includes a file called EncryptedRoot.plist.wipekey with a copy of the required encoded volume master key. Mac OS X Lion can also encrypt external hard drives and USB flash drives with FileVault2, but it doesn’t create a recovery partition for these. Project head Joachim Metz told heise Security that he and his team members are still looking for a way to extract the key needed for decoding volumes without a recovery partition.

The libfvde library and tools are available to download from the project’s Google Code page and are licensed under the LGPLv3.





Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s