dislocker is a tool to decrypt Microsoft’s BitLocker encrypted volumes from Linux or OSX. dislocker uses a fuse based mechanism to decrypt the volume and mount it so that the user can access (read or write) the files within the volume. Note that this is not a brute force mechanism or hack; the user still needs to provide a valid BEK file (startup key) or numerical key or FVEK (Full Volume Encryption Key) or recovery password or user password for the decryption.

dislocker requires the PolarSSL library to work. It is not available as a package yet. This article explains how to compile and install dislocker from source on Ubuntu.

Installation

Run the following commands on Ubuntu 14.04:

$ sudo apt-get install libpolarssl5 libpolarssl-dev libpolarssl-runtime libfuse-dev

Or, on Ubuntu 16.04:

$ sudo apt-get install libmbedcrypto0 libmbedtls-dev libfuse-dev

Compile and install:

$ git clone https://github.com/Aorimn/dislocker.git $ cd dislocker $ cmake . $ make $ sudo make install

Usage

dislocker provides the following binaries:

dislocker-bek for disecting a .bek file and printing information about it

dislocker-metadata for printing information about a BitLocker-encrypted volume

dislocker-file for decrypting a BitLocker encrypted volume into a flat file formatted as an NTFS volume you can mount

dislocker-fuse called internally by the dislocker command. Dynamically decrypts a BitLocker encrypted volume using FUSE

Switches and options:

Usage: dislocker [-hqrsv] [-l LOG_FILE] [-o OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...] with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-c Options: -c, --clearkey decrypt volume using a clear key (default) -f, --bekfile BEKFILE decrypt volume using the bek file (on USB key) -F, --force-block N force use of metadata block number N (1, 2 or 3) -h, --help print this help and exit -k, --fvek FVEK_FILE decrypt volume using the FVEK directly -l, --logfile LOG_FILE put messages into this file (stdout by default) -o, --offset OFFSET BitLocker partition offset (default is 0) -p, --recovery-password[RECOVERY_PASSWORD] decrypt volume using the recovery password method -q, --quiet do NOT display anything -r, --readonly do not allow to write on the BitLocker volume -s, --stateok do not check the volume's state, assume it's ok to mount it -u, --user-password decrypt volume using the user password method -v, --verbosity increase verbosity (CRITICAL errors are displayed by default) -V, --volume VOLUME volume to get metadata and keys from -- end of program options, beginning of FUSE's ones ARGS are any arguments you want to pass to FUSE. You need to pass at least the mount-point.

On GitHub: dislocker

Similar software