-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
First off I'd like to thank anybody that might be reading this for your
help in trying to get this problem solved. To jump right into things,
I've recently been able to pull the harddrive out of an old MacBook
which was, I believe, running OS/X Tiger at the time of its demise that
I had been using awhile back. I don't currently have easy access to any
macs, unfortunately (budget constraints), but after a whole lot of
searching I finally found some utilities that could help me with getting
my sparseimage encrypted FileVault home directory off of that harddrive
and onto my primary desktop Linux system. Once again, after a whole
bunch of searching, I was FINALLY able to find a utility that would do
decryption and extraction of files of it for me. This being the utility
HFSExplorer 0.21. However, once I pointed it at the correct image file,
I've tried all of the usual suspects for my password, and none of them
are working. This is strange because at the very least the
backup/master system password for that machine was a password that I
KNOW I tried to enter and should have given me access to that disk
image.
Anyway, here is what I'm attempting right now. I've located the file
/mnt/private/var/db/dslocal/nodes/Default/users/myOldUsername.plist
which contains a whole bunch of XML formatted data about the account.
I've run across various resources on the web that are telling me that my
encrypted hash for the account/FileVault password is in there somewhere,
but I'm unable to locate it by first cursory eyeball passes. I'm
thinking that my options are kind of limited at this point to trying to
brute-force the password, which is a pain because I use extremely long
and secure passphrases, but what else can I do? Unless there is some
sort of a known bug in HFSExplorer that is causing my correct password
not to work.
So I guess what I'm wondering at this point is A) if anybody can help me
try to find the encrypted hash in that .plist file so that I can begin
trying a brute force attack on my encrypted image, B) if there might be
any sort of easier way to do this, and C) if there are any other
utilities that might be working a little bit better for me to try to
decrypt this information, being as I'm almost certain that one of the
passwords that I'm trying should be unlocking this AES encryption.
Also if this is not the appropriate newsgroup and anybody can point me
to a more applicable one I would be more than happy to move this there.
Thanks for your time, again. Any tips or pointers in the right
direction are deeply appreciated.
- -Damon Getsman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (OpenBSD)
iQIcBAEBAgAGBQJP5FiYAAoJECqJ6HQbyBt4wtAQAKvNb0ri+9ehTFT9RZvQC7xa
MUBRzOYlTBcsGK4iZLY16R5fK+Je4VofNwg8DQtPfkMgpc4tr1F+G3iliwhe0I1R
hFfe1byoLDmdk7v00pMFaz8b79FIWR36Ecdtj/PNmCKWedTsDQ1LzrwVHJTHEfNK
LQ6rNHlE9PnPM8CQXRxuwKJrPueGRCbP9nIk/9c893yXYqiSMGw1/aaLR5FXAx1s
LzUxrhLnn6Ce8rmCv52L7iGbgUBLPwyPBTG/h9dgQqO/3+iC19W9JjNXTVNRKUQn
IfHguf1PEmw+dauuAgAuPC3myg2abZvkin8ZyhGfYL5Nih37aKTlt6ngPc1qsvS0
8F0gft1NnDRRwDbrq9OmKb4ZS4XDzwTN4oduUzaaTs8CUKJMR4g0yHYLbqViHFEi
y0cky2+uF5xSt01AN+wXK5QIs29HUKbg2XoPw9XCRNvtgxDCLIPEajD+meg1o3uK
DKAARgLBWlvRQZ541I7piRDle4zSDuqqOZ9aKUiYwVzfoWbR+GptuWaXks++g0v7
CVeLp9eiDEcdFjEb0cZlLA3Iq8GbxMdG7FJF9VWGBt7accWKRl2+qasNHwJM1oSx
pCs76K4+BdPBwaXe8ICnsg5Wzof7YhEZ4JQ+fF5EwO0E9TdPR4pZ4ETl/4+RVHz1
wg0U7ckIlIA3a+qtMl56
=IF8A
-----END PGP SIGNATURE-----
