Endpoint Encryption

Here is the case.

Hard drive with 3 partitions. First is system /windows7/, not encrypted.

Second and third partitions encrypted with password 2 weeks ago and no reboot follow.

After reboot ofcourse asks for password decrypting part 2 and 3.

Password is ... forgotten. Part of it i know, rest i dont remember.

Anyway, to be able to get on my windows 7, i just did in recovery console/win7 dvd/ bootsect /fixmbr.

Started windows7 and pgp desktop 10.1.1 did not recognized the partitions 2 and 3.

Removed the HDD and attached to another computer with winxp and PGP desktop 10.1.1 installed.

Asked for password on partitions 2 and 3- good. I still cant remember the password but...

Then i put back hdd to laptop and encrypted system disk too, just to be sure if i did something wrong or just forgot the password.

Well encrypted , reboot- ask for password - all went fine.

Then reboot and decrypted it with recovery cd 10.1.1 /took 18 hours/ for 60G...

Now part 2 and 3 cant be seen/not ask for password/ on windowsXP second pc.

Recovery CD 10.1.1 cant find them too.

Recovery CD 10.2 seems to find something.

My question is - if i remember the password.....which i doubt.. can i use recovery 10.2 to try decrypt it?

Or any suggestion how to extract those partitions and mount somewhere where asked for password so i can try "remember" by trying all

variants i may be put for password.

It sounds like you were at a point where you could have decrypted (if you can recall the passphrase):

"Removed the HDD and attached to another computer with winxp and PGP desktop 10.1.1 installed.Asked for password on partitions 2 and 3- good."

The documentation stresses that with the WDE Recovery CD, you must use the same version for decryption. If you have to use a different version for some reason, using a newer version is less likely to cause data loss than using an older version.

you can use pgpwde commands

Use --decrypt with the  --interactive option and you can try authorization as much times as you want.

http://www.symantec.com/business/support/index?page=answerlink&url=http%3A%2F%2Fwww.symantec.com%2Fbusiness%2Fsupport%2Findex%3Fpage%3Dcontent%26id%3DTECH149100%26actp%3Dsearch%26viewlocale%3Den_US&answerid=16777220&searchid=1327333922706

I wish i could use pgpwde commands, but

currently pgpwde does not recognize d: e:, which are crypted as crypted disks

they are on disk0, resp partition 3 and 4

C:\Program Files (x86)\PGP Corporation\PGP Desktop>PGPwde.exe --enum
Total number of installed fixed/removable storage
device (excluding floppy and CDROM): 1
Unmanaged disks:
  Disk 0 has 1 online volumes:
    volume C:\ is on partition 2 with offset 979960
Request sent to Enumerate disks was successful

C:\Program Files (x86)\PGP Corporation\PGP Desktop>PGPwde.exe --interactive --de
crypt --disk 0 --partition 3
Enter Passphrase:
Enter Admin Passphrase:
Operation start decrypt disk failed:
Error code -11973: resources unavailable

also i try pgpwde under linux - same sutiation

try pgpwde --recover --disk 0 -u USER -p PASS

and will post results

short how-to

1. took out all sectors from track0, 0-63, actulay only 0-15 was used.

2. under win7 made virtual disk 6mb. , i put those sectors as track0 to that new virt drive to simulate my original drive

3. installed vmware under win7 and ubuntu as vm

4. installed pgp under ubuntu

5. used --recover option with pgpwde and that virtual diski created, takes not much time, since "disk" is only 6 MB, so bruteforce is possible

6. generated 5700 possible passwords i may put...

7. made a script for bruteforce using those passwords

8. took not much time to find my password:)

9. now i am going to decrypt ...:)

took 8 days to decrypt 600gb data

well, what script?