I have a laptop running Windows 7 Ultimate. I have encrypted my drives using BitLocker. Now I have also installed Lubuntu along with Windows. But my encrypted drives are not visible in Linux. How can I fix this?

2

8 Answers

You can access BitLocker partition under Linux using Dislocker, an opensource driver which is using FUSE (or not).

For that, you need the file on a USB key (the one with the .bek extension) or the recovery password.

5

Thanks to Aorimn, his solution worked for me. I'm fairly unexperienced with Unix, so it cost a few hours to figure it out. I thought I would describe the steps I took while my backup is running :)

My problem was that I could not boot Windows, and I needed a way to access my files on a Bitlocked partition. In order to do this, you need a bitlocker recovery password (8 groups of digits) and the ability to boot your system from USB.

1. Download and install LiLi on an other Windows machine (Linux Live USB Creator)
2. Start LiLi and have it download a lightweight ubuntu image. I chose Xubuntu.
3. Install the image to your USB stick.
4. Boot the problematic machine with the USB stick
5. When you see the ubuntu boot screen, press a key.
6. Under F6, set the following options: nomodeset, acpi=off, noacpi and nolacpi
7. Boot ubuntu.
8. Make a folder /media/windows and /media/mount.
9. Download and extract dislocker
10. sudo apt-get install libfuse-dev libmbedtls-dev
11. change directory to the dislocker/src folder
12. sudo make
13. sudo make install
14. change directory to /usr/bin
15. sudo fdisk -l
16. identify the partition which is bitlocked. Mine was /dev/sda1.
17. sudo dislocker -r -V /dev/sda1 -p315442-000000-000000-000000-000000-000000-000000-000000 -- /media/windows (replace your own bitlocker key and source partition)
18. change dir to /media/windows (use sudo -i if you can't access it)
19. mount -o loop dislocker-file /media/mount
20. You should now see your files in a mounted drive of the file manager.

Backups are fairly slow, but it might save some trouble if you do end up reinstalling windows. Good luck!

3

I just worked out a way to update Kali Linux and install dislocker.

Using Kali Linux 1.0.9a i386 bootable DVD

Edit "/etc/apt/sources.list" and add:

deb trusty main universe

Install programs using Terminal:

apt-get update"
apt-get install git libfuse-dev libpolarssl-dev # Continue through update text, allow services to restart if needed
git clone git://
cd /dislocker/src
make
make install

Find drive Bitlocker volume:

fdisk -l

Make folders in /mnt: tmp, dis.

Run dislocker:

dislocker -v -V /dev/<volume name> -p<Bitlocker key> -- /mnt/tmp

Check if file exists to confirm proper Bitlocker key:

ls /mnt/tmp

Should return dislocker-file if correct.

Mount volume:

mount -o loop,ro /mnt/tmp/dislocker-file /mnt/dis

Browse to /mnt/dis for access to files.

2

CryptSetup has added experimental support for BitLocker as of version 2.3.0 (February 2020), which is available in Ubuntu's repos for 20.10 Groovy onwards, although support will likely improve in later versions.

To open a BitLocker device with a password, use:

sudo cryptsetup open --type=bitlk <device> <name>

or:

sudo cryptsetup bitlkOpen <device> <name>

To open the device with a key file, use:

sudo cryptsetup open --type=bitlk --key-file=/etc/cryptsetup-keys.d/<name>.key <device> <name>

To open the device at boot time, add the following to /etc/crypttab:

<name> PARTUUID=<part_uuid> /etc/cryptsetup-keys.d/<name>.key bitlk

Note:

If a keyfile is not specified, systemd-cryptsetup(8) will automatically try to load it from /etc/cryptsetup-keys.d/name.key and /run/cryptsetup-keys.d/name.key (Source).

So you may replace the path to the key file with - or none.

Possible parameter values:

• device - /dev/sda1
• name - windows
• part_uuid - aaaaaaaa-1111-bbbb-2222-cccccccccccc (find PARTUUID with sudo blkid | grep BitLocker)

Now you can mount the device with the following command:

sudo mount /dev/mapper/windows /path/to/mount/point

Important note:

When setting up BitLocker on a device choose the option that encrypts the whole device (requires more time). The other option uses Encrypt-On-Write conversion model that makes sure that any new disk writes are encrypted as soon as you turn on BitLocker (data that existed on the device before encryption began can still be read and written without encryption) and is not supported by Cryptsetup.

You will get the following error when you try to open the device with Encrypt-On-Write conversion model:

BITLK devices with type 'encrypt-on-write' cannot be activated.

Cryptsetup Manual

Crypttab Manual

Cryptsetup 2.3.0 Release Notes

BitLocker configuration: known issues

Cryptsetup bitlk.c

1

BitLocker is a proprietary, closed-source drive encryption system only supported by Windows. You'll have to remove BitLocker encryption if you want to access your Windows partitions from Linux.

See What is the difference between disabling BitLocker Drive Encryption and decrypting the volume? for instructions on doing so. It would be advisable to have a backup of your data completed first.

Once the drive is decrypted, you can use TrueCrypt instead; reading a System Encryption volume under Linux isn't supported by default, but someone has figured out a work-around. See How to use TrueCrypt®-encrypted Windows system drives on Linux.

At the very least, review the TrueCrypt documentation and more specifically, the list of supported OSes.

Yet another option is PGP Whole Disk Encryption. See PGP Whole Disk Encryption for Dual Boot Linux and Windows XP.

3

Please note that libpolarssl-dev can't be used, it has been supersede with libmbedtls-dev so use this instead:

sudo apt-get install libmbedtls-dev

Note: by the way, it was a success using live boot. I am able to read and write. Just follow above steps.

The only thing I've found that might help you is NVbit. It's an experimental fuse driver that allows you to access BitLocker volumes. It's still in an alpha state, and it looks like you'll have to compile the code yourself. It also only allows read-only access, and some things might not work. I think it's your best bet, though.

5

Hi If Anyone here not understanding this I have one LongCut Techinique.

1. Download Vmware (can also install virtualbox which is free)and Windows 10/11 ISO (can also install win7,8)
2. Then In VmWare Create new Virtual Machine with ISO
3. after win Installation please connect your drive to this VM via VM tab in there
4. Tada! enter your Bitlocker password and access the files.this Win can also be used for testing any other things on windows.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy