My CEO got an OS failure on his laptop (Windows doesn't load anymore), the drive is healthy.
I need to backup all his data, I don't care about fixing the problem, since I already provided a new laptop, so I can decrypt or just mount & browse the drive.
We are a business unit of a large corporation, but we have a "stand-alone" SafeBoot 5.2 installation, so I'M the IT
My conditions are this:
Defective Windows installation that doesn't load (BSOD after BMLoad.sys driver loading, also in safe mode). Safeboot login and password authentication works normally at boot.
Safeboot version : 5.2.4
Encryption: RC5 1024 - 12 rounds
I tried SafeTech BartPE plugin, with the correct SbAlg (got from Safeboot 5.2.0 installation CD), but when I try to load the SDB file I get a "Unsupported Encryption Algorithm".
The same happens also if I try to auth from SBFS (with a valid login)
So now I'm stuck on this.
I just want to browse this drive and get documents off it
Thank you all
Solved! Go to Solution.
Yes, I'm using BartPE provided by our Corporate IT, built for AES Encryption..
I loaded it on USB stick, and I just deleted the two SbAlg.sys and dll files, putting then my RC5 files..
When I open SafeTech app, I can choose the correct alg on the option menu, so the program saw it.
is that wrong?
Should I do something different?
Where to get another version of BartPE?
Thanks for fast answer!
yeah.. I did it.
This time, I created by myself with the pe plugin provided on the original setup that we have.
I just changed the provided AES with the RC5 alg files..
No problem at all
So, I would suggest to other users:
Putting different SbAlg files on an already created BartPE USB stick MAY NOT work.
You have to do it before building BartPE
I am guessing you missed out replacing one of the files - maybe sbalg.sys in the system32/drivers directory? Good advice though.
I tried this way:
Used BartPE built on AES 256 for USB stick from our Global Corporate IT
Once BartPE OS loaded, I changed SbAlg.sys and SbAlg.dll (and .vxd too) with the one took from my installation source, on %Drive%\Programs\Safeboot\SbAlg
When I was opening SafeTech, on "Algorithm - Select Alg" I was able to view the RC5 1024 encryption..
Once opened the SDB, or the SBFS, it showed me a popup with the computer name that I was trying to restore, once pressed OK I got the "on-topic" error.
I also changed the SafeTech executable with the one from my installation CD.. same happened.
So i rebuilt BarPE with the same files, and no more worries.
yes, you can't do that - drivers are loaded into memory when the OS starts, so overwriting them afterwards doesnt do anything - the running copy is still the original one.