8 Replies Latest reply on Sep 2, 2009 7:35 AM by SafeBoot

    Removed Safeboot with wrong .SBD

      Hello,

      I have removed Safeboot v 4.2 from a laptop with Win XP, but after the restart, I had the error "error loading operating system".

      If I plug this drive on my PC with a USB cable, I can see it but in an unrecognized format which means it's still encrypted.

      I'm sure I exported the correct configuration file .SDB corresponding to the laptop from Safeboot console, but there must be something wrong with it!

      I have now an encrypted disk without Safeboot... I tried to boot on the Safetech floppy to restore the SBR but it must read "values from disk" and this gives me an "Unknown error 0x5B010019".
      The emergency boot gives me the same "error loading operating system".

      Do you know how I could fix this? Thanks
        • 1. RE: Removed Safeboot with wrong .SBD
          is the disk decrypted? did you go and do a workspace view on a few sectors (63 for example on most machines).

          if you did use the wrong sdb file, you just have to reencrypt with it, and then decrypt with the right one.
          • 2. RE: Removed Safeboot with wrong .SBD
            Thanks for your reply!

            Here is the workspace view I could get in "Workspace Functions" > "Read from Sectors" > I entered 63 as range. Is that correct?

            0000 46 F3 32 E3 54 1B 1F 08 16 79 74 0B C4 C5 B5 DA F.2.T....yt.....
            0010 AD FF 15 0E 18 A9 7C 0B 68 F8 16 A5 CD BB A4 A1 ......|.h.......
            0020 86 FF C6 4B 2C B6 F7 3A CF 33 B6 88 9F D1 FB 72 ...K,..:.3.....r
            0030 D8 4D 9D 20 49 2C B1 BA 6A BC 8F CD AB F5 84 00 .M. I,..j.......
            0040 1E 93 5E 98 F1 9D DF CC 02 68 69 E2 EA D4 46 78 ..^......hi...Fx
            0050 E2 49 42 E5 A0 F9 10 4C 2B F7 C5 1C A5 36 E0 9D .IB....L+....6..
            0060 D9 04 C6 FB 8D F8 73 03 F9 6C B3 2C 3C 16 FF 06 ......s..l.,<...
            0070 F2 E9 00 9C 23 ED 41 66 67 01 A3 50 C6 59 B5 9F ....#.Afg..P.Y..
            0080 51 C0 C4 14 AE 52 44 0B ED A1 BDnull 9E F9 64 77 F9 Q....RD......dw.
            0090 F0 6E 34 88 6F A4 A2 82 02 2F 88 86 4D C9 08 12 .n4.o..../..M...
            00A0 9F 05 8B 4C 73 F4 37 EB 43 03 0C 64 E5 83 83 0B ...Ls.7.C..d....
            00B0 98 EA F0 F9 84 98 CD 5A 4B A5 C9 96 76 BF C5 0A .......ZK...v...
            00C0 2A 18 83 28 04 07 37 6F 2D 65 47 C7 CD 2D AF E8 *..(..7o-eG..-..
            00D0 A8 E9 F8 D0 8B 6B B7 FC DB F3 9D 86 E2 D3 3F 5A .....k........?Z
            00E0 23 6D 79 EF BC 0F 6C 37 0F 46 08 BF 6B 6F B0null 49 #my...l7.F..ko.I
            00F0 96 B9 E9 63 34 01 66 08 8C BF A4 25 AD BA 8A 80 ...c4.f....%....
            0100 1E CF B2 BF 04 28 25 43 D0 E6 CA 87 7C B3 5D 6A .....(%C....|.]j
            0110 65 98 B9 4F 65 2B 4C 4A 20 62 60 6D 08 46 F9 B1 e..Oe+LJ b`m.F..
            0120 F4 CE 50 16 50 E2 FE B9 F6 41 60 BA 51 53 21 64 ..P.P....A`.QS!d
            0130 74 5A 7D 51 3F 55 51 A9 5F 73 19 09 D2 4C B7 4B tZ}Q?UQ._s...L.K
            0140 A1 A7 BE B4 51 61 BE FB 06 86 09 C5 9C 92 E9 F1 ....Qa..........
            0150 45 CF 38 8F C7 2D 39 0B 41 15 A1 BB 2E AF E9 B3 E.8..-9.A.......
            0160 F9 DC BF EB E8 D0 13 90 7B 01 05 71 51 84 C4 AC ........{..qQ...
            0170 41 1C CF 9A B5 CE 67 22 1A 97 D8 A5 9B C7 D5 B6 A.....g"........
            0180 27 F4 0F 86 2C A7 17 DD 50 01 F6 EA FE 39 1D FC '...,...P....9..
            0190 74 D6 47 59 42 55 91 BF B5 85 E0 ED C5 A1 93 A5 t.GYBU..........
            01A0 D0 8D 98 BC 3A 0E 21 D7 F6 F7 03 6A 15 74 B6 AB ....:.!....j.t..
            01B0 19 0A AC 27 03 15 F7 41 EE 80 F2 60 F5 90 CF D6 ...'...A...`....
            01C0 68 13 F8 53 1D EA A5 25 9A 33 8F 40 73 53 8E 61 h..S...%.3.@sS.a
            01D0 6B B9 02 93 C9 20 11 5A 28 99 17 08 A9 1F 99 75 k.... .Z(......u
            01E0 CF FF 89 77 1E 39 7D 7E BE 17 4A 2B D8 66 FF 73 ...w.9}~..J+.f.s
            01F0 F4 C9 5F 97 D9 83 38 D5 FE A5 97 26 F8 39 15 6B .._...8....&.9.k


            If it's decrypted, how do I reencrypt the whole disk? I can "Encrypt sectors" from "Hard Disk Functions" but I don't know what to enter as range.

            I don't have the correct SDB, I thought the one I used was OK, and it's the only one I have for this laptop...
            But if I can reencrypt the disk, I should be able to login to Safeboot and boot to Windows or Safetech/BartPE to recover the data, right?

            Thanks a lot again!
            • 3. RE: Removed Safeboot with wrong .SBD
              why did you decrypt it in the first place? What was the problem you were trying to resolve?

              I think you need to call your platinum support team and ask them to help you out - it's going to be tough to resolve on your own. That sector certainly looks encrypted to me.

              did the removal happen really quickly, or did it take a few hours? You might want to load up your sdb and do a test decrypt on the workspace just to check whether it really did decrypt it to start with.
              • 4. RE: Removed Safeboot with wrong .SBD
                It was a request for Safeboot uninstallation from the owner of the laptop, we're helpdesk level 2, but level 3 relies on us for this kind of problem. I have no one to help me with this around here. You're my last hope of recovering the data :o

                The removal took about 3 hours, like the ones I did successfully before.
                I tried a test decrypt, here is the result, viewed as unrecognized data in the workspace:

                0000 CB 21 33 62 93 ED FC 0A F9 82 A4 89 25 E6 0C FB .!3b........%...
                0010 AD 89 A7 49 D7 42 09 CF D7 EF E0 06 65 C0 EE 36 ...I.B......e..6
                0020 31 E2 BDnull 4E C1 63 E0 81 80 5A 48 98 A2 29 D4 39 1..N.c...ZH..).9
                0030 AA 3A E1 45 98 F4 BC 56 CD 6B C9 F9 DA CA CC 94 .:.E...V.k......
                0040 8C 56 C6 B6 31 32 98 E0 64 34 4E BB 7C 85 DB FD .V..12..d4N.|...
                0050 6B 65 85 83 A1 F0 10 E2 57 90 1F AD 82 D0 AB EB ke......W.......
                0060 1E C9 B4 29 18 DC 66 FC E7 F6 75 BA 53 9B 1C BE ...)..f...u.S...
                0070 C3 5C 07 E9 80 54 61 05 4C D7 04 E9 AC 78 E6 21 .\...Ta.L....x.!
                0080 E6 EC 5F F8 D9 53 73 F7 80 09 82 D4 11 18 DC 2E .._..Ss.........
                0090 39 B8null E6 76 E0 8B C8 AB 84 2D 81 E0 56 F8 4D B7 9..v.....-..V.M.
                00A0 AC 30 D9 CC 01 A4 8B E7 FD 9B 13 83 FF A0 BC 48 .0.............H
                00B0 EA A1 95 70 A7 BC BC B7 78 A5 53 8C 50 B2 30 DA ...p....x.S.P.0.
                00C0 21 EC 4C 61 87 B2 47 F9 75 BDnull B8null C1 2F B0null 30 08 !.La..G.u.../.0.
                00D0 CA 4F 94 13 1D 64 F5 5E A5 B3 9D FD 8E 56 12 03 .O...d.^.....V..
                00E0 85 4E F9 A4 A7 12 65 70 71 7B 92 02 84 52 D6 06 .N....epq{...R..
                00F0 B7 5A 1C D9 FD F4 A8 0B FC 92 86 64 1C 7F A8 9B .Z.........d....
                0100 5F 6B DC 51 00 8A F0 4E 6A 1F 6D E7 D9 DA 29 F2 _k.Q...Nj.m...).
                0110 FD 55 E6 5E 02 69 06 06 10 69 F0 83 21 DF 5A 1B .U.^.i...i..!.Z.
                0120 2F 6E A5 7F 79 82 DD FE 3A CA 08 27 F7 77 67 E8 /n..y...:..'.wg.
                0130 A5 F2 70 C6 BA A9 E5 EE 3C 70 2F 31 66 E4 2D E0 ..p.....<p/1f.-.
                0140 26 92 92 5E 6F 81 E8 FC 59 E6 00 21 B4 7E BF 7A &..^o...Y..!.~.z
                0150 98 04 F5 E0 C5 DE 54 83 7B 3D 00 9C FE DA 9F 6E ......T.{=.....n
                0160 06 88 ED D1 13 37 39 00 F6 5C 09 98 87 C3 E7 01 .....79..\......
                0170 94 97 EC 50 9D 0B A1 05 2A 4B 69 1B 57 2C 3A 49 ...P....*Ki.W,:I
                0180 DF B7 64 15 E7 4E A0 98 69 8F 04 A1 CF 99 C3 B5 ..d..N..i.......
                0190 D8 BDnull 05 15 D1 BDnull B0null EA 1C CC 0B BB BC 89 61 28 ..............a(
                01A0 AA 44 0D B0null 70 5F 99 DF 8E 91 A5 FF C6 ED E1 7A .D..p_.........z
                01B0 DB B4 09 AB 1B 32 50 43 87 8E 00 EA 03 D6 35 92 .....2PC......5.
                01C0 75 45 2A 67 E2 C3 0C A3 9C 63 D9 CC 64 3B D8 07 uE*g.....c..d;..
                01D0 6E 14 58 12 01 43 C9 E0 A4 F2 2C 93 0E FE DA 7E n.X..C....,....~
                01E0 C1 7B CE 8F 25 87 42 DD 97 26 BDnull CC 79 0E 2E 28 .{..%.B..&..y..(
                01F0 B7 D4 2B 49 77 2F FE C9 BA B4 34 62 05 ED 29 2A ..+Iw/....4b..)*


                I'm leaving work now, I'll be back tomorrow, thanks for your help.
                • 5. RE: Removed Safeboot with wrong .SBD
                  looks indeed like the wrong key was used. If you can't find the right SDB for the machine the data is lost anyway, so maybe it's simpler to give up now.

                  if you can find an alternate sdb, just encrypt the workspace sector with the "wrong" sdb, then decrypt it with the right one - if that works out fine then there's a chance we can get the data back.

                  Why didn't you just set either the policy to "remove" in the database and sync the machine, or even use keysfromtoken/values from disk when removing with SafeTech? There was no need originally to use something as dangerous as the SDB at all?
                  • 6. RE: Removed Safeboot with wrong .SBD
                    Hello again.

                    Like I said, this SDB is the only one I have matching the laptop. I checked the 4 groups of machines in our Safeboot console and also the deleted machines in the System tab... No other match for the laptop's name or ID.

                    So, even if I can reencrypt with this SDB, I won't be able to repair the SBR (because it needs values from disk) and get back to the password prompt at startup?

                    I had to go with the SDB method because the synchronization with the database was broken, and values from disk gave me an error...

                    Well, that was a nice try anyway, thanks for your time happy
                    • 7. RE: Removed Safeboot with wrong .SBD
                      hi!

                      One question:

                      Obviously it is quite dangerous to decrypt a Computer with the wrong sdb.

                      Why isnt then the Safetech tool able to check (before starting the decryption), that the wrong sdb-file is used?


                      Another question:

                      So if I used the wrong sdb for decrypting a computer.
                      What do I have to do?
                      Encrypt the computer again with the wrong sdb, and then decrypt it with the right one?

                      But: HOW can i encrypt a computer with a sdb? How does this work?


                      thank you!
                      • 8. RE: Removed Safeboot with wrong .SBD

                         


                        Why isnt then the Safetech tool able to check (before starting the decryption), that the wrong sdb-file is used?



                        It is, and it does - it will give you a big fat warning if it suspects the key is the wrong one, or can not be validated. You can choose to proceed regardless though of course ignoring this.

                         

                        So if I used the wrong sdb for decrypting a computer.
                        What do I have to do?
                        Encrypt the computer again with the wrong sdb, and then decrypt it with the right one?

                        But: HOW can i encrypt a computer with a sdb? How does this work?



                        just use the disk menu to encrypt the sectors after doing values from database to load up the sdb file, then you can load up the CORRECT SDB and do decrypt sectors to get you back to plain text.

                        finally, you may need to fix the MBR if you did a >remove< with the wrong SDB - you can use "restore original mbr" after loading in the right SDB to do that.