5 Replies Latest reply on Sep 9, 2011 9:43 AM by SafeBoot

    HOW TO FORCE DECRYPT A HARDDISK WHICH IS PARTIALLY ENCRYPTED

      Just i force decrypted a harddisk.  It contains 5 partitions.  C, D, E, F, G.  I successfully force decrypted the partitions D, E and F by getting the SDB file from our MCAFEE admin.  But i cant able to force decrypt the C and G drive.  Because the partition start sector of both the drives are encrypted.  But the partition end sector of both the drives are not encrypted.  It may be partially encrypted.

      So can anybody help me, that how to decrypt both the drives.

        • 1. Re: HOW TO FORCE DECRYPT A HARDDISK WHICH IS PARTIALLY ENCRYPTED

          let's start with what version of EEPC you are using - since you posted this in the EPO group (EEPC6), but you mention an SDB file, which is an EEPC5 construct.

           

          so

           

          1. Which version of EEPC are you using?

           

          2. Why are you doing a forced decryption? The standard encryption mode should be used if the disk information is intact.

           

          3. Its quite normal for the last sector of a partition not to be encrypted because it's a marker, it's not a data sector. What about the last-but-one sector?

           

          If indeed encryption was half way through, you're going to have to work out the end point by inspection. The disk information would tell you the exact range, but if that's broken you'll have to work it out manually.

          • 2. Re: HOW TO FORCE DECRYPT A HARDDISK WHICH IS PARTIALLY ENCRYPTED

            I am used EEPC 5.2.6.  I tried all the ways to access my data, i.e., using the wintech cd, get authorised and authenticated, then the data is not showing on the drives, then tried "remove eepc" command, that is also failed.  So i planned to force decrypt.  For force decrypting purpose, i cloned my harddisk and working on the cloned drive only.  Still my original harddisk is safe.

             

            For C drive, 0040965749 is the partition end sector.  I had decrypted 0040965748, 0040965747, 004096746, ………… 0040965727 but found 00 00 00 00 …. …. …. …. on workspace.

            On the sector 0040965726 found some embedded strings, before clicking the Decrypt Workspace in Safeboot Wintech application.  But after clicking the Decrypt Workspace I found the embedded strings only, not the phrases like“A disk read error occurred”, “NTLDR is missing”, etc.,.

             

            For G drive, 0156280319 is the partition end sector.  I had decrypted 0156280319 and 0156280318 but found the 00 00 00 00  …. …. …. …. on workspace.

            On the sector 0156280317 found some embedded strings, before clicking the Decrypt Workspace.  But after clicking the Decrypt Workspace I found the embedded strings only, not the phrases like “A disk read error occurred”, “NTLDR is missing”, etc.,.

             

            From the above detailed description, can u help me to froce decrypt the C and G drive or tell me the correct way to find the partition end sector for both the drives.

             

            THANKS A LOT

            • 3. Re: HOW TO FORCE DECRYPT A HARDDISK WHICH IS PARTIALLY ENCRYPTED

              well, the partition end sector is show in the disk information screen?

               

              What's the actual problem you are trying to solve? Start there.

               

              and, you'll only find the strings you mention in a MBR or a partition boot sector - they are not in every sector. If you're seeing all zeros after decrypting the workspace, then everything is fine and the sector was encrypted to start with (it was just blank).

               

              I think you need to call your helpdesk - they would have had training in this and will know how to properly handle your machine.

              • 4. Re: HOW TO FORCE DECRYPT A HARDDISK WHICH IS PARTIALLY ENCRYPTED

                Just i want to force decrypt my C and G drive.  I am having partition start sector and partition end sector for both the drives, that I was got from the disk information menu.  The partition end sector is not encrypted for both the drives.  Is it possible to find the partition end sector, it means encrypted end sector.

                The encrypted endsector might be on middle of somewhere else, between the partition start and end sector.  Is it possible to find the partition end sector(encrypted).

                • 5. Re: HOW TO FORCE DECRYPT A HARDDISK WHICH IS PARTIALLY ENCRYPTED

                  just work backwards from the end sector, until you find one that decrypts properly?

                   

                  Again, what problem are you trying to resolve here? There are probably much safer ways of going about this.

                   

                  Why for example are you using the force decryption? What's listed in your regions in the disk information? That tells you exactly what is and what is not encrypted.