dekstop: weblog

I'm start to look into more secure ways to store sensitive data, and Apple's encrypted DMG disk images seem like a good compromise between security and convenience. If you're worried about long-term storage and retrievability it of course has the disadvantage of being a proprietary format, which means you would need an OS X machine to decrypt those disk images.

Not any more! In one of the interesting talks I missed during last year's 23C3 (while being busy doing other things) Jacob Appelbaum, Ralf-Philipp Weinmann and David Hulton presented their successful attempt to reverse-engineer the file format. They provide slides and source code of their "vilefault" tools at crypto.nsa.org/vilefault/ (under a liberal license that only requests you to properly credit their authorship, but allows the publication of modified versions.)

The source download includes two programs, vfcrack and vfdecrypt. The former implements a brute force dictionary attack against .dmg files, but I'm actually only interested in the latter which decrypts disk images for which you already know the password. In other words, an open implementation that allows you to read encrypted disk images on other operating systems.

Using vfdecrypt I could successfully decrypt an encrypted .dmg, but an attempt to decrypt a .sparseimage unfortunately failed ("internal error (2) during key unwrap operation!").

They neglected to ship a makefile for vfdecrypt, but it's really straightforward to compile. Here is what I used:

CC = gcc
CFLAGS = -Wall -O2 -funroll-loops
TARGET = vfdecrypt
LDFLAGS = -lssl -lcrypto
OBJS = vfdecrypt.o\
	util.o

all: vfdecrypt

vfdecrypt: $(OBJS)
	$(CC) $(CFLAGS) -o $(TARGET) $(OBJS) $(LDFLAGS)

clean:
	rm -f *.o *.core $(TARGET)

And then call like this (from the included manpage):

vfdecrypt -i <in-file> -p <password> -o <out-file>

Links

• crypto.nsa.org/vilefault/ -- vilefault download page
• 23C3: the "Unlocking FileVault" event page
• Chaosradio: "Unlocking Filevault" video recording of the presentation

---