Restore Windows 7 with BitLocker Enabled!

Note: No, it is NOT POSSIBLE to restore data from a bitlocker encrypted harddrive if you do not have the recovery key or password.

 

On Wednesday a colleague of mine came into our “mission control”(also known as the IT Office), he explained that he could not start his computer because he got a “o0xf0000something” error, I took a look at the error code and Googled it, the information that turned up seemed to suggest that the MBR was fucked corrupted, although I did not receive the usual “Operating System not found…”  error that I had seen a million times on my old laptop when i tried to mess around with dual booting Linux and windows…

 

When reading a bit about the issues other people had on different forums, I concluded that some of the necessary windows files had been corrupted and decided to try to restore such files with the Windows 7 install DVD(it should come with your computer).

 

I popped the DVD in the cup-holder(CD/DVD Drive) of the laptop, and booted with it by pressing the F12 key to initiate the “boot menu”, and i chose “Boot from CD/DVD Drive on DVDCDROM-SOMETHINGASD” and was presented with the “Windows is loading” bootup thingy that we all have seen before.

 

I then chose my language. which in this case was Norwegian.
I usually use English on all my other machines, because it is easier to troubleshoot if i get an error(Norwegian error messages look fucking weird to me..).

Then I was presented with this page:

restore_screen

 

In which i chose “Startup Repair”.

After that I got the “Please enter the very very long BitLocker recovery key that takes ages to type”-message…
At this point i was all like “Fuuuuuuck…. how did i find that key again?”

 

So i remembered that two days before that I had asked my boss about something related to BitLocker and he had shown me where to get the recovery keys in the Active Directory Users and Computers program(Which by the way is THE MOST useful tool in existence).

So i opened AD Users and Computers, and browsed to his Computer “object” and right clicked -> properties, and tried to find this mysterious “BitLocker Recovery”-tab… and it was nowhere to be found…

So i decided to call my boss, which was sick that day, and asked how I got the BitLocker tab to show up.

 

It turns out you have to enable that in the “Enable/Disable Windows Features”-list….I seriously HATE that thing… I mean, they disabled Telnet by default…. WHAT SORT OF BS is that?!
So anyways, i had to dig into their weird little list to find “BitLocker Recovery Snap-in” or whatever it was called, Enable it, then started up the AD U&C(short for Active Directory Users and Computers) again, I of course was presented by the frustrating UAC box that our company loves to shove down my throat every time i need to do something…

 

I logged into my REGULAR account… silly me, and noticed that the BitLocker-tab was giving me the “No items in this view”-message… so I was a little confused right there, because i did not know that i needed AD-Administrator access to browse that tab properly.

 

In my confusion I contacted one of the IT guys that our IT guys ask for help when our skills is not sufficient, and he told me i had to use my AD-Admin account..
So I did just that, and found the ridiculously long BitLocker Recovery key, plugged that into the computer and started the recovery process.

 

And when it was done I booted the PC and got into windows just fine, I thought the pc was going to work by then, so i delivered it back to my collegue.

 

After 10 minutes he came back into mission control, and said that the PC was asking for the BitLocker Recovery Key again…
I Googled the issue and found that i had to deactivate BitLocker, then reboot, then Enable it, to get it to “Accept” the “new system config” that I had given it due to replacing/fixing some system files.

 

I did this, rebooted the Computer a couple of times to check if it was working correctly, and after an hour(Decrypting and Encrypting takes a lot of time!), i delivered the laptop back to my collegue and it worked perfectly!

 

 

Check out my other Windows 7 BitLocker Related Post

17 comments

  1. Well I still remember my bitlocker password but have lost my bitlocker recovery key.When i connect my HDD, it does not bring up the key box to input my password. Help me

  2. Not sure you needed to fully decrypt/re-encrypt, you may have been able to suspend Bitlocker drive encryption (manage-bde -protectors -disable c:) then re-enable (manage-bde -protectors -enable c:)..

  3. Hi Helge ,

    i have a one problem actuvally in my lap 4 drives is there . 4th drive i put the bitlocker. then i forgot the password and aswell as miss my bitlocker recovery key ….i have a importent data is there that drive . is it possible to backup the data that drive … please rply me what process can i doo

  4. hello Helge,

    I i applied bitlocker on my d drive but when encryption was performing my power went off and when it came back i can see only lock is appearing but not able to open the drive what is the solution please help me

  5. Hi dear

    I have windows 8. I make a password on my two drive with bitlocker and save the keys on my microsoft account. and now I forget the password and when I went to my account I just find the one keys on my account. two of my drive have same password. now I can open one of my drive. if I find the password of my account that have the key I can open the other drive.

    How can I find the password when we have recovery key?

    I find the password id and numerical password

    C:\Windows\system32>manage-bde -protectors -add h: -recoverykey h:
    BitLocker Drive Encryption: Configuration Tool version 6.2.9200
    Copyright (C) 2012 Microsoft Corporation. All rights reserved.

    Key Protectors Added:

    Saved to directory h:

    External Key:
    ID: {A631BD73-E1C2-4468-868F-633CB89BAB99}
    External Key File Name:
    A631BD73-E1C2-4468-868F-633CB89BAB99.BEK

    C:\Windows\system32>manage-bde -protectors h: -get
    BitLocker Drive Encryption: Configuration Tool version 6.2.9200
    Copyright (C) 2012 Microsoft Corporation. All rights reserved.

    Volume H: [Rezazy-HDD]
    All Key Protectors

    Password:
    ID: {7652F6CE-D88C-476C-B39D-D28175795000}

    Numerical Password:
    ID: {FDF0E831-353F-48C5-9F3A-C9C03E0CEA78}
    Password:
    106007-591283-270710-254309-670945-631730-606342-502788

    External Key:
    ID: {A631BD73-E1C2-4468-868F-633CB89BAB99}
    External Key File Name:
    A631BD73-E1C2-4468-868F-633CB89BAB99.BEK

  6. Hi
    I have locked my external hard disk with but locker..lost password and recovery key as well.
    How do I decrypt it..any easy things to do with that

  7. Hi,
    I locked my flash drive with bitlocker and lost both the password and recovery key, please tell me how can i open the drive?

  8. HI , actually I didnt know about the Bitlocker and I saw the Icon on my drive and just enable gave the password and prompted the recovery key , I saved the key . After that encryption started and it was taking time and removed the drive.
    After that I tried to open the drive using password and recovery key. But couldn’t . whats ur suggestion ?

  9. Hi Helge,

    I have Kingston DT Workplace (certified Windows To Go) with Windows To GO Win10 installed on it.
    As I was using the OS my computer froze and I held the power button of my laptop that I was using to power off.
    When I turned the laptop on again I was not able to boot from the USB anymore. It would start reading the USB but nothing happens until it stops and the local OS is loaded.
    In My Computer as well as Disk Management there is no disk shown for the USB. However, in device management it shows USB mass storage device, and in Printer and Devices it shows DT Workplace.
    When I plug in the USB the light on the USB is on, and the status of the mass storage device says working properly, still no disk showing. After a while the light is off, and the status of the mass storage device shows error code 10: device cannot be started.
    I’m afraid I’m fucked here…
    I do have the Bitlocker password but not the Bitlocker recovery key. I do have however a backup of the Windows To Go on external hard drive.
    Is it possible to retrieve the reocvery key from the backup? And, will I be able to access the USB through the CMD command with that recovery key?

    I hope you have some advice on this… There is a lot of important files that are on the USB and not on the backup.

    Regards,
    Klausi

  10. BitLocker Drive Encryption: Configuration Tool version 10.0.16299
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    Volume E: [Label Unknown]
    All Key Protectors

    Numerical Password:
    ID: {A45A564F-16A4-4556-8638-4B4379450CFD}

    External Key:
    ID: {942D12B3-E5BE-47A1-9474-2D0E86C1E1FA}
    External Key File Name:
    942D12B3-E5BE-47A1-9474-2D0E86C1E1FA.BEK

    Hi Friend if there anything which can be done with recovery of encrypted san disk drive whose password is removed some days ago & after reinstalling OS on machine its asking for 48 characters recovery. I forgot to take a memory dump of prior OS in which pen drive was working fine without password. if memory dump is there I can analyse it with elcomsoft forensic toolset .

    1. Recovery Key is saved somewhere into disk drive too . fetched a vhd image of drive via Ncase/ FTK . Don’t have any steps left to do with this any kind of help is deeply appreciated.

      1. extracted vhd file via imdisk toolkit & found bitlocker to go with .Er , .NG .PD ext files
        Solved the mystery for decryption of drive without password or recovery key via AES with XTS128 decryptor + Passware toolset not open source & not found openly on intranet.
        Thanks a lot to mr Deepak forensic expert at CFSL in.

Leave a Reply

Your email address will not be published. Required fields are marked *