Encrypted VDI - No VBOX File. Am I SOL?

This is for discussing general topics about how to use VirtualBox.
Post Reply
GoTeamScotch
Posts: 2
Joined: 25. Jan 2022, 02:45

Encrypted VDI - No VBOX File. Am I SOL?

Post by GoTeamScotch »

Hi everyone. I've recently upgraded to a new computer and mistakenly wiped a 2TB HDD while performing a Windows image restoration onto the new machine. I didn't expect it to wipe my 90%-full secondary drive (separate from my OS drive) while it was restoring itself onto my new PC. This drive had my VBOX file for a Linux guest OS I've been using for many years. I didn't think much of this at first since I keep backups of all of my files on a local network drive, which then gets backed up monthly to OneDrive via rclone. I backed up my VDI but I wasn't aware that I also needed the "CRYPT/KeyStore" password contained within my guest's VBOX file in order to unlock my VDI. Thinking that having the password was enough, my backups only ever included the VDI itself. So, I am left with an encrypted VDI and no VBOX file.

I realize this is my fault. I should have RTFM. I shouldn't have had my 2TB drive installed while restoring Windows. I should have known better. Do not pass go, do not collect $200.
On the bright side, the rest of my backup plan worked flawlessly. This one VDI file is literally my only issue.
That said, am I SOL on recovering my VDI? Any chance of finding that CRYPT password somewhere else? Is it stored in some obscure registry key? Would VirtualBox have made a copy of it for some reason over the years? Any chance of brute forcing it with my known-good password? I know for a while, it could have been stored in my global VirtualBox.xml, but in my case it unfortunately is not.

To add a bit more context, the VBOX file on my 2TB drive was stored on a Bitlocker-encrypted volume. So it's not as easy as running a file carver on that drive to get the VBOX xml back. The Windows image restoration process formatted my 2TB drive, cleared Bitlocker, and installed a few hundred MB of files onto the drive, much to my surprise. So, using Windows' repair-bde command is also not working, since the drive has already been formatted and data copied to it. So far my attempts to use repair-bde on this Bitlocker partition haven't been successful (even making an image of it, excluding the first 500MB).

Is it gone for good? Should I just hang onto this VDI for a few decades until quantum computers break all current encryption standards? :wink:
aeichner
Oracle Corporation
Posts: 193
Joined: 31. Aug 2007, 19:12

Re: Encrypted VDI - No VBOX File. Am I SOL?

Post by aeichner »

Unfortunately it will be impossible to restore the encryption key without having the keystore data. The password is only used to decrypt the real encryption key used for the VDI and without the encryption key there is no chance to restore the data inside the VDI image.
arQon
Posts: 228
Joined: 1. Jan 2017, 09:16
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Ubuntu 16.04 x64, W7

Re: Encrypted VDI - No VBOX File. Am I SOL?

Post by arQon »

I'm sorry: you are indeed SOL.

Skipping over the - frankly, staggeringly stupid - behavior of Windows wiping an unrelated drive for no reason I've seen this play out before in similar cases. The heart of the problem is the idea that the password is the key itself: a mindset that was true once upon a time, but is not so for any competently-implemented crypto setup these days. Instead, the password is merely for unlocking the REAL key (which will be in the 512-bit range or higher, i.e. 64 chars or more), which avoids the combination of a poor cipher and a weak password resulting in the encrypted data being significantly vulnerable.

> I realize this is my fault. I should have RTFM. I shouldn't have had my 2TB drive installed while restoring Windows.

No, it really isn't - that's very clearly on MS, entirely. Small consolation though, I'm sure. :(
GoTeamScotch
Posts: 2
Joined: 25. Jan 2022, 02:45

Re: Encrypted VDI - No VBOX File. Am I SOL?

Post by GoTeamScotch »

Thanks for the replies. I assumed as much, but hearing it from others helps me feel confident that I don't need to put any more time into trying to recover the VDI. I guess the only thing left to do is move on. Thanks
Post Reply