My nickname tells who I am clearly, lol.
Here is the case:
I had a working VM with a .vhd hard drive on virtualbox v 4.x.x.
Windows 10 was reinstalled from clean.
Latest virtualbox was installed for ~2 weeks ago, the virtual machine worked fine.
The vhd was encrypted using aes-xts256-plain-64
The vm still started succesfully after encryption, but then.... I changed the drive letter of a drive with my .vhd, and started getting an error while trying to start a VM and remove/add my .vhd again. Got nervous, and removed this vhd from virtrual drives manager.
For the moment I have:
IMG unpacked from .vhd with 7zip
new VHD created from this img using
qemu-img.exe convert xxxxx.img -O vpc -o subformat=dynamic yyyyy.vhd
Getting a working VM back would be excelent, but that's not very important. The thing I really need is a small text file saved in the root of my C: on this VHD
Please help, TIA!
Extracting file from an encrypted vhd
-
mpack
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Mostly XP
Re: Extracting file from an encrypted vhd
Well, VirtualBox didn't introduce encryption until 5.x, so are you saying that you used a third party encyrption tool to encrypt a VHD file? If yes then I don't see how this VM could ever have worked again, and I also don't see what makes this a VirtualBox question.
-
scottgus1
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Windows, Linux
Re: Extracting file from an encrypted vhd
I get this impression:
the guest was made with v4.something
then Windows 10 was installed on the host
then v5.somthing (whatever "latest" translates to, I know you love that version, Mpack
)
then the guest was encrypted in v5, and still ran for a while
then the explanation goes South a bit...
Please explain this, Noober:
You can change a drive letter inside the vhd, within the guest. This may or may not up-end the guest OS or guest programs, depending on what drive letter you changed, but it would not prevent Virtualbox from booting the environment the guest OS would run in. You might get guest OS errors but the Virtualbox window would appear and start booting.
You can also change a drive letter on the host. That would cause your guest to not boot, because Virtualbox can no longer find the guest's files.
An encrypted drive must remain with the guest's .vbox "guest recipe" file. The .vbox file contains the encryption key which, with your typed password, decrypts the data in the vhd on the fly in the guest so the OS can run. If you lose the guest's .vbox file, your data is gone, kaput, unrecoverable. I don't know what happens to the encryption key in the .vbox file if you remove the encrypted drive from the guest.
The image you have is of the encrypted data. I would strongly guess that without the encryption key and putting the data back though Virtualbox's decryption system you will not be able to use that image.
Since the vhd is encrypted, you will not be able to attach it as a secondary drive to another guest to read the data from it.
The only solution I can think of, short of using the backup you took before you used an unfamiliar tool to encrypt important data you would not want to lose, is to put everything back as it was. Change the drive letter back, attach the original vhd to the guest it was attached to before, and hope for the best.
the guest was made with v4.something
then Windows 10 was installed on the host
then v5.somthing (whatever "latest" translates to, I know you love that version, Mpack
)then the guest was encrypted in v5, and still ran for a while
then the explanation goes South a bit...
Please explain this, Noober:
As read, this is impossible. A .vhd is a data file and cannot be used to change a drive letter.I changed the drive letter of a drive with my .vhd
You can change a drive letter inside the vhd, within the guest. This may or may not up-end the guest OS or guest programs, depending on what drive letter you changed, but it would not prevent Virtualbox from booting the environment the guest OS would run in. You might get guest OS errors but the Virtualbox window would appear and start booting.
You can also change a drive letter on the host. That would cause your guest to not boot, because Virtualbox can no longer find the guest's files.
You'd most likely move the vhd before starting the guest...started getting an error while trying to start a VM and remove/add my .vhd again
An encrypted drive must remain with the guest's .vbox "guest recipe" file. The .vbox file contains the encryption key which, with your typed password, decrypts the data in the vhd on the fly in the guest so the OS can run. If you lose the guest's .vbox file, your data is gone, kaput, unrecoverable. I don't know what happens to the encryption key in the .vbox file if you remove the encrypted drive from the guest.
The image you have is of the encrypted data. I would strongly guess that without the encryption key and putting the data back though Virtualbox's decryption system you will not be able to use that image.
Since the vhd is encrypted, you will not be able to attach it as a secondary drive to another guest to read the data from it.
The only solution I can think of, short of using the backup you took before you used an unfamiliar tool to encrypt important data you would not want to lose, is to put everything back as it was. Change the drive letter back, attach the original vhd to the guest it was attached to before, and hope for the best.
-
mpack
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Mostly XP
Re: Extracting file from an encrypted vhd
Unless he also mounts this VHD in the host? I've not used the feature, but I think Win10 has that capability? Of course it would have no way to understand VirtualBox encryption, so he'd have to really want to be rid of this VHD if he did that.scottgus1 wrote:As read, this is impossible. A .vhd is a data file and cannot be used to change a drive letter.I changed the drive letter of a drive with my .vhd
-
scottgus1
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Windows, Linux
Re: Extracting file from an encrypted vhd
Actually, it reads to me as if he took the vhd and attempted to use it as a tool to change another drive letter. Just being facetious. OP will need to describe the problem better.
Regarding mounting the vhd in the host, I tested adding a fixed 128MB vhd to an XP guest. It showed up as unformatted in Disk Management. I formatted it, gave it the drive letter V in the guest and saved a text file on it. The I shut down the guest and attached it to my Windows 7 VB4.2.16 host via Disk Management. It automatically received a drive letter G. I could open it and add a new text file. While it was added to the host the guest would not start, with read-only errors on the vhd file, as expected. After detaching it from the host, the guest restarted and had the drive letter for the drive back to V. Apparently drive letters are a per-computer thing.
I repeated the same test in Windows 10/VB5 with one encrypted vhd and one unencrypted vhd. The unencrypted vhd behaved the same as the windows 7 test above, new drive letter on the host but editable, and the drive letter returns to the original drive letter when back in the guest. The encrypted drive was usable in the guest but came up uninitialized when attached to the host. I did not initialize, detached from the host and reopened the guest and the guest was still able to use the encrypted disk. I then shutdown the guest again, reattached the encrypted vhd to the host, initialized but also had to format it, thus destroying the data on it already. I was able to save a file on it through the host. I detached it from the host and restarted the guest. The encrypted disk came in uninitialized in the guest again and needed formatting.
So an unencrypted vhd can be swapped between a guest and a Windows 7-10 host. An encrypted vhd cannot be swapped and data will be lost if the disk is initialized after being mounted outside the host. Changing a drive letter is not possible until the drive is initialized.
Regarding removing an encrypted drive from a guest, I find that the key codes stay in the .vbox file after the encrypted drive is released from the guest. Adding the drive back in, the guest boots with the encrypted drive still usable. When I remove the encrypted drive from the Virtual Media Manager, the encryption codes disappear from the guest .vbox file. Upon restarting the guest I am no longer asked for a password and the "encrypted" vhd needs to be re-initialized and reformatted. It is no longer encrypted and can be attached to the host as above, but all the data is gone.
Sell me down the river.....
OP will need to describe the problem better.Regarding mounting the vhd in the host, I tested adding a fixed 128MB vhd to an XP guest. It showed up as unformatted in Disk Management. I formatted it, gave it the drive letter V in the guest and saved a text file on it. The I shut down the guest and attached it to my Windows 7 VB4.2.16 host via Disk Management. It automatically received a drive letter G. I could open it and add a new text file. While it was added to the host the guest would not start, with read-only errors on the vhd file, as expected. After detaching it from the host, the guest restarted and had the drive letter for the drive back to V. Apparently drive letters are a per-computer thing.
I repeated the same test in Windows 10/VB5 with one encrypted vhd and one unencrypted vhd. The unencrypted vhd behaved the same as the windows 7 test above, new drive letter on the host but editable, and the drive letter returns to the original drive letter when back in the guest. The encrypted drive was usable in the guest but came up uninitialized when attached to the host. I did not initialize, detached from the host and reopened the guest and the guest was still able to use the encrypted disk. I then shutdown the guest again, reattached the encrypted vhd to the host, initialized but also had to format it, thus destroying the data on it already. I was able to save a file on it through the host. I detached it from the host and restarted the guest. The encrypted disk came in uninitialized in the guest again and needed formatting.
So an unencrypted vhd can be swapped between a guest and a Windows 7-10 host. An encrypted vhd cannot be swapped and data will be lost if the disk is initialized after being mounted outside the host. Changing a drive letter is not possible until the drive is initialized.
Regarding removing an encrypted drive from a guest, I find that the key codes stay in the .vbox file after the encrypted drive is released from the guest. Adding the drive back in, the guest boots with the encrypted drive still usable. When I remove the encrypted drive from the Virtual Media Manager, the encryption codes disappear from the guest .vbox file. Upon restarting the guest I am no longer asked for a password and the "encrypted" vhd needs to be re-initialized and reformatted. It is no longer encrypted and can be attached to the host as above, but all the data is gone.
Cue Stone Temple Pilots' "Kitchenware & Candy-Bars":noober wrote:Got nervous, and removed this vhd from virtrual drives manager.
Sell me down the river.....
Regrettably, I think he is, unless there's the all-elusive backup...Mpack wrote:he'd have to really want to be rid of this VHD