Encryption process died at 1% on a kali guest and now no bootable medium can be found

[lopuoracle]

Hello Oracles,

I have a pretty major trouble in that for some reason I had 2btc on a kali vm and tried to encrypt it when it was already LVM encrypted... but I trusted Vbox! But hence, vbox froze at 1% encrypting and now when I try to boot the vm I get a no bootable medium found error.

I found this thread talking about changing the *.vmdk to *-backup.vmdk and replacing *-flat.vmdk with *.vmdk,
[I'm not allowed to post links ]
I tried this but I got an error

Code: Select all

Failed to open a session for the virtual machine kali.

Could not open the medium '/home/ggg/VirtualBox VMs/kali/kali.vmdk'.

VMDK: descriptor does not start as expected in '/home/ggg/VirtualBox VMs/kali/kali.vmdk' (VERR_VD_VMDK_INVALID_HEADER).

VD: error VERR_VD_VMDK_INVALID_HEADER opening image file '/home/ggg/VirtualBox VMs/kali/kali.vmdk' (VERR_VD_VMDK_INVALID_HEADER).

Result Code: NS_ERROR_FAILURE (0x80004005)
Component: MediumWrap
Interface: IMedium {4afe423b-43e0-e9d0-82e8-ceb307940dda}

But then I found a thread talking about header recovery and I am hoping that maybe the headers were simply corrupted very early on and only a few lines have been modified because the other OP had encrypted, well, he doesn't say, but I'm guessing it was more than 1%.

I have backed up my kali.vmdk and kali-flat.vmdk but otherwise there is nothing I can do from here, so I am hoping you might be able to help.

The kali-flat which I renamed to kali is the same size as it was before the crash so I think all the data is there, I remember the encryption phrase too if that is needed at some point but only 1% was encrypted.

I don't actually know how to access the headers of a .vmdk but I use Mint 17.x and am pretty proficient at sudo nano x and mv and cp so let me know what I have to do.

Yes, please, thank you, it's late now in Australia.

Good night

PS: I tried following this guide [not allowed to post links ]

But I cannot find a single sudo find / -name *.vmx on my computer so I can't get the SCSI type for that step.

tyty

[socratis]

But then I found a thread talking about header recovery

Not here you didn't. No one here can do VMDK header recovery, there's only one person that could potentially help you with VDI header recovery (with great success rates I may add):
• VMDK is the default container format for VMWare. We don't really know too much about it.
• VDI is the default container format for VirtualBox. We could help you a little bit more.

I have backed up my kali.vmdk and kali-flat.vmdk but otherwise there is nothing I can do from here

Why don't you restore from backup? Am I missing something?

The kali-flat which I renamed to kali is the same size as it was before the crash so I think all the data is there, I remember the encryption phrase too if that is needed at some point but only 1% was encrypted.

Yes, but if the data is garbage, good luck figuring out what's what. Actually you can't, that's the idea of the encryption. BTW, size doesn't matter.

BTW, what is a "2btc"?

[lopuoracle]

I sure did I think anyway, not to be an ego

viewtopic.php?f=2&t=76482
viewtopic.php?f=6&t=65621

Those talk about header recovery. 2BTC Is 2 bitcoins which is worth about $2000usd, that is nearly all my savings bar $200 so I am quite desperate at this point. And the backups are just backups of the corrupt files so I could play around with the .vmdk. And thanks for the info on .vmdk, I have been using .vmdk as my harddrive format for ever, for all kind's of virtual machines, I never knew it was VMware originated

Like I said, please if there's any possibility of recovery I will follow any steps, should I ask on vmware? I tried to encrypt via the virtualbox virtual machine settings encryption panel by the way.

Thank you, lopu

[mpack]

Neither of the provided links are relevant. If you're using a descriptor plus a flat file then you don't need to jump through hoops to access the descriptor, just view it with Notepad++ or similar. But, it won't help you to access an encrypted flat image.

Encryption deliberately corrupts data on a drive. Data needs to be passed through a special function to uncorrupt it. The function would be useless if it was possible to access the data in any other way, so if you can't read it then there's nothing anyone can do to make it readable.

The first 1% of the drive will have included the partition map and filesystem, so the image will not be mountable in any OS. It's possible that later parts of the drive are uncoded, which may include your bitcoin data, but the only way to get at the data would be with a hex editor, or a special purpose virtual disk sector editor (I don't know of any such, but it probably does exist).

I don't know too much about bitcoin. Is it really the case that zapping a hard disk can lose your money? That sounds akin to keeping paper money inside your mattress! One small fire and you're penniless...

[lopuoracle]

They do come with a failsafe in the form of a wallet seed but I had those stored on the system in a .txt file.. for some reason. I am looking into .vmdk recovery and it seems that the flat.vmdk file is pure data so we may be in luck. I will update as I am successful