0
2
My ExFAT partition is about 1TB and it takes chkdsk about 10 hours to check and clear the dirty bit flag. There is never an error. It is caused by the drive being disconnected in an unsafe manner (it is being used in a VM and sometimes that gets closed in a manner that is causing this). But I need to have an alternative to the 10 hour wait. I'm going to migrate the data to NTFS as soon as I can to hopefully avoid this problem.
user898617
Posted 2015-05-15T10:03:26.827
Reputation: 11
4
Basically since exFAT dirty bit is in dec offset 106 of the VBR, and it's a bit, not a byte. Luckily the flags which include byte 106(6a) are not included in the calculation of the VBR checksum. You just use a hex editor to zero that dirty bit. For more detailed info on the layout of the VBR and the lags, the internals are at https://www.sans.org/reading-room/whitepapers/forensics/reverse-engineering-microsoft-exfat-file-system-33274#page=25
And there is also a blog at rshullic.wordpress.com
Robert Shullich
Posted 2015-05-15T10:03:26.827
Reputation: 41
+1 Well found - although I suppose if anyone knew about it, it would be you, from the little bits I read in your fascinating blog. – Andrew Morton – 2015-05-15T20:04:24.817
Note: As you might suspect from the name, the blog (rshullic.wordpress.com) mentioned in the above answer belongs to the author of the answer, Robert Shullich, as stated in his profile page. Warning: it has some slightly aggressive advertising.
– G-Man Says 'Reinstate Monica' – 2019-06-30T18:07:34.3431Can someone in plain English tell me using a hex editor how do I go to this place 106a . I think I can manage the 106 but how do I get to 6a and make that zero I am on windows 7 so doing all that mac stuff isnt the nicest thing out there – user1874594 – 2019-12-18T00:46:09.463
Wondering the same as above comment. What do I even File > Open in my Hex editor? I don't see a way to Hex edit a drive; it has to be a file, right? What file? And how would I pinpoint bit 106(6a)? (or is 106(6a) a byte as the answer says?: "...and it's a bit, not a byte...include byte 106(6a) are not..." So what is 106(6a)? A bit? or a byte? Is it the byte containing the correct bit? Or was calling it a "byte" a mistake? – velkoon – 2020-01-24T11:16:18.987
1
Somebody wrote a utility for MacOS to clear the bit (to build run make):
https://github.com/zzh8829/exfat_clean
The repo was found via this post.
And there is also this MacOS-specific question: Disable automatic fsck_exfat on dirty volume mount in Mac OSX with the answer which doesn't seem to work on Mojave.
ccpizza
Posted 2015-05-15T10:03:26.827
Reputation: 5 372
Are you comfortable with a HEX editor? – Michael Frank – 2015-05-15T10:32:48.333
Yes. But tell me which one to use. – user898617 – 2015-05-15T11:18:08.770
Manually Reset or Clear Dirty Bit in Windows without using CHKDSK and read the comments to find out how it might work for exFAT. Of course, before starting, you should assume that you will make the entire physical drive completely and utterly broken (not just the partition) so make appropriate backups first. It might be faster to copy the files from the partition in question to another drive, format the "dirty" partition, and then copy the files back. – Andrew Morton – 2015-05-15T12:25:34.563
@AndrewMorton - unfortunately that article doesn't solve for ExFAT systems. – user898617 – 2015-05-15T13:54:08.707
@user898617 Please read past the link in my comment. – Andrew Morton – 2015-05-15T14:22:33.307
I've reformatted the drive. Backup and restore will probably take about 4 hours. – user898617 – 2015-05-15T14:34:52.273