1
1
I'm facing a situation, where I'd like to decrypt a "corrupted" Bitlocker protected drive (Windows 10 Partition) by using the known 48-digit recovery key. Corrupt means, I executed a restore (Windows internal restore of a System Image) procedure that got stuck, leaving me with an, as it seems, unusable Bitlocker header, so that the Microsoft tools repair-bde or manage-bde -status don't recognize the drive as a Bitlocker-protected one.*
Does anybody know how to decrypt the encrypted raw disk image by using the recovery key, to get another (but decrypted) raw disk image (with which I could perform further data restore steps)?
* As this is not directly relevant to the question (but the topic may occur) I'm going to describe my situation for those interested in more detailed here: Notebook without TPM. Two fixed drives, one with Windows 10, Bitlocker protected, and a secondary (data) drive, Bitlocker protected as well. The second one was set-up for auto-unlock when booting up the OS. System Image (Windows internal Back up and restore function) existent on the Second drive, which I tried to restore two the primary drive. That restore process crashed, leaving me with an unusable system. Three obvious mistakes (yep, I learned my lesson...): 1. I don't have another backup on an independent (external) drive, 2. I didn't create an raw-image of the intact system drive before using the fragile Windows restore, 3. I only have the user-defined password for this second drive and not the recovery key (48-digit or .bek file). Unfortunately the password by itself takes me nowhere without the OS that I just killed, respectively switching to auto-unlock seems to change the "keychain", so at the moment accessing the backup of the first drive is impossible.
The last two approaches I had in mind are to see what I can rescue from the primary drive, and to see, whether I can extract the stored auto-unlock key (further reading on this here), to unlock the secondary drive, with the intact system image on it.