Repair a corrupted AES encrypted image

I recently had an issue with an encrypted 128-bit AES image/dmg that I created a long time ago. After copying and moving the file, the system alerted me with the following when trying to mount the dmg: “no mountable file systems“.

Screen Shot 2017-01-20 at 10.49.47 AM

FileVault is great and can secure a directory by encrypting its entire contents using Advanced Encryption Standard with 128-bit keys. FV automatically encrypts and decrypts in real time. Blocks get encrypted in 4kByte “chunks” AES-128, and keys are encrypted (“wrapped”) in header of disk image. The Key, the salt, the iv (initialization vector) and other info are stored into the image header, a 4kb block, which is in turn encrypted using 3DES-EDE.

There are two different header locations:

  • v1: headers live at the end of the file
  • v2: headers live at the beginning

Fortunately for me I had the v2 headers, more recent and technically less prone to errors if there is any kind of interruption during the copy of your file. Even more important, I had a backup of the working image. If you don’t have a backup, it might be possible to create the exact same image with the same passphrase. The trick when running into this is to copy the first 4kb from the working image to the corrupted one:

dd if=WorkingEncrypted.dmg bs=4096 count=1 of=BrokenEncrypted.dmg conv=notrunc

Make sure you backup your image before playing with it! You should be able to mount your image right after executing the command.

Leave a Reply

Your email address will not be published. Required fields are marked *