Unable to unlock USB drives encrypted/locked with Bitlocker To Go

Hey All,

Recently my company provided me with a Windows 10 SOE image as part of a UAT. The image includes Symantec Endpoint Encryption which utilizes Bitlocker for encryption.

I went through all of the motions with the C: drive to be encrypted and even printed the recovery key. Well, at some point I plugged in a few My Passport USB drives and they became locked by Bitlocker To Go. Everytime I try to unlock or click on these drives it asks for the 48-bit key which I don't have because I never was prompted to encrypt/lock these drives.





IT says that there are no keys stored on the servers for these USB drives and suggested that this would be a "local" encryption. However, they also stated that they wouldn't be encrypted unless I was prompted about it. So, there's this mystery about how these USB drives came to be locked.


I've been doing some research and the closest I've come is getting some output about the protectors:

Code:

c:WindowsSystem32>manage-bde -protectors g: -get BitLocker Drive Encryption: Configuration Tool version 10.0.10011 Copyright (C) 2013 Microsoft Corporation. All rights reserved.   Volume G: [Label Unknown] All Key Protectors       Numerical Password:       ID: {27319850-4EB5-42AC-9BA5-1C0CCB997EE7}       External Key:       ID: {A4A49BE5-70A4-4388-8B2F-8C13B1CA765C}       External Key File Name:         A4A49BE5-70A4-4388-8B2F-8C13B1CA765C.BEK

I've tried to copy the .bek file to another non-encrypted/locked USB but get:

Code:

c:WindowsSystem32>manage-bde -protectors -add g: -rp f:key BitLocker Drive Encryption: Configuration Tool version 10.0.10011 Copyright (C) 2013 Microsoft Corporation. All rights reserved.   ERROR Cannot specify multiple volumes  c:WindowsSystem32>manage-bde -protectors -add g: -rp f:keykey.txt BitLocker Drive Encryption: Configuration Tool version 10.0.10011 Copyright (C) 2013 Microsoft Corporation. All rights reserved.   ERROR: The operation cannot be performed because the volume is locked.

I've tried all of the passwords (even blank) I have in an attempt to unlock the drive:

Code:

c:WindowsSystem32>manage-bde -unlock g: -pw BitLocker Drive Encryption: Configuration Tool version 10.0.10011 Copyright (C) 2013 Microsoft Corporation. All rights reserved.   Enter the password to unlock this volume: ERROR: The password failed to unlock volume G:.

When I search my laptop by either the Numerical or External IDs, I get nothing even with hidden files enabled.

Can anybody provide any recommendations here? I can always provide any additional info. Should I also post in the MS blog?

There's so much data on these drives that I cannot loose.

Regards, Jimmy

Hi there

assuming the drives aren't encrypted then a Linux Distro should rescue you here.

Boot up any Linux Live CD - Linux Mint is a good one. Plug your USB in - should be recognized as an NTFS / FAT32 drive. Use the built in file manager (If the KDE desktop then DOLPHIN is the file manager - works and looks fairly similar to Windows / File explorer). Copy what you need or delete other stuff you don't need.

I don't think there's Windows fixes for this.

To make a Linux bootable USB stick I recommend download this ISO (Linux mint Rosa 17.3 x-64 KDE)

Linux Mint 17.3 "Rosa" - KDE (64-bit) - Linux Mint

Then use (on windows) RUFUS to make bootable USB stick.

Rufus - Create bootable USB drives the easy way

Boot the USB stick, plug your other stuff in and use DOLPHIN to get your data. Linux reads and writes Windows file formats.

Here's an example of DOLPHIN reading an HP 64GB USB stick that I couldn't access with windows -



Cheers
jimbo

Thanks, jimbo45.

I already have another laptop running Ubuntu here, but the drive doesn't show up. However, I believe that's because the drive is Bitlocker locked. Unless using a Live CD versus an install makes any difference which I'm confident it won't.