NVbit : Accessing Bitlocker volumes from linux.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

89 lines
2.3KB

  1. /*
  2. nvbit Bitlocker for linux
  3. ------------------------------
  4. Nitin Kumar nitin at nvlabs.in
  5. Vipin Kumar vipin at nvlabs.in
  6. web: http://www.nvlabs.in
  7. Licensed under GPL Version 3
  8. -------------------
  9. Copyright (c) 2008
  10. Released under the GPL Version 3
  11. http://www.gnu.org/licenses/gpl-3.0.txt
  12. */
  13. // this header file contains all definition to to FVE ( Full volume Encryption of Bitlocker)
  14. #include "common.h"
  15. #ifndef FVE_H
  16. #define FVE_H
  17. // this is the signature for FVE partition
  18. #define FVE_SIGNATURE "-FVE-FS-"
  19. #define NTFS_SIGNATURE "NTFS "
  20. // this is the structure of the first sector of FVE encrypted Volume
  21. # pragma pack (1) // 1 byte packing
  22. typedef struct _FVE_META_DATA {
  23. int8 jmp[3]; //offset 0x0 // this is the jmp // never used
  24. int8 Signature[8]; //offset 0x3 // 8 bytes signature
  25. int16 BytesPerSector; //offset 0xB // it can be 512,1024 and so on
  26. int8 SectorPerCluster;//offset 0xD
  27. /* it can be
  28. 0x1 ,0x2, 0x4 ,0x8
  29. 0x10,0x20,0x40,0x80 */
  30. int16 ReservedClusters; //offset 0xe // 0x0000
  31. int8 FATCount; //offset 0x10 // 0x00
  32. int16 RootEntries; //offset 0x11 // 0x0000
  33. int16 Sectors; //offset 0x13 // 0x0000
  34. int16 SectorsPerFAT; //offset 0x16 // 0x0000
  35. int16 unknown1; // just a placeholder
  36. int32 LargeSectors; //offset 0x20 // 0x00000000
  37. int32 unknown; // offset 0x24
  38. int32 unknown2; // place holder
  39. int16 unknown3;
  40. int8 unknown4;
  41. int64 Total_Sectors; // total number of sectors in volu me
  42. int64 MFT;
  43. int64 MetaDataLCN; //offset 0x38
  44. // This points to cluster containing VMK metadata
  45. // to calculate sectornumber = MetaDataLCN * SectorPerCluster
  46. } FVE_META_DATA;
  47. typedef struct _MORE_FVE_DATA {
  48. int8 Signature[8];
  49. int8 header[8];
  50. int8 reserved[16] ;
  51. int64 FVE_MetaData[3];
  52. int64 MFT_Mirror; // this value is filled from NTFS boot sector before conversion
  53. } MORE_FVE_DATA;
  54. # pragma pack () // restore original packing
  55. #endif // FVE_H