Open Bitlocker USB stick on OS X

macos windows encryption

Actually I asked after some success because I thought it would benefit everyone ;-)

Here is the complete process. Some links are missing because I don't have enough reputation to embed them all. Sorry about that.

High-level, we "just" need dislocker.

But to install it, there are some dependencies to resolve... we need:

  1. "Fuse for OS X"
    • Simply download the .img on their site, open and run the .pkg installer

  2. Xcode command-line developers tools

    • I'm not sure what's the generic answer.

    • Open a terminal, and type 

      xcode-select --install
      • If you get an error "-bash: xcode-select: command not found", you need to install Xcode from the App store, then start again this command.
      • If an alert windows popup asking if you want to install, click on "install" button.
      • If it prints error "xcode-select: error: command line tools are already installed, [...]", you're all set.

  3. "Homebrew"

    • Following instruction on their website, type following in terminal: 

      /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

    • If you get an error about Xcode tools not being installed whereas you did install it, then change the path to Xcode:

      sudo xcode-select -switch /

  4. and obviously dislocker !

    • Download ZIP (available in green button "Clone or Download" on the right)
    • Extract ZIP content
    • Open terminal and change directory to the dislocker-master directory

    • Compile and install dislocker:

      brew install src/dislocker.rb

      • If you get an error about Xcode tools not being installed whereas you did install it, then change the path like this:

        sudo xcode-select -switch /

Don't be desperate, it's now time to mount the USB stick !

But it's not gonna be trivial...

  1. Identify the device of the USB stick, using Disk Utility:
    • Open Disk Utility and select the USB stick drive. Somewhere you should get something like "disk3s1". Replace this example with your actual value in following lines.
    • Keep Disk Utility open, it will be used in next steps
  2. Eject the USB drive for example from Disk Utility (Unmount button)

  3. Create a directory for the decrypted file

    sudo mkdir /tmp/mydrive

    Warning: this directory will have strange characteristics: it appears with "ls" but not with "ls -l" and not in the Finder wherever it is, moreover the content can't be listed, and trying to delete it often fails with strange error messages. That's why I put it in /tmp which is cleaned at every reboot.

  4. Decrypt the USB stick with dislocker. If disk is "disk3s1" and the password is "MyPassword", the command will look like:

    sudo dislocker-file -V /dev/disk3s1 -v -uMyPassword -r -- /tmp/mydrive

  5. Add the disk image to Disk Utility and mount it

    sudo hdiutil attach -imagekey diskimage-class=CRawDiskImage /tmp/mydrive/dislocker-file

    Note: Don't try to list "/tmp/mydrive/dislocker-file" by yourself. Just assume it is there and write the path as is.

Hourray !!!, the new drive is there !

Because really nothing is easy, to clean-up you need to do the following:

  1. Unmount the drive
    • For example from your friend Disk Utility, select its icon and click on "Unmount" button
  2. Get rid of the image
    • From "Disk Utility", select the greyed drive, and from the menu "File" select "Eject".

  3. Detach the fuse volume

    sudo  hdiutil detach /tmp/mydrive/

Only now the directory /tmp/mydrive is a plain directory that can be deleted...

As you noticed the process is definitely complex and finally I just get a read-only drive. I'm interested by any better answer.


I'd like to share my experience on High Sierra, as it seems to be even simpler.

Installation

Homebrew

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Fuse for macOS

brew cask install osxfuse

Notes

  • To install and/or use osxfuse you may need to enable their kernel extension in System Preferences → Security & Privacy → General

  • Make sure to reboot before proceeding further (as osxfuse advises to do so).

dislocker

brew install dislocker

Operation

Mount

# to unlock the dislocker image
sudo dislocker -v -V /dev/disk3s1 -r -uPASSWORD ~/mydrive

# to mount the unlocked image
sudo hdiutil attach /tmp/mydrive/dislocker-file -imagekey diskimage-class=CRawDiskImage -mountpoint /Volumes/mydrive

Unmount

# unmount the unlocked image
sudo hdiutil detach /Volumes/mydrive

# release the unlocked bitlocker
sudo hdiutil detach /tmp/mydrive

Script

I've also created a gist to ease the mount/unmount procedure:

# mount, will be available at /Volumes/bitlocker.disk3s1
sudo mount-bitlocker /dev/disk3s1 PASSWORD

# unmount
sudo umount-bitlocker /dev/disk3s1

Related

How can I hide the path bar in the Mac Terminal
Has my MacBook been hacked?
"PKDownloadError error 8" upon Catalina update
Demonstrating iPad's screen on MacBook
What processes run while my Mac is asleep?
What are some Textmate alternatives that have the completion key feature?
Inconsolata font does not work in Terminal
Is there a native/cocoa REST client for Mac OS X?
How to create a playlist in Quicktime Player for many files in separate subfolders?
How do I unlock my Mac without having to click my name?
Ctrl key on Microsoft keyboard does not map to Mac's command
No package 'libffi' found in Homebrew Virtual Environment