The motherboard on my trusty Dell Latitude D820 went sour this Sunday, requiring a full replacement. No one was ever killed by losing access to their laptop for a few days, but I was somewhat annoyed to have lost access to my iTunes installation (thus making backup and sync of my iPod impossible), and I also had a few video files which I was working with stored locally. So I decided to try testing out the BitLocker recovery tool to see if I could get access to my files.
First, we had to grab the BitLocker Recovery Tool from Microsoft:
I installed the tool onto a Vista desktop, and connected my laptop drive to the system using a SATA-to-USB converter, such as the one seen here:
That worked really well… my BitLocker-encrypted drive immediately became visible to Windows, although it (quite naturally) could not be read.
I then ran repair-bde.exe, providing the BDE recovery key which I had escrowed in Active Directory. I used the option to extract the recovered data to an image file on my external ieee1394 drive. Repair-bde dutifully extracted the drive contents to a file, and reported success.
Now the tricky part… how do we read this massive image file? It does not appear to be a WIM file (i.e. “imagex /mount” claims that this is not a valid WIM image). It cannot be mounted as an ISO, nor can it be extracted using any of the archive handlers supported by 7-zip. It cannot be mounted as a virtual disk using Virtual PC. What is it???
I contacted Microsoft support to find out… support claims that I should use “IMGMOUNT.EXE” to mount the image. Some Googling suggests that this utility is part of the short-lived “Automated Deployment Services”, or “ADS” product that Microsoft released to allow deployment of Windows Server 2003 images:
So I downloaded ADS, and did a “custom” install, and selected the “image creation tools”. This installed “IMGMOUNT.EXE” on my system, in the “%ProgramFiles%\Microsoft ADS\bin” directory. Unfortunately, IMGMOUNT also reports that this is not a valid image. Microsoft support also told me that the third-party tool “ISOBuster” should be able to mount the image:
But this failed to work, too. I guess the image generated by Repair-bde.exe simply was not valid.
Oh well, by this time, my laptop has been repaired and I was able to get back into my OS using the BitLocker recovery password. I guess the takehome lesson is not to use the recover-to-image option of the repair-bde tool… instead, recover to the root on an external drive. This may not work any better, but at least you will know immediately if the utility is successful in decrypting your drive contents.
The other problem that I ran into was the fact that I lost my TPM chip with the motherboard. As you may know, your BitLocker decryption keys are stored on your TPM, and that your TPM cannot be detached from your motherboard. New motherboard=new TPM. Oh well… It looks like I need to turn off BitLocker on my system, decrypt the whole drive, and then re-activate BitLocker. There does not appear to be a way to write the BitLocker decryption keys to the TPM once the drive is already encrypted… Bummer!