Quick win? Got my bootloader removed...twice.

Discussion in 'encryption problems' started by Furyat, Nov 10, 2018.

  1. Furyat

    Furyat Registered Member

    Joined:
    Mar 22, 2018
    Posts:
    3
    Location:
    UK
    There might be an easy answer for my little predicament.
    Let's go back to a late 2012 when I decided to fully encrypt my brand new 238GB SSD on my trusty laptop with TC 7.1a.

    Structure:

    1. Encrypted drive:
    Partition 1 - NTFS - Windows 7
    Partition 2 - appeared as RAW (didn't bother creating any filesystem)

    I assume I then created standard TC Volume out of Partition 2.
    For last 6 years I've just pressed Auto-Mount, typed another password and entire Partition 2 got mounted.
    Stuff was flawless until laptop battery died some time ago and with help of a number of accidental power outages my Windows 7 got corrupted.

    Long story short, I forgot to decrypt the whole drive before applying
    bootrec /fixmbr and bootrec /fixboot
    so drive TC Bootloader got swapped with useless win7 one. Didn't think twice and replaced it with...a random TC bootloader I just had nearby becase why not?
    This is when I thought I could seek help and not just flail around.

    Good news are, with help of almighty Dantz and a number of similar posts like:
    https://www.wilderssecurity.com/thr...-no-rescue-disk-recover-data-possible.391127/
    I was able to mount both partitions on another machine.

    As I am using other system environment and the drive is not primary due to bootloader being useless I mounted it without pre-boot auth and what I see is my usual setup!

    https://imgur.com/wc76WM1

    Partition 1 - NTFS - Windows 7 - data accessible and recovered, even though windows 7 is still most likely dead on top of an overwritten drive Bootloader.
    Partition 2 - RAW

    Now, usually I'd just mount Partition 2 and be done with it, but seeing that both partitions are already mounted, I think there is no way to mount it for the second time, is it?

    1. Is there a way to recover my original TC bootloader for entire drive? If successful, it would allow me to repair/reinstall Win7 and mount Partition 2. Mounting without pre-boot auth prevents it.

    2. If above is impossible, is there another way to somehow mount Partition 2 from inside of an encrypted drive with broken bootloader?

    Bonus: I could clone a Winhex "unencrypted" mounted partitions, are such backups any good? Can I use them to replace encrypted partitions (essentially bypassing drive encryption) or headers and bootloaders will get in the way?

    Bonus2: Got a working virtual machine. I can try mounting the "decrypted" clones and check if I can mount Partition 2. Anyone tried?
     
  2. Furyat

    Furyat Registered Member

    Joined:
    Mar 22, 2018
    Posts:
    3
    Location:
    UK
    OK, disregard the above - TL:DR.

    Much simpler question.

    Is it possible to mount a hidden partition for disk drives already mounted with using system encryption without pre-boot auth?
    Practically, this would mean mounting a partition twice - 1: to bypass system encryption 2: to bypass volume encryption.

    Is it even doable?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.