VeraCrypt
VeraCrypt copied to clipboard
veracrypt
How can I decrypt Vera-crypted 'system' drive on other computer?
PC1: Encrypted entire 'System Drive' with VC
PC1's windows have problem, it goes straight to BSOD when booting. So I took a HDD from PC1. I want to decrypt it on PC2(and I know a password).
How can I do it?
Must:
- I don't want to pull out PC2's HDD.
- I have a HDD-to-USB cable set.
- VC installed on PC2.
Currently, only the rescue disk can be used to decrypt an encrypted system drive. Decrypting system drive on another machine without a rescue disk is not supported currently.
It is planned to implement this feature although the original bootloader can not be restored since it is present in the rescue disk. The user will have to use a Windows installation disk to restore Windows bootloader.
Why can't I just remove HDD deom PC1 and decrypt it on PC2(running Windows & latest veracrypt)?
I really need to decrypt it now because of bad windows update. PC1 goes to unlimited loop, safe mode doesn't work, each time I have to imput password...
Please add it. I need it.
The user will have to use a Windows installation disk to restore Windows bootloader.
I already have Windows 7 DVD. So it's OK. I just want to decrypt the disk, insert Windows DVD to fix bootloader, and do something to fix this mess!
In recent days Microsoft send PCs untested/unstable updates. I'm the victim of M$.
I just had to decrypt my sys using the rescue disc because of a broken windows and CloneZilla for some reason doesnot restore my VeraCrypt drive properly (any suggestions on this?), the Boot Loader passes however windows cannot found its own system later.
The Rescue Disc says this is really slow and YES IT IS. I plugged the drive onto another computer and can successfully mount, but not decrypt the partition. I would be so happy if there will be a permanently decrypt of system partition not in place in a future release.
you can use veracrypt on a live linux system to mount your system partition (sda4 in my case), then "dd" the decrypted virtual blockdevice to a safe place, and write it back to disk:
- boot a live linux system
- install veracrypt
- mount system partition using veracrypt (read-only!)
- dd if=/dev/mapper/veracrypt1 of=/mnt/somewhere/decrypted.img bs=64M status=progress
- unmount veracrypt
- dd if=/mnt/somewhere/decrypted.img /dev/sda4 bs=64M status=progress
- reboot
(Tested on Ubuntu 16.04 Live-Boot with crypted Win10-SSD in UEFI mode)
Is this solved yet? This seemingly related Reddit post leads me to believe maybe it is: "Solved - turns out 1.22beta4 does solve the issue :)" (https://www.reddit.com/r/VeraCrypt/comments/7l7ap4/access_windows_encrypted_from_linux/).
@ElectricRCAircraftGuy, this should be solved by now AFAICS from the Reddit thread and referenced GH issue. Just use the latest officially released version and feel free to report back if it doesn't.
I would like the option to decrypt system drive of another disk on another windows 10 with veracrypt installed or linux. Just had a problem with cloning veracrypt install and windows won't boot (need to bootrec /scanos, bootrec /rebuildbcd and bootrec /fixmbr). If anyone has idea on how to use Windows 10 Install disc and mount veracrypt system partition to execute those commands, it would really help.
10 years later and we still cannot permanently decrypt a system drive with an second computer. I have a similar situation where the Windows Bootloader is dead. Pretty easy to recover, normally. A Linux Live CD can decrypt the disc using the "Pre-Boot Auth", so I could at least backup all my data. How ever, the Linux Client does not have the System menu point at all!
So I created a Live Windows USB Stick, again, I can decrypt the drive, but I can not permanently decrypt the drive, because the permanently decrypt wizard does not have the "Pre-Boot Auth" option. Why?
I also have the original recovery iso. I'm not able to boot this, rufus has no idea what this is so I tried Ventoy but no luck. I also have a system with UEFI, I dont know why VeraCrypt is not creating a recovery that can be flashed using Rufus and runs on Both BIOS and EFI - no magic detection, just works.
Very frustrating experience
@nook24 , Permanent decryption is probably very hard to implement. My suggestion:
Get another external SSD, temporarily decrypt the drive, use FreeFileSync to copy all files you want from the decrypted drive to the new SSD. Done. Now it's permanently decrypted.
But this will most probably leave the copy unbootable (given Windows was bootable before).
If you can mount the partition, you could create an image with a partition backup software (Drive Snapshot or the like). If you restore this backup onto another drive, it will write the partition unencrypted and bootable.
There is one catch, though: https://github.com/veracrypt/VeraCrypt/issues/1414
Permanent decryption is already implemented. Not sure where the difference is between permanently decrypting a disk vs a "boot disk". Also you can already permanently decrypt the boot drive at the "System" menu, but only if the system is booted from the drive. You can not use this menu point to decrypt a drive that is just attached to the PC.
So there is no recovery process.
Of course I can copy all data of the disk and reinstall Windows, but this is way more effort than just "permanently decrypt, fix windows, encrypt again".