Atomdesign
New member
- Local time
- 5:01 AM
- Messages
- 4
A client brought in his laptop a few days back saying it wouldn't start up anymore. I took a look..
When turning on the laptop, I am presented with a HP login screen requesting a fingerprint or password. This password is known, we type it in and get a windows error stating that the bootloader is corrupt.
I figured this would be easy enough - simply repair the bootloader. I booted off of the windows 8 disk and tried startup repair. Startup repair failed, because it could not access the drive the OS is installed on.
I decide to look up what the HP login screen post-bios is all about. It turns out HP Protect Tools was used to encrypt the partition the OS and my clients (important!) data is on. I later found out that messing with the bootloader on a drive encrypted with HP's software can mess things up further, so I'm glad in a way that the windows DVD repair options didn't function.
I searched online for ways to recover the data and found a way to perhaps rescue the files here:
ftp://ftp.hp.com/ftp1/pub/caps-softpaq/TCE&Q/
However, this method requires the backup encryption key (typcially saved to usb) to work.
Now here comes the fun stuff. The guy this laptop belongs was not aware that his drive was encrypted and didn't even know it was installed.. His laptop was originally installed at his companies main office, so we turned there to get the key file required to unlock the files on the drive. They don't have the backup encryption key. Brilliant.
Oh, did I mention that there is no backup of the laptops data anywhere? Of course there isnt.
My options for data retrieval are, as far as I can tell:
1. Somehow fix the bootloader without ruining the encryption
HP Protect Tools was the software used to encrypt the drive, which I believe is a modification of Winmagic Data Security. It actually has the winmagic logo visible when you are requested the password post-bios.
Winmagic Data Security installs a 'Winmagic Securedoc bootloader' over the normal bootloader. I found a guide explaining how to grant windows itself access to the bootloader in the link below, but I cant get into this console hitting F10:
Resolving an MBR error Message - Tulane ISO Wiki
2. Find the backup key somewhere. hah.
3. Send the drive to a data recovery company able to deal with encrypted files.
The one I called said they needed a backup key along with the drive. heh.
4. Decrypt the drive myself. Anyone know where I can find a supercomputer and a copy of some NSA decryption software?
5. consider files lost.
I think the option with the best odds of succeeding is option 1. The linked guide claims it is possible. Does anyone know how I might access the console on the HP version of this software? Any tips other than 'Data gone, gbye'?
Note: I did already clone the drive to secure its original state.
When turning on the laptop, I am presented with a HP login screen requesting a fingerprint or password. This password is known, we type it in and get a windows error stating that the bootloader is corrupt.
I figured this would be easy enough - simply repair the bootloader. I booted off of the windows 8 disk and tried startup repair. Startup repair failed, because it could not access the drive the OS is installed on.
I decide to look up what the HP login screen post-bios is all about. It turns out HP Protect Tools was used to encrypt the partition the OS and my clients (important!) data is on. I later found out that messing with the bootloader on a drive encrypted with HP's software can mess things up further, so I'm glad in a way that the windows DVD repair options didn't function.
I searched online for ways to recover the data and found a way to perhaps rescue the files here:
ftp://ftp.hp.com/ftp1/pub/caps-softpaq/TCE&Q/
However, this method requires the backup encryption key (typcially saved to usb) to work.
Now here comes the fun stuff. The guy this laptop belongs was not aware that his drive was encrypted and didn't even know it was installed.. His laptop was originally installed at his companies main office, so we turned there to get the key file required to unlock the files on the drive. They don't have the backup encryption key. Brilliant.
Oh, did I mention that there is no backup of the laptops data anywhere? Of course there isnt.
My options for data retrieval are, as far as I can tell:
1. Somehow fix the bootloader without ruining the encryption
HP Protect Tools was the software used to encrypt the drive, which I believe is a modification of Winmagic Data Security. It actually has the winmagic logo visible when you are requested the password post-bios.
Winmagic Data Security installs a 'Winmagic Securedoc bootloader' over the normal bootloader. I found a guide explaining how to grant windows itself access to the bootloader in the link below, but I cant get into this console hitting F10:
Resolving an MBR error Message - Tulane ISO Wiki
2. Find the backup key somewhere. hah.
3. Send the drive to a data recovery company able to deal with encrypted files.
The one I called said they needed a backup key along with the drive. heh.
4. Decrypt the drive myself. Anyone know where I can find a supercomputer and a copy of some NSA decryption software?
5. consider files lost.
I think the option with the best odds of succeeding is option 1. The linked guide claims it is possible. Does anyone know how I might access the console on the HP version of this software? Any tips other than 'Data gone, gbye'?
Note: I did already clone the drive to secure its original state.
My Computer
- Computer type
- PC/Desktop
- OS
- Windows 7 home premium 64 bit
