Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HP Protect Tools - corrupt bootloader - ugh


  • Please log in to reply
5 replies to this topic

#1 Atomdesign

Atomdesign

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 12 June 2015 - 02:22 AM

I'm not sure whether I should've posted this in the encryption forum instead.. feel free to move if so.

 

A client brought in his laptop a few days back saying it wouldn't start up anymore. I took a look..

When turning on the laptop, I am presented with a HP login screen requesting a fingerprint or password. This password is known, we type it in and get a windows error stating that the bootloader is corrupt.

I figured this would be easy enough - simply repair the bootloader. I booted off of the windows 8 disk and tried startup repair. Startup repair failed, because it could not access the drive the OS is installed on.

I decide to look up what the HP login screen post-bios is all about. It turns out HP Protect Tools was used to encrypt the partition the OS and my clients (important!) data is on. I later found out that messing with the bootloader on a drive encrypted with HP's software can mess things up further, so I'm glad in a way that the windows DVD repair options didn't function.

I searched online for ways to recover the data and found a way to perhaps rescue the files here:
ftp://ftp.hp.com/ftp1/pub/caps-softpaq/TCE&Q/
However, this method requires the backup encryption key (typcially saved to usb) to work.

Now here comes the fun stuff. The guy this laptop belongs was not aware that his drive was encrypted and didn't even know it was installed.. His laptop was originally installed at his companies main office, so we turned there to get the key file required to unlock the files on the drive. They don't have the backup encryption key. Brilliant.

Oh, did I mention that there is no backup of the laptops data anywhere? Of course there isnt.

My options for data retrieval are, as far as I can tell:

1. Somehow fix the bootloader without ruining the encryption
HP Protect Tools was the software used to encrypt the drive, which I believe is a modification of Winmagic Data Security. It actually has the winmagic logo visible when you are requested the password post-bios.
Winmagic Data Security installs a 'Winmagic Securedoc bootloader' over the normal bootloader. I found a guide explaining how to grant windows itself access to the bootloader in the link below, but I cant get into this console hitting F10:
http://isowiki.tulane.edu/SecureDoc_Guides/Resolving_an_MBR_error_Message

2. Find the backup key somewhere. hah.
3. Send the drive to a data recovery company able to deal with encrypted files. The one I called said they needed a backup key along with the drive. heh.
4. Decrypt the drive myself. Anyone know where I can find a supercomputer and a copy of some NSA decryption software?
5. consider files lost.
I think the option with the best odds of succeeding is option 1. The linked guide claims it is possible. Does anyone know how I might access the console on the HP version of this software? Any tips other than 'Data gone, gbye'?

Note: I did already clone the drive to secure its original state.


Edited by Atomdesign, 12 June 2015 - 02:23 AM.


BC AdBot (Login to Remove)

 


m

#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:22 PM

Posted 12 June 2015 - 05:12 PM

I won't be much help here.  I'd suggest contacting HP or Winmagic for assistance.

Here's Winmagic's contact us page:  http://www.winmagic.com/corporate/contact-us

 

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Atomdesign

Atomdesign
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 13 June 2015 - 05:56 AM

Thanks, I already tried Winmagic and they pointed me to HP. Will try HP's contact page, although I've already been on the phone with the local support centre and they said there was nothing they could do. bummer.



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:22 PM

Posted 14 June 2015 - 04:33 AM

Good luck!


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Art Ames

Art Ames

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, NY
  • Local time:06:22 PM

Posted 11 August 2015 - 12:42 PM

I've been researching a similar issue I'm having on my personal laptop after running the win10 upgrade.  I found post from someone who had gone 9 rounds with MS and HP.  the most recent post on that line talks about HP recommending running Black Opal to remove the disk encryption.  I'm not really clear on this, but I think that's supposed to preserve your data



#6 ranchhand_

ranchhand_

  • Members
  • 1,501 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:04:22 PM

Posted 11 August 2015 - 05:13 PM

The concept of encryption is to totally protect sensitive data with a totally impregnable configuration. There is no magic way to unencrypt without the key. Game over, I'm afraid. On the flip side, you can gain some valuable experience attempting to do it, so view it as a training/learning exercise. Wish you the best!


Help Requests: If there is no reply after 3 days I remove the thread from my answer list. For further help PM me.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users