What's new

BitLocker Repair Tool - Recover Drive in Windows 7 and 8

How to Use BitLocker Repair Tool to Recover a Drive in Windows 7 and Windows 8
The BitLocker Repair Tool (Repair-bde) is a command-line tool included with Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. This tool attempts to repair or decrypt a damaged BitLocker-encrypted volume using the supplied recovery information to reconstruct critical parts of the drive and salvage recoverable data to another volume.

This tutorial will show you how to use the BitLocker Repair Tool to recover your data from a damaged encrypted operating system (OS) drive, fixed data drive (ex: internal volume/drive), or removable data drive (ex: USB drive) in Windows 7 and Windows 8.

You must be signed in as an administrator to be able to do the steps in this tutorial.


Note   Note

  • You must have at least one of the following for the BitLocker encrypted drive:
    • Password
    • Recovery key
    • Startup key .BEK file location
  • You will need to have an empty output volume (drive) of equal or larger size than the damaged BitLocker encrypted drive. The contents of the output volume will be completely deleted and overwritten by the decrypted contents of the damaged BitLocker drive.
warning   Warning
The BitLocker Repair Tool should only be used as a last resort when you were unable to decrypt or unlock the encrypted drive using either the password, recovery key, USB flash drive, or BitLocker Recovery.

Tip   Tip
If you were signed in to your Microsoft account when you encrypted a drive with BitLocker, then you can get your recovery key from your OneDrive at the link below.


Microsoft account: BitLocker recovery keys



EXAMPLE: Before and After using BitLocker Repair Tool
NOTE: In this example, the BitLocker encrypted drive is F: and the output volume is E: .

Computer_Before_BRT.jpg

Computer_After_BRT.jpg



Here's How:

1. Do step 2, 3, or 4 below depending on what you would like to do.


2. To Use the Password in Windows 8
NOTE: This option is only available in Windows 8, and would be for an OS drive, fixed data drive, or removable data drive that you have configured to be unlocked by a password.

A) Open an elevated command prompt.

B) In the elevated command prompt, type the command below, and press Enter. (see screenshot below)

repair-bde F: E: -pw -F

Note   Note
For only items in red in the command above:

Substitute F for the drive letter of the Bitlocker encrypted drive. Not the last F.

Substitute E for the drive letter of the output volume you want to have the contents of the Bitlocker encrypted drive decrypted and copied to.





C) When prompted in the command prompt, type the recovery password for this encrypted drive, press Enter, and go to step 5 below.
NOTE: You will not see the password as you type it.

BRT_CMD_Password.jpg

3. To Use the Recovery Key in Windows 7 and 8
NOTE: This would be for an OS drive, fixed data drive, or removable data drive that you still have the recovery key either saved to your Microsoft account, saved to a file, saved to a USB flash drive, or printed.

A) Open an elevated command prompt.

B) In the elevated command prompt, type the command below, press Enter, and go to step 5 below. (see screenshot below)

repair-bde F: E: -rp BitLockerRecoveryKey -F


For example:

Code:
repair-bde [COLOR=#ff0000][B]F[/B][/COLOR]: [COLOR=#ff0000][B]E[/B][/COLOR]: -rp [COLOR=#ff0000][B]261173-522599-237072-583517-442068-316811-199375-623755[/B][/COLOR] -F

Note   Note
For only items in red in the command above:


Substitute F for the drive letter of the Bitlocker encrypted drive.

Substitute E for the drive letter of the output volume you want to have the contents of the Bitlocker encrypted drive decrypted and copied to.

Substitute BitLockerRecoveryKey for the actual 48 digit recovery key for the encrypted drive like below.

Saved to USB or File:

Recover_Key-1.jpg
Recover_Key-2.jpg

Saved to Microsoft account:

Recover_Key-3.jpg





BRT_CMD_Recovery_Key.jpg


4. To Use the Startup Key in Windows 7 and 8
NOTE: This would only be for an OS drive that you have configured to be unlocked by a USB flash drive.

A) Since you will not be able to boot from the OS drive, you will need to first connect it to another Windows Server 2008 R2, Windows 7, Windows Server 2012, or Windows 8 PC.

B) Open an elevated command prompt in the other PC.

C) In the elevated command prompt, type the command below, press Enter, and go to step 5 below. (see screenshot below)

repair-bde F: E: -rk I:\StartupKey.BEK -F


For example:

Code:
repair-bde [COLOR=#ff0000][B]Z[/B][/COLOR]: [COLOR=#ff0000][B]E[/B][/COLOR]: -rk [COLOR=#ff0000][B]I[/B][/COLOR]:\[COLOR=#ff0000][B]AFA58D77-94CD-4300-8009-68B36AE53276[/B][/COLOR].BEK -F

Note   Note
For only items in red in the command above:

Substitute F for the drive letter of the Bitlocker encrypted drive.

Substitute E for the drive letter of the output volume you want to have the contents of the Bitlocker encrypted drive decrypted and copied to.

Substitute I for the USB drive letter that the startup key has been saved or copied to.

Substitute StartupKey for the actual file name of the startup key for the encrypted drive like below. The BEK file (startup key) will be a hidden protected OS file.

Startup_Key_BEK.jpg






BRT_CMD_Startup_Key.jpg


5. When finally successfully finished, follow any given "ACTION REQUIRED" first. For example, to run chkdsk on the output volume before opening. (see screenshots below step 2, 3, and 3 above)

NOTE: The BitLocker Repair Tool may take a long time to finish, but you will still be able to use your PC during the recovery process. Just do not turn off the PC until it has finished.

6. You will now be able to open the output volume (ex: E) to view the decrypted files from the BitLocker encrypted drive (ex: F).



That's it,
Shawn


Related Tutorials


 

Attachments

  • BitLocker.png
    BitLocker.png
    56.2 KB · Views: 4
Last edited by a moderator:

Rcreators

New Member
Hi Brink,

That is what i am worried about most. Basically Drive is not password protected. its just encrypted and having issue with decryption. I also have recover key separately copied. so is there any chances now ?
 

My Computer

System One

  • OS
    Windows 8

Brink

Administrator
Administrator
mvp
It'll just depend on if it will be able to successfully finish decrypting.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Name
    Shawn Brink
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
    State/Region Flag
    us oklahoma

iMalcolm

New Member
Houston we have a problem...

I enabled bitlocker for boot volume and after "test" restart got blank screen. Some commands:
Code:
Microsoft Windows [Version 10.0.10586]

X:\Sources>manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Label Unknown]
[Data Volume]

    Size:                 Unknown GB
    BitLocker Version:    2.0
    Conversion Status:    Unknown
    Percentage Encrypted: Unknown%
    Encryption Method:    XTS-AES 128
    Protection Status:    Unknown
    Lock Status:          Locked
    Identification Field: Unknown
    Automatic Unlock:     Disabled
    Key Protectors:
        External Key
        Numerical Password

Volume D: [Buffer]
[Data Volume]

    Size:                 215.34 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found


X:\Sources>manage-bde c: -protectors
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: Missing required parameter.

Type "manage-bde -?" for usage.

X:\Sources>manage-bde c: -protectors -get
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Volume C: [Label Unknown]
All Key Protectors

    External Key:
      ID: {C93D1B3D-6F11-4B08-AC97-0A712133AF9B}
      External Key File Name:
        C93D1B3D-6F11-4B08-AC97-0A712133AF9B.BEK

    Numerical Password:
      ID: {375BFF3F-D9F6-4FA8-B730-9035DF899625}
Microsoft Windows [Version 10.0.10586]

X:\Sources>repair-bde c: d: -F
BitLocker Drive Encryption: Repair Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Scanning sector boundaries for metadata:   1%
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 172789760. (0x80310000)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 1132462080. (0x80310000)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80310000)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 2510430208. (0x80310000)
Scanning sector boundaries for metadata:  18%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 37528612352. (0x80310010)
Scanning sector boundaries for metadata:  96%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 192927018496. (0x80310010)
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 193114650624. (0x80310010)
Scanning sector boundaries for metadata: 100%
Finished scanning for BitLocker metadata.

ERROR: BitLocker is not suspended on this volume. Try another key protector.

X:\Sources>repair-bde c: d: -F -rp 715429-199276-105765-436755-535469-717453-578611-538736
BitLocker Drive Encryption: Repair Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Beginning scan for BitLocker metadata.

Scanning boot sectors for pointer to metadata: 100%
Scanning sector boundaries for metadata:   1%
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 172789760. (0x80070057)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 1132462080. (0x80070057)
LOG ERROR: 0xc0000033
Failed to authenticate using supplied recovery information. (0x80070057)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 2510430208. (0x80070057)
Scanning sector boundaries for metadata:  18%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 37528612352. (0x80310010)
Scanning sector boundaries for metadata:  96%
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 192927018496. (0x80310010)
LOG WARNING: 0x8000003a
Proper metadata signature found, but the metadata is invalid. (0x80310010)
LOG ERROR: 0xc000003b
Could not validate metadata at offset 193114650624. (0x80310010)
Scanning sector boundaries for metadata: 100%
Finished scanning for BitLocker metadata.

ERROR: Cannot use '715429-199276-105765-436755-535469-717453-578611-538736' to
unlock the input volume. Please try a different recovery password, recovery key
or password.

Thank you in advance for any suggestions because I don't have a backup(
 

My Computer

System One

  • OS
    Windows 10 Pro
    Computer type
    Laptop
    Country Flag
    USA
    State/Region Flag
    us california

Brink

Administrator
Administrator
mvp
Hello Malcolm, and welcome to Eight Forums.

That doesn't sound good at all. You might try restarting the computer again to see if you may get a BitLocker failed message, and then return to Windows.

Otherwise, it's looking like it may be time to clean install. :(
 

My Computer

System One

  • OS
    64-bit Windows 10
    Name
    Shawn Brink
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
    State/Region Flag
    us oklahoma

Brink

Administrator
Administrator
mvp
I'm glad it could help PaladinLeonitus, and welcome to Eight Forums. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Name
    Shawn Brink
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone
    State/Region Flag
    us oklahoma

Soulkeep

New Member
IMPORTANT!
Make sure you try Brinks recovering guide before you try anything else!


I learned the hard way.
Getting recovery programs is usually not the best. I basically dug my own grave on this. Wish I found this guide earlier.

Thank you Brink for still being active and just as helpful via PM as this thread. I appreciate it all.
 

My Computer

System One

  • OS
    Windows
    Computer type
    Laptop

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top