Hi, I restarted my computer and the windows bootloader came up telling me it can't find winload.exe. Obviously the veracrypt bootloader has been replaced by windows. Why? I am not sure. I think it is because I removed my System Reserved drive, but I am not sure. I have tried plugging my hard drive into my laptop that has veracrypt and trying all the possible recovery options to no avail. I also do not have a rescue disk. I am hoping that the windows bootloader is much smaller than the veracrypt bootloader and that it didn't overwrite the sectors unique to my password. Here are the first 63 sectors: https://drive.google.com/open?id=0B-AQi1ELN7NsN0cwRk1hYkxtckU
I am about to install veracrypt on a VM so I can copy the veracrypt bootloader onto my hard drive. Which is the sector that contains information unique to my password? Hopefully that didn't get overwritten. Could someone take a look please? If this is like truecrypt, then the 63rd sector is the critical one and I need only replace the first 62 sectors. Is that correct? I hope I can just do that. I have very important files that I put a lot of work into that now may be lost... What sector(s) need I replace? For convenience, I would appreciate if someone could upload theirs for Windows 7 x64.
Last edit: omh 2016-12-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Veracrypt did something and now the partition isn't being detected at all? what the hell is going on??? what the hell did veracrypt do? The disk is NOT empty. I checked with a disk editor. The partitions are not showing anymore. there was a 1.8TB partition and now it is not coming up at all. What the hell?? Veracrypt literally just corrupted the partitions. WTf??? Can I developer please explain WHY the hell veracrypt just corrupted my partition, failed to boot, and HOW to fix it? Thank you. I have also noticed that there is no longer any empty sectors on my disk drive. Did veracrypt really just fuck up my drive? -_-. seriously... Veracrypt wrote to EVERY sector of my hard drive WTF HAPPENED?!?!??!!?!?!?!?!!????!??!??!??!??!??!?!!??
Last edit: omh 2016-12-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is no more partitions. Veracrypt literally just destroyed my hard drive. NOW it's probably unrecoverable. I shouldn't have EVER installed a 3rd party disk encrpytion tool. What am I supposed to do now? I had so much code... Is it gone?? what do I do???? All I wanted was a secure drive and now what? what do I do??
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, the 63rd sector. So that is the cirtical one, correct? If so, it was intact. The authentication was successful, but decryption was not — no bootable partition was found. I kind of overreacted when I noticed the whole disk was encrypted. That's probably just the padding that was done because I chose full disk encryption. Anyway, what do I do now? Veracrypt malfunctioned and something happened to my partitions. Now it can't detect any bootable partitions. I checked with the veracrypt GUI and it was not detecting any partitions on my drive. This happaned AFTER fixing the veracrypt boot loader. All I did was copy the first sector of a veracrypt encrypted drive to my problem drive becase windows overwrote it with its own. Please advise. I don't want to mess anything up.
Last edit: omh 2016-12-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Probably partition tables were destroyed.
Other data is encrypted.
First - backup all data.(e.g. use DD tool) Then it is possible to decrypt. After decryption you can use any recovery tool like R-Studio to find data and lost partition.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You are missing something. I can't decrypt. I have to recover the partition tables FIRST. I had two partitions. One was 1.8TB and the other one was less than 10GB. Could I just create a new partition and try decrypting then? Or would that lead to more problems? Could I use a software utility like this http://www.easeus.com/partition-recovery/? I need to be absolutely certain of what I am doing before I proceed because unfotunately, I do not have a secondary disk big enough to peform a backup. From R-studio's website: "When the partition structure on a hard disk was changed or damaged. In this case, R-Studio utilities can scan the hard disk trying to find previously existing partitions and recover files from found partitions." Should I give r-studio a go first? EaseUS or r-studio? Would it even work on an encrypted drive? And let's say I do recover the partitions... it's veracrypt that corrupted them in the first place. It may happen again.
Last edit: omh 2016-12-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Both partitions were primary => so partition table is 0 sector.
0 sector was lost.
to scan for lost partitions via R-Studio or other tools data has to be decrypted.
I do not know system level decryption tool for VeraCrypt. It is necessary to program.
So when I copied the first sector of my VM drive to the problem drive and ran veracrypt, it got confused because it had the wrong partition table? I didn't know the partition table resided with the MBR. I wouldn't have done what I did otherwise. What do you think happened? Was my data corrupted? There must be some way I can decrypt it. Rescue disks are unique to the password I believe. I cannot just create another one, even with the same password because the salt will be different. How did you not know this? Your suggestion won't work. I need greater assistance here, preferably from one of the developers.
Last edit: omh 2016-12-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am currently searching the disk for "VeraCrypt Boot Loader" to see if I can find a backup. If not, I still have the windows partition table that I uploaded. Maybe I can copy the partition table from that and place it on the first sector of the veracrypt boot loader. But where does it start and where does it end? I may need some help. I'm gonna lookup more informaton about the MBR like where the partition header resides. There is hope!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
So I had a backup of my windows MBR. I copied the partition table from that one onto the problem drive. 2 partitions; I copied 32 bytes. Now 2 partitions come up just as before. But veracrypt is still giving me "Error: no bootable partition found." What am I missing? What do I do now?
Last edit: omh 2016-12-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I cannot understand full sequence of steps and what is the source of problem.
I suspect -
1. you encrypt entire drive.
2. you delete MS reserved partition.
3. system cannot boot
4. you overwrite 0 sector
p2 is not good because in MBR case, windows is started from it.
p4 removes correct partition table from MBR
In current situation there is a problem but there is good moment you have correct keys sector 62. So it is possible to decrypt data and recover via tools like R-Studio.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I removed my SSD that contained the MS reserved partition. Windows overwrote the MBR of my main drive. I made a backup of the windows MBR. I installed veracrypt on a VM on another computer and encrypted the virtual disk. I copied that MBR onto my main drive. I didn't know at the time that the partition header resides in the MBR. So obviously, it was not able to boot, because it had the wrong partition headers. So then I copied the correct partition headers onto the MBR, but I am still getting the same error: "Error: no bootable partition found." I am able to mount the drive using the mount option "Mount partition using system encryption without pre-boot authentication." That works, but all I can see is this: https://gyazo.com/f305abee17af832ff2aefc50b44c0b21 So it is being partially decrypted? Why isn't the whole thing being decrypted? What is going on here? Can you explain what to do with the 62nd sector and R-studio? Please be more sepcific.. Is it possible we can get on teamviwer?
Last edit: omh 2016-12-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I cannot see any picture.
Partially decrypted - might be. I suspect partition table is not correct.
Could you check volume via disk edit tools like WinHex after mount? First bytes have to contain "NTFS" label.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, the NTFS label is there. How come you can't see the pictures? In one of the pictures, the "NTFS" label is evident. How can the partition table be incorrect. It's the same exact one that I had previously. I had a backup of my windows MBR and copied its partition table to my veracrypt MBR. However, upon mounting, I can clearly see that most of the disk is junk. So it must not be decrypting completely, but how-come? To see the pictures, remove the "." at the end of the URL.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, I restarted my computer and the windows bootloader came up telling me it can't find winload.exe. Obviously the veracrypt bootloader has been replaced by windows. Why? I am not sure. I think it is because I removed my System Reserved drive, but I am not sure. I have tried plugging my hard drive into my laptop that has veracrypt and trying all the possible recovery options to no avail. I also do not have a rescue disk. I am hoping that the windows bootloader is much smaller than the veracrypt bootloader and that it didn't overwrite the sectors unique to my password. Here are the first 63 sectors: https://drive.google.com/open?id=0B-AQi1ELN7NsN0cwRk1hYkxtckU
I am about to install veracrypt on a VM so I can copy the veracrypt bootloader onto my hard drive. Which is the sector that contains information unique to my password? Hopefully that didn't get overwritten. Could someone take a look please? If this is like truecrypt, then the 63rd sector is the critical one and I need only replace the first 62 sectors. Is that correct? I hope I can just do that. I have very important files that I put a lot of work into that now may be lost... What sector(s) need I replace? For convenience, I would appreciate if someone could upload theirs for Windows 7 x64.
Last edit: omh 2016-12-11
Okay, the veracrypt bootloader comes up now. I entered my password and got: "Error: no bootable partition found." What do I do next?
Last edit: omh 2016-12-11
Veracrypt did something and now the partition isn't being detected at all? what the hell is going on??? what the hell did veracrypt do? The disk is NOT empty. I checked with a disk editor. The partitions are not showing anymore. there was a 1.8TB partition and now it is not coming up at all. What the hell?? Veracrypt literally just corrupted the partitions. WTf??? Can I developer please explain WHY the hell veracrypt just corrupted my partition, failed to boot, and HOW to fix it? Thank you. I have also noticed that there is no longer any empty sectors on my disk drive. Did veracrypt really just fuck up my drive? -_-. seriously... Veracrypt wrote to EVERY sector of my hard drive WTF HAPPENED?!?!??!!?!?!?!?!!????!??!??!??!??!??!?!!??
Last edit: omh 2016-12-11
There is no more partitions. Veracrypt literally just destroyed my hard drive. NOW it's probably unrecoverable. I shouldn't have EVER installed a 3rd party disk encrpytion tool. What am I supposed to do now? I had so much code... Is it gone?? what do I do???? All I wanted was a secure drive and now what? what do I do??
Was I wrong to copy the first sector of the veracrypt bootloader from my VM to my drive's first sector?
Situation is not clear.
Do you encrypt your system drive? Full disk?
Very important! System encryption key is in 62 sector.
Data encryption key is in 0 sector of data partition. (and backup at the end of partition)
Last edit: Alex 2016-12-11
Yes, the 63rd sector. So that is the cirtical one, correct? If so, it was intact. The authentication was successful, but decryption was not — no bootable partition was found. I kind of overreacted when I noticed the whole disk was encrypted. That's probably just the padding that was done because I chose full disk encryption. Anyway, what do I do now? Veracrypt malfunctioned and something happened to my partitions. Now it can't detect any bootable partitions. I checked with the veracrypt GUI and it was not detecting any partitions on my drive. This happaned AFTER fixing the veracrypt boot loader. All I did was copy the first sector of a veracrypt encrypted drive to my problem drive becase windows overwrote it with its own. Please advise. I don't want to mess anything up.
Last edit: omh 2016-12-11
Probably partition tables were destroyed.
Other data is encrypted.
First - backup all data.(e.g. use DD tool) Then it is possible to decrypt. After decryption you can use any recovery tool like R-Studio to find data and lost partition.
You are missing something. I can't decrypt. I have to recover the partition tables FIRST. I had two partitions. One was 1.8TB and the other one was less than 10GB. Could I just create a new partition and try decrypting then? Or would that lead to more problems? Could I use a software utility like this http://www.easeus.com/partition-recovery/? I need to be absolutely certain of what I am doing before I proceed because unfotunately, I do not have a secondary disk big enough to peform a backup. From R-studio's website: "When the partition structure on a hard disk was changed or damaged. In this case, R-Studio utilities can scan the hard disk trying to find previously existing partitions and recover files from found partitions." Should I give r-studio a go first? EaseUS or r-studio? Would it even work on an encrypted drive? And let's say I do recover the partitions... it's veracrypt that corrupted them in the first place. It may happen again.
Last edit: omh 2016-12-11
I guess - disk was MBR.
Both partitions were primary => so partition table is 0 sector.
0 sector was lost.
to scan for lost partitions via R-Studio or other tools data has to be decrypted.
I do not know system level decryption tool for VeraCrypt. It is necessary to program.
Do you have computer with EFI boot?
Probably it can be done via EFI rescue disk. Use EFI rescue disk from VeraCrypt 1.20beta1 !
https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/
Note: it is complex operation. Backup is very important!
Last edit: Alex 2016-12-11
So when I copied the first sector of my VM drive to the problem drive and ran veracrypt, it got confused because it had the wrong partition table? I didn't know the partition table resided with the MBR. I wouldn't have done what I did otherwise. What do you think happened? Was my data corrupted? There must be some way I can decrypt it. Rescue disks are unique to the password I believe. I cannot just create another one, even with the same password because the salt will be different. How did you not know this? Your suggestion won't work. I need greater assistance here, preferably from one of the developers.
Last edit: omh 2016-12-11
I wrote EFI support for VeraCrypt.
EFI rescue disk is my work also. It checks all disks with password and decrypts the volume with successful authorization
version 1.20 - it is important!
Last edit: Alex 2016-12-11
I'll try it.
I got this error when clicking "create rescue disk": https://gyazo.com/b8b9df5fa4373cde0180f51861c81c80
When I try to decrypt the partition, I get this error: https://gyazo.com/dd46f92e2f148a72c9f988506716ec22
Where is the PRF stored?
Last edit: omh 2016-12-11
I am currently searching the disk for "VeraCrypt Boot Loader" to see if I can find a backup. If not, I still have the windows partition table that I uploaded. Maybe I can copy the partition table from that and place it on the first sector of the veracrypt boot loader. But where does it start and where does it end? I may need some help. I'm gonna lookup more informaton about the MBR like where the partition header resides. There is hope!
So I had a backup of my windows MBR. I copied the partition table from that one onto the problem drive. 2 partitions; I copied 32 bytes. Now 2 partitions come up just as before. But veracrypt is still giving me "Error: no bootable partition found." What am I missing? What do I do now?
Last edit: omh 2016-12-11
You can try to mount the disk from VeraCrypt.
Select partition with OS
Mount=>Mount options=>Mount partition using system encryption
Yes, I can mount that way, but from there, I can't do anything more. This is all I can see: https://gyazo.com/f305abee17af832ff2aefc50b44c0b21 Windows won't recognize the drive. It keeps asking me to format it: https://gyazo.com/ac40fdb8f0ff42a35b9f024bb576b617 And after I click cancel: https://gyazo.com/0f49fce484a0f05e27d86855a45d62ac
And there is this: https://gyazo.com/a8fe466447bb78374a4ce086793b9b19 https://gyazo.com/f6c212e2f247119010cdc65eeecfba8f
What has veracrypt done?
Last edit: omh 2016-12-12
I cannot understand full sequence of steps and what is the source of problem.
I suspect -
1. you encrypt entire drive.
2. you delete MS reserved partition.
3. system cannot boot
4. you overwrite 0 sector
p2 is not good because in MBR case, windows is started from it.
p4 removes correct partition table from MBR
In current situation there is a problem but there is good moment you have correct keys sector 62. So it is possible to decrypt data and recover via tools like R-Studio.
I removed my SSD that contained the MS reserved partition. Windows overwrote the MBR of my main drive. I made a backup of the windows MBR. I installed veracrypt on a VM on another computer and encrypted the virtual disk. I copied that MBR onto my main drive. I didn't know at the time that the partition header resides in the MBR. So obviously, it was not able to boot, because it had the wrong partition headers. So then I copied the correct partition headers onto the MBR, but I am still getting the same error: "Error: no bootable partition found." I am able to mount the drive using the mount option "Mount partition using system encryption without pre-boot authentication." That works, but all I can see is this: https://gyazo.com/f305abee17af832ff2aefc50b44c0b21 So it is being partially decrypted? Why isn't the whole thing being decrypted? What is going on here? Can you explain what to do with the 62nd sector and R-studio? Please be more sepcific.. Is it possible we can get on teamviwer?
Last edit: omh 2016-12-12
I cannot see any picture.
Partially decrypted - might be. I suspect partition table is not correct.
Could you check volume via disk edit tools like WinHex after mount? First bytes have to contain "NTFS" label.
Yes, the NTFS label is there. How come you can't see the pictures? In one of the pictures, the "NTFS" label is evident. How can the partition table be incorrect. It's the same exact one that I had previously. I had a backup of my windows MBR and copied its partition table to my veracrypt MBR. However, upon mounting, I can clearly see that most of the disk is junk. So it must not be decrypting completely, but how-come? To see the pictures, remove the "." at the end of the URL.
Do not open partition.
Open logical drive letters. Select the letter with VeraCrypt mounted volume.
https://gyazo.com/ac40fdb8f0ff42a35b9f024bb576b617
https://gyazo.com/3e49be54e1969108c3e88f0ad0b5e441
Open S drive via WinHex