New
#11
That seems a little bit harder than expected, loll...
I completely lost it at step 5, have to retry.
I think I'm going to boot a PE to copy needed files, there is something that did not work or did something wrong when trying to decrypt the master key. The process reported that The LSA hash dump type reveals that the key received was in an unexpected format...
Edit:
Was able to sort it out...
The only thing I had to "remember" was my password used when encrypting the files.
Since this is not about cracking but file recovery I left that aside and used the /password: command in step 4 and...
The guide works flawlessly.
Once the certificate installed. The new machine is able to copy files from the encrypted folder without problems.
Last edited by MaloK; 19 Mar 2022 at 15:18.
That's exactly what I want to say, because I already included in my first post that I did try with both take ownership and running the command "cipher /d ..." approach and none of them worked.
I have a windows.old folder with my old user and it contains a encryption-related file at %USERPROFILE%\AppData\Roaming\Microsoft\SystemCertificates\. I tried to copy those from windows.old\users to my current users, and the certmgr.msc tool does show some information about the certifications.
It makes sense that the decryption still failed because it needs some kind of private key, which is connected to the old user and its password, and that's why the backup certificate created from old user is the only way. Unfortunately, I can't restore to previous windows version. It doesn't show up on my Settings > Update and Recovery. I just have the windows.old folder.
@MaloK mentions an article about decrypting without the certificate backup, what do you think about this approach?
- - - Updated - - -
Awesome, I will try now. My user account is an online account, so which password do I need (offline password, PIN or Microsoft account?
It would be the account password used to log in windows. If the password is incorrect the command will fail with an error message.
Following your guide, I failed at 2 steps:
Step 1, I could retrieve the certificate thumbprint, but it didn't match with the only one file that I have on SystemCertificates folder
Step 5, I couldn't decrypt my master key, though I typed the correct password (anything that I could use to sign in on the old user).
I decided to stop since there is something wrong from the step 1. I only have 1 key on the SystemCertificates and it didn't match with the one from my encrypted files. However, your guide is pretty useful for other users, so I will mark it solved with that solution.
Thank you all of you guys for helping me troubleshooting this hard problem, not only common advice that I can find from the internet, but also the real solution that explained what happened in the most practical way.
Thank you once again.
If you want to you can PM me the files required and your password, I can try to make a certificate for you.
I say that, but I don't really know how important the files you are going to loose are for you... If it's all stuff that you can gather back with time. And nothing really important is at stake. Just delete all partitions on it and reformat to be usable.
Edit as a side note: I had to try with a couple files for step 1 to succeed.. Some files where not working. don't know why.