repair-bde.exe

  • File Path: C:\windows\system32\repair-bde.exe
  • Description: BitLocker Drive Encryption: Repair Tool

Hashes

Type Hash
MD5 8A8A24256B145338E025DCD848CBC1EF
SHA1 B798EA11903D13ABB41A9485546146EFDA5CDFFA
SHA256 BD64933EBFEF87F2CCBDC270625C7D2533F82CBF558F08D61605EAEB06387F08
SHA384 8634E2ABFA7CBACAECECDC2437A095E32879AA057D1A8FD2B0FF3D3F9DAE7B25D0D4EE4F7BC221881D8F279205CA7C64
SHA512 43AFBFD153FABA24FCEFD1713498326112A35009B5BED01606A080D0D6B905D7540A76539F738F9F79A7DF933DDA96C0C7D7D375917729DD13384A4B891ED5EA
SSDEEP 3072:hVn5UdQ7FzkRlGwwnVS570M9kdatGCO+xmBc+hMPhPsx:CQ7FQR+Vs7nyatGt+SYF

Signature

  • Status: The file C:\windows\system32\repair-bde.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: repair-bde.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\baaupdate.exe 75
C:\WINDOWS\system32\baaupdate.exe 77
C:\windows\system32\baaupdate.exe 77
C:\Windows\system32\baaupdate.exe 74
C:\Windows\system32\BdeHdCfg.exe 71
C:\WINDOWS\system32\BdeHdCfg.exe 69
C:\Windows\system32\BdeHdCfg.exe 69
C:\windows\system32\BdeHdCfg.exe 69
C:\Windows\system32\bdeunlock.exe 40
C:\Windows\system32\bdeunlock.exe 38
C:\WINDOWS\system32\bdeunlock.exe 40
C:\windows\system32\bdeunlock.exe 49
C:\Windows\system32\BitLockerWizard.exe 79
C:\windows\system32\BitLockerWizard.exe 82
C:\WINDOWS\system32\BitLockerWizard.exe 77
C:\Windows\system32\BitLockerWizard.exe 75
C:\Windows\system32\BitLockerWizardElev.exe 79
C:\Windows\system32\BitLockerWizardElev.exe 77
C:\WINDOWS\system32\BitLockerWizardElev.exe 79
C:\windows\system32\BitLockerWizardElev.exe 80
C:\Windows\system32\fvecpl.dll 41
C:\Windows\system32\fvenotify.exe 65
C:\windows\system32\fvenotify.exe 65
C:\WINDOWS\system32\fvenotify.exe 69
C:\Windows\system32\fvenotify.exe 61
C:\WINDOWS\system32\fveprompt.exe 69
C:\Windows\system32\fveprompt.exe 71
C:\Windows\system32\fveprompt.exe 66
C:\windows\system32\fveprompt.exe 65
C:\Windows\system32\fveui.dll 52
C:\WINDOWS\system32\manage-bde.exe 55
C:\Windows\system32\manage-bde.exe 50
C:\Windows\system32\manage-bde.exe 52
C:\windows\system32\manage-bde.exe 61
C:\Windows\system32\repair-bde.exe 69
C:\WINDOWS\system32\repair-bde.exe 72
C:\Windows\system32\repair-bde.exe 68

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


repair-bde

Attempts to reconstruct critical parts of a severely damaged drive and salvage recoverable data if the drive was encrypted by using BitLocker and if it has a valid recovery password or recovery key for decryption.

[!IMPORTANT] If the BitLocker metadata data on the drive is corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. If you used the default key back up setting for Active Directory Domain Services, your key package is backed up there. You can use the BitLocker: Use BitLocker Recovery Password Viewer to obtain the key package from AD DS.

Using the key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive, even if the disk is corrupted. Each key package works only for a drive with the corresponding drive identifier.

Syntax

repair-bde <inputvolume> <outputvolumeorimage> [-rk] [–rp] [-pw] [–kp] [–lf] [-f] [{-?|/?}]

[!WARNING] The contents of the output volume will be completely deleted and overwritten by the decrypted contents from the damaged BitLocker drive. If you want to save any existing data on the selected target drive, move the existing data to other reliable backup media first, before running the repair-bde command.

Parameters

Parameter Description
<inputvolume> Identifies the drive letter of the BitLocker-encrypted drive that you want to repair. The drive letter must include a colon; for example: C:. If the path to a key package isn’t specified, this command searches the drive for a key package. In the event that the hard drive is damaged, this command might not be able to find the package and will prompt you to provide the path.
<outputvolumeorimage> Identifies the drive on which to store the content of the repaired drive. All information on the output drive will be overwritten.
-rk Identifies the location of the recovery key that should be used to unlock the volume. This command can also be specified as -recoverykey.
-rp Identifies the numerical recovery password that should be used to unlock the volume. This command can also be specified as -recoverypassword.
-pw Identifies the password that should be used to unlock the volume. This command can also be specified as -password
-kp Identifies the recovery key package that can be used to unlock the volume. This command can also be specified as -keypackage.
-lf Specifies the path to the file that will store Repair-bde error, warning, and information messages. This command may also be specified as -logfile.
-f Forces a volume to be dismounted even if it cannot be locked. This command can also be specified as -force.
-? or /? Displays Help at the command prompt.

Limitations

The following limitations exist for the this command:

  • This command can’t repair a drive that failed during the encryption or decryption process.

  • This command assumes that if the drive has any encryption, then the drive has been fully encrypted.

Examples

To attempt to repair drive C:, to write the content from drive C: to drive D: using the recovery key file (RecoveryKey.bek) stored on drive F:, and to write the results of this attempt to the log file (log.txt) on drive Z:, type:

repair-bde C: D: -rk F:\RecoveryKey.bek –lf Z:\log.txt

To attempt to repair drive C: and to write the content from drive C: to drive D: using the 48-digit recovery password specified, type:

repair-bde C: D: -rp 111111-222222-333333-444444-555555-666666-777777-888888

[!NOTE] The recovery password should be typed in eight blocks of six digits with a hyphen separating each block.

To force drive C: to dismount, attempt to repair drive C:, and then to write the content from drive C: to drive D: using the recovery key package and recovery key file (RecoveryKey.bek) stored on drive F:, type:

repair-bde C: D: -kp F:\RecoveryKeyPackage -rk F:\RecoveryKey.bek -f

To attempt to repair drive C: and to write the content from drive C: to drive D:, where you must type a password to unlock drive C: (when prompted), type:

repair-bde C: D: -pw

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.