Do you need to recover user data with Target Disk Mode, but you don’t have the user’s FileVault 2 password?
I will show you how to unlock FileVault 2 after you connect the Mac using Target Disk Mode. This can be very helpful for IT Departments that need to access user data when an employee is let go and you don’t have the user’s password.
How to boot a Mac into Target Disk Mode (TDM)
Think of Target Disk Mode as if you are turning your Mac into an External Hard Drive. Once you plug the Target Mac into the host Mac using a USB/Thunderbolt Cable you can access all of the Target Mac’s files on the Host Mac. It’s really a great tool for moving data, especially useful for fast file backup, transfers or data recovery.
support.apple.com/guide/mac-help/transfer-files-computers-target-disk-mode-mchlp1443/10.14/mac/10.14
Mounting the and unlocking the drive.
Once you have booted your Mac into Target Disk Mode and it’s pluged into the host Mac you will be see a GUI message after a few moments.
If the Mac is not encrypted and doesn’t have a T2 the drive will just mount as Macintosh HD on the Desktop.
If you know the user’s password, type it in and the drive will mount.
Attempting to unlock FileVault 2 TDM “diskutil apfs unlockVolume -passphrase”
You may have used this command in the past if you needed to unlock FileVault in the Recovery Partition.
diskutil apfs unlockVolume /dev/apfs_volume_id_goes_here -passphrase personal_recovery_key_goes_here
Rich Trouton wrote a great article on how to unlock FileVault 2 in the Recovery Partition. You can find that article here.
You would think we could use the same command to mount the drive with TDM. Let’s try it.
Trying to use the following command.
diskutil apfs unlockVolume /dev/disk3s5 -passphrase _recovey_key_here
Will give the error
Error unlocking APFS Volume: APFS Volume Target Disk Mode Unlock requires that you supply a specific user (-69486)
The GUI unlock pop-up only has the option to unlock with user’s password.
Gathering the information that you need to unlock the drive using the Personal Recovery Key.
Let’s get started. You will only need 3 things.
- APFS Volume ID
- UUID of the Personal Recovery User
- FV2 Personal Recovery Key
First let’s get the APFS Volume ID of the Target Mac. On the host Mac run this command in the Terminal.
diskutil apfs list
Look all the way at the bottom for Name: Macintosh HD You will also see Mount Point: Not Mounted and FileVault: Yes (Locked)
You will need to grab disk4s5 from APFS Volume Disk (Role) This is the Target Mac’s Volume ID.
2. Get the Personal Recovery User UUID
Run this command to get the UUID of the Personal Recovery User. Don’t forget to put the Volume ID that you grabbed above in apfs_volume_id_here
diskutil apfs listUsers /dev/apfs_volume_id_here
3. Personal Recovery Key
Now that you have the all 3 things we can now unlock the drive.
Unlocking the Drive using the Personal Recovery User and Personal Recovery Key.
Let’s unlock the drive! The command is
diskutil apfs unlockVolume /dev/disk_volume_ID_here -user personal_recovery_user_UUID_here
After typing in the command you will have a prompt that says Passphrase. Paste or type the Mac’s Recovery Key in and hit enter.
NOTE: for the PRK you have to include all the dashes and use all CAPS.
If you don’t you will get this error
Passphrase incorrect or user does not exist
Once you type in the correct PRK you will be see this message.
Unlocked and mounted APFS Volume attached via Target Disk Mode
Copying Files
One last note if you need to copy files from the user’s folder. If you navigate to the user’s folder and see that you do not have permission to view Desktop, Documents or Downloads. This is not a problem.
All you need to do is copy the entire user folder over to the Host Mac. You will be prompted to enter in an admin password. This is the admin password on the Host Mac not the Target Mac. Once the User folder is copied over you will have access to all files.
Thanks
I wanted to thank someone who clarified this procedure and also helped test to make sure it worked.
Thank you Mr. Anonymous!!!
I hope this article has helped you. If you have any questions or comments please don’t hesitate to Contact Me.
Hello I have a problem. I lost my pass. the disk is locked with HFS + encrypted with HINT. I need to see the hint to remember my pass, but the hint in HFS + is not displayed.
Hey I don’t understand what’s the Personal Recovery Key in Point 3. I get the Volume ID and the Personal Recovery User.. but what key I have to type in?
Thank ya in advance! I try to get my own data from my Mac after the BigSur Update crashed my FileVault password.
Any idea what to do if you get this error? “Error unlocking APFS Volume: Couldn’t rediscover disk after operation (-69822)”
Hello Neil,
Can you give me a little more information? Is this a T1, T2 system? Does this happen only one this one machine or have you tested on others?
Did you ever fix this? I am in the same situation.
Thanks
-Ed
Does it matter if the target Mac is a T2 chip encrypted one?
Hello Vince,
This will work for any Mac that is formatted with APFS! So “Almost” all 10.13, 10.14 and 10.15 Macs. Some 10.13 systems that had a spinning hard drives pr Fusion drives still used HFS+.