Add dislocker-recovery tool to extract recovery passwords

[cwerling]

Hi there,

I needed to get from a valid VMK to the accompanying recovery key (so I'd be able to boot into the live Windows environment). This was discussed in #294 and I asked Claude Code for help to implement it.

I decided to make it a separate binary as I didn't want dislocker-metadata to handle decryption stuff, but also found it unfitting for the other entrypoints.

Since I don't know if vibe-coded, but tested code is welcome, I'm cautiously advertising this to be merged. I also made some modifications to the cmake configs so I could compile it on both Ubuntu 24.04 and a recent Fedora.

I'm definitely open for any changes if needed. If you have a strict no-AI policy, feel free to discard it.

[cwerling]

Sample output:

Tue Feb  3 15:35:51 2026 [INFO] dislocker by Romain Coltel, v0.7.3 (compiled for Linux/x86_64)
Tue Feb  3 15:35:51 2026 [INFO] Compiled version: master:6c2a51e
Tue Feb  3 15:35:51 2026 [INFO] Volume GUID (INFORMATION OFFSET) supported
Tue Feb  3 15:35:51 2026 [INFO] BitLocker metadata found and parsed.
Tue Feb  3 15:35:51 2026 [INFO]
Tue Feb  3 15:35:51 2026 [INFO] ============================================================
Tue Feb  3 15:35:51 2026 [INFO] BitLocker Recovery Password:
Tue Feb  3 15:35:51 2026 [INFO]
Tue Feb  3 15:35:51 2026 [INFO]   123456-282733-077264-299761-660264-491073-350658-987654
Tue Feb  3 15:35:51 2026 [INFO]
Tue Feb  3 15:35:51 2026 [INFO] ============================================================
Tue Feb  3 15:35:51 2026 [INFO]
Tue Feb  3 15:35:51 2026 [INFO] You can use this password to unlock the BitLocker volume
Tue Feb  3 15:35:51 2026 [INFO] at the Windows recovery screen.

[Aorimn]

Hey there, why not!? Thanks for this!

Are you aware that once you have one of the recovery mechanism, one can use it to recover the recovery password and/or key (cf the comment here)?
I guess Claude isn't yet, he might have proposed this as well

[cwerling]

Hey @Aorimn, thanks for the friendly check!

This makes sense conceptually! I told Claude to throw away the extra CLI entrypoint (dislocker-recovery) and it instead implemented it where your comment was and added a command line option for it.

I was only able to test compilation on a Ubuntu 24.04 Docker container on my Mac, so this definitely needs to be tested on a Linux system with some Bitlocker-encrypted drive attached. Can do that tomorrow.

Cheers!

[Aorimn]

Wow, that's quite awesome!

[cwerling]

Crazy times. Also, after sending Claude Code the link to your first PR comment, it replied pretty accurately :D

⏺ The maintainer (Aorimn) is making a friendly observation. [...]

  His point:
  - This wasn't a new idea - it was a recognized possibility that just hadn't been implemented yet
  - He's joking that I (Claude) wasn't aware of this existing comment, otherwise I might have pointed you
  to it or based the implementation on it

  It's a positive comment overall - he said "why not!? Thanks for this!" - so he seems happy with the
  contribution. He's just noting the historical context that the idea was already documented in the code.

Sorry for the off topic. Will send an update once I tested this tomorrow.