Fix Error -69845 – Troubleshooting MacBook Pro Partition Issues

disk-utilitydual-bootmacbook propartitionunix

A few months ago someone installed Linux on my computer using rEFInd for a project. I am using a 2015 13" Macbook Pro with 256GB SSD. The partition for linux was made to be 60GB. After the project I somehow deleted rEFInd and completely forgot about the rest.

A few days ago I noticed that I had only 190GB of fully usable space and remembered that Linux was probably still there. After trying to use diskutil I thought deleting the Linux partition and resizing the Apple AFS partition everything would work. But sadly after deleting it,the partition with my data on had type FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF on my main bootable drive. Now after restarting my computer I get a black screen followed by GRUB Minimal Bash screen.

After following instructions on Data Not Backed Up, Partition Type: FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF I tried the commands to change my partition type to a normal OS-X partition. After doing that verifyDisk didn't give me any problems but verifying that volume returned

Error: -69845: File system verify or repair failed. 
Underlying error: 8: POSIX reports: Exec format error

These are the photos of $ diskutil list and $ gpt -r show disk0.

I'm not the most knowledgeable when it comes to commands like this so any help is appreciated. I have important data on the disk that I hope is not erased and won't be erased that is not backed up anywhere else.

Best Answer

After looking through more threads I found my own problem. The type for my partition was supposed to be APFS so by using the previous solution with the correct type as in

diskutil umountDisk disk0
gpt remove -i 2 disk0
gpt add -i 2 -b 409640 -s 372637568 -t 7C3457EF-0000-11AA-AA11-00306543ECAC disk0

Now I did come across a problem at first because diskutil verifyVolume disk0s2 gave me Unrecognized file system (-69846) I did not mind it and tried to reboot after NVRAM reset and I was able to boot back to my Macbook as I did before with no loss in data. After that I used the command :

diskutil apfs resizeContainer disk0s2 0

in order to be able to use the memory from erasing my linux partition. Hope this helps someone.

Related Solutions

Partition type FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF, drive unmountable

The volumes could be recovered in a TeamViewer session by searching for special strings similar to the method outlined in this answer: My SATA hardrive was ejected, and is unable to be remounted due to issues.

The assumptions made:

disk3s4 (24.6 GB) and disk3s5 (650 MB) are located at the end of the disk (see diskutil list screenshot of the question - both vanished after destroying the old partition table with sudo gpt destroy /dev/disk3)
disk3s2 (Macintosh) occupies/occupied the whole unallocated disk space (except the 1st Recovery HD) of ~294 GB and is encrypted.

To get the starting block of the first Recovery HD enter (which has to be in the 271 GiB - 274 GiB or ~291 GB - ~295 GB range of the disk)

sudo hexdump -s 271g /dev/disk3 | grep "48 46 53 4a"

(hexdump uses GibiBytes instead of GigaBytes!) which revealed:

447f801400 48 2b 00 04 80 00 21 00 48 46 53 4a 00 00 00 06
447f828a00 48 2b 00 04 80 00 21 00 48 46 53 4a 00 00 00 06
447f840c00 48 2b 00 04 80 00 20 00 48 46 53 4a 00 00 00 06
447f871e00 48 2b 00 04 80 00 21 00 48 46 53 4a 00 00 00 06
...

0x447f801400 is Byte 294196876288 (or block 574603274) of the disk. Since the string HFSJ resides in the third block of a volume, the Recovery HD starts with block 574603272.

The typical output if the previous volume wasn't a FileVault but a normal HFSJ volume would look like this instead:

447f800c00 48 2b 00 04 80 00 20 00 48 46 53 4a 00 00 01 ff
447f801400 48 2b 00 04 80 00 21 00 48 46 53 4a 00 00 00 06
447f828a00 48 2b 00 04 80 00 21 00 48 46 53 4a 00 00 00 06
447f840c00 48 2b 00 04 80 00 20 00 48 46 53 4a 00 00 00 06
447f871e00 48 2b 00 04 80 00 21 00 48 46 53 4a 00 00 00 06
...

The first and second byte number show a difference of 0xc00-0x1400=0x800 or 2048 Bytes because the preceding OS X volume has an alternative volume header in the second last block while FileVault volumes don't have one.

The Recovery HD has a fixed size of 1269536 blocks and it can be added with gpt to the partition table.

sudo gpt add -i 3 -b 574603272 -s 1269536 -t 426F6F74-0000-11AA-AA11-00306543ECAC disk3

Now verify the volume with

diskutil verifyVolume disk3s3

If the partition boundaries and the volume are/is OK you'll get an exit code 0.

In the unallocated disk space between EFI and Recovery HD a CoreStorage partition was added:

sudo gpt add -i 2 -b 409640 -s 574193632 -t 53746F72-6167-11AA-AA11-00306543ECAC disk3

The FileVault password window popped up and the password was entered - so it was added successful probably.

The disk and the volume were verified with:

diskutil verifyDisk disk3
diskutil verifyVolume disk3s2

which both exited with code 0 and all was fine.

Later the FileVault volume was extended to the full size of the disk with:

diskutil cs lvUUID resizeStack 318g #with lvUUID: the Logical Volume UUID of the second CoreStorage container

Partition Repair – How to Fix FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF Partition Type Issues in macOS

To add an answer exactly fitting to your case I slightly modified my answer in the linked "duplicate" and posted it here again.

The second as well as the third partition of your internal disk got the wrong partition type, your data probably won't be lost.

A bootable OS X partition (except the Recovery HD) either has the GUID 48465300-0000-11AA-AA11-00306543ECAC for a standard OS X partition or the GUID 53746F72-6167-11AA-AA11-00306543ECAC for a CoreStorage partition. The FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF is an unknown partition type (but not no partition like the 000000-0000-0000.... one).

The first block of a standard OS X partition doesn't contain non-zeros, the first block of a CoreStorage partition contains some non-zeros. To get the first 3 blocks of a partition you have to use a substitute for hexdump/xxd (both aren't available in Recovery Mode/OS X Installer boot drive). The best I have found is dd if=/dev/diskXsY count=3 | vis -c.

The GUID partition table can be modified with gpt. gpt only writes to the first 34 and the last 33 blocks of a disk(512) or the first 6 and and last 5 blocks of a 4k disk. Modifying the partition table (even falsely) doesn't alter the content of any volume on your disk, if you don't initialize or repair a volume/disk by request. You may verify it though.

Boot to Internet Recovery Mode or an OS X Installer boot drive
Open Terminal in the menubar Utilities > Terminal
Get an overview with diskutil list
Get an overview of your internal disk with the disk identifier found in the previous command. Below I assume the disk identifier of your internal disk is disk0 (replace it with the one you have found in your environment)
```
gpt -r show disk0
```
Unmount disk0 with diskutil umountDisk disk0

vis the first 3 blocks of the FFFF... partition:

dd if=/dev/disk0s2 count=3 | vis -c

If you had a standard partition previously the first 1024 Bytes only contain non-printable (zeros): \0\0... At ~Byte 1030 you will see the following sequence: \0HFSJ\0

If you had a CoreStorage partition some non-zeros in the first 512 Bytes and the string CS (...\0CS\^A...) are shown:

\^U\^D\^A\M-s\M^?\M^?\M^?\M^?\^A\0\^P\0\0\0\M-W\^A\a\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\^B\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\M^Pu\M-\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0CS\^A\0\0\0\^D\0\0\^P\0\0\0\0@\0X\M-7}\^C\0\0\0\0X\M-;}\^C\0\0\0\0X\M-?}\^C\0\0\0\0X\M-C}\^C\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\^P\0\0\0\^B\0\0\0006j v\^R\M-+\^U\M^[\f\M^CdG\M-y\^]...

Now remove the third, the fourth and the second partition:
```
diskutil umountDisk disk0
gpt remove -i 3 disk0
diskutil umountDisk disk0
gpt remove -i 4 disk0
gpt remove -i 2 disk0
```
If you get an error message like "resource busy" just unmount the disk again or unmount stubborn volumes with diskutil umount disk0sX.

Re-add the recovery partition with the proper type but the same index number, start block and size it had previously:
```
gpt add -i 3 -b 227212504 -s 1269536 -t 426F6F74-0000-11AA-AA11-00306543ECAC disk0
```
Re-add the main partition with the proper type but the same index number, start block and size it had previously:

Either a normal OS X partition (if you have found the typical traces of a normal partition in the dd ... vis step):
```
gpt add -i 2 -b 409640 -s 226802864 -t 48465300-0000-11AA-AA11-00306543ECAC disk0
```
or (if you have found the typical traces of a CoreStorage partition):
```
gpt add -i 2 -b 409640 -s 226802864 -t 53746F72-6167-11AA-AA11-00306543ECAC disk0
```

Your disk should finally look like this if you have found a standard OS X partition:

    start       size  index  contents
        0          1         PMBR
        1          1         Pri GPT header
        2         32         Pri GPT table
       34          6         
       40     409600      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
   409640  226802864      2  GPT part - 48465300-0000-11AA-AA11-00306543ECAC
227212504    1269536      3  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC        
228482040    8496103
236978143         32         Sec GPT table
236978175          1         Sec GPT header

or this, if you have found a CoreStorage volume:

    start       size  index  contents
        0          1         PMBR
        1          1         Pri GPT header
        2         32         Pri GPT table
       34          6         
       40     409600      1  GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B
   409640  226802864      2  GPT part - 53746F72-6167-11AA-AA11-00306543ECAC
227212504    1269536      3  GPT part - 426F6F74-0000-11AA-AA11-00306543ECAC        
228482040    8496103
236978143         32         Sec GPT table
236978175          1         Sec GPT header

Finally verify/repair the disk with diskutil verifyDisk disk0 and/or diskutil verifyVolume disk0s2. If a repair is needed use repair (instead of verify) as prefix in the above commands but contact me before repairing it and send me the error message.

Further investigations via TeamViewer sessions revealed that the EFI partition and the Recovery HD partition are corrupted. The main volume is encrypted. The Recovery HD contains a special intermediate FileVault key then. If the key is missing the main system won't boot. It was possible to unlock the drive though with diskutil cs unlockVolume ....

After installing a full macOS to a thumb drive and booting to it, the EFI partition and the Recovery HD of another non-FileVault drive (actually those of a Sierra VM) were dd'ed to the broken drive. Still booted from the thumb drive, the FileVault volume was reverted to a standard volume by right-clicking on the volume in the Finder, choosing "Decrypt volume" and entering a valid user password. This has to be the password of an eligible user account on the FileVault volume. Other methods to decrypt the volume like diskutil cs revert lvUUID or diskutil cs decryptVolume lvUUID - tested in a virtual machine only - didn't seem to work. This might be a restriction of VMs though.

To expand the main partition (disk0s2) to the full size, use Disk Utility or the diskutil resizeVolume ... command.

The volume initially didn't appear in System Preferences > Startup Disk, but alt-booting the Mac unveiled the main volume. This probably re-blessed the volume's boot.efi properly. The (now standard) volume appears in Startup Disk again.

Best Answer

Related Solutions

Partition type FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF, drive unmountable

Partition Repair – How to Fix FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF Partition Type Issues in macOS

Related Question