Re: [dm-crypt] Another corrupt luks header thread

[Arno Wagner <arno@wagner.name>]

Please have a look at the FAQ. Several topics relevant to
your problem are covered there, including how to backup
and restore a LUKS header.

Arno


On Tue, Jan 18, 2011 at 04:38:24PM +0100, Viktor Ekmark wrote:
> Hello everyone,
>
> My lvm and luks header went corrupt last week because of a naive user  
> and a possible faulty hw-raid controller. I believe the rest of the data  
> is intact and I have an old luksDump from when I first created the 
> volume.
>
> The volume had one large LV, which was then encrypted with luks. I have  
> other volumes with the same layout to compare with.
>
> Since the lvm is also corrupt, I can only inspect the volume without the  
> LV device. All data seems intact after 0x31000. After comparing the  
> corrupt volume with a intact volume, I've noticed they both begin data  
> at that position and the position inside the LV device is 0x1000.
>
> I'm missing something like this inside the LV (taken from one of my  
> intact LV devices:
> 00000000   4C 55 4B 53  BA BE 00 01  61 65 73 00  00 00 00 00  00 00 00  
> 00  LUKS....aes.........
> 00000014   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000028   78 74 73 2D  70 6C 61 69  6E 00 00 00  00 00 00 00  00 00 00  
> 00  xts-plain...........
> 0000003C   00 00 00 00  00 00 00 00  00 00 00 00  73 68 61 31  00 00 00  
> 00  ............sha1....
> 00000050   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000064   00 00 00 00  00 00 08 08  00 00 00 20  F4 8A 16 39  E5 12 8A  
> BA  ........... ...9....
> 00000078   9B FC D5 B5  C8 BB 2B 13  7B 76 BF 35  55 D5 80 2E  A8 0B 1F  
> 66  ......+.{v.5U......f
> 0000008C   0A 07 F3 C1  81 CA FC 46  BB D6 13 F5  FB 12 81 C5  DA 57 6F  
> 94  .......F.........Wo.
> 000000A0   04 B5 B9 CA  00 00 00 0A  66 61 32 32  38 64 63 66  2D 31 34  
> 35  ........fa228dcf-145
> 000000B4   65 2D 34 38  35 32 2D 38  65 37 33 2D  39 30 38 35  62 37 61  
> 33  e-4852-8e73-9085b7a3
> 000000C8   39 38 33 65  00 00 00 00  00 AC 71 F3  00 03 A7 03  6E 67 02  
> 8D  983e......q.....ng..
> 000000DC   96 F6 1A B2  36 31 5D 51  4B E1 3A 4C  84 23 D6 41  A5 1F EC  
> 51  ....61]QK.:L.#.A...Q
> 000000F0   AB DF F5 4D  B4 CD 8C E6  00 00 00 08  00 00 0F A0  00 00 DE  
> AD  ...M................
> 00000104   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000118   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 01  
> 08  ....................
> 0000012C   00 00 0F A0  00 00 DE AD  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000140   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000154   00 00 00 00  00 00 02 08  00 00 0F A0  00 00 DE AD  00 00 00  
> 00  ....................
> 00000168   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 0000017C   00 00 00 00  00 00 00 00  00 00 00 00  00 00 03 08  00 00 0F  
> A0  ....................
> 00000190   00 00 DE AD  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 000001A4   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 000001B8   00 00 04 08  00 00 0F A0  00 00 DE AD  00 00 00 00  00 00 00  
> 00  ....................
> 000001CC   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 000001E0   00 00 00 00  00 00 00 00  00 00 05 08  00 00 0F A0  00 00 DE  
> AD  ....................
> 000001F4   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000208   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 06  
> 08  ....................
> 0000021C   00 00 0F A0  00 00 DE AD  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000230   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00  
> 00  ....................
> 00000244   00 00 00 00  00 00 07 08  00 00 0F A0  00 00 00 00  00 00 00  
> 00  ....................
>
> Old luksDump from my corrupt LV:
>
> LUKS header information for /dev/mapper/lv02a-lv02a
>
> Version:           1
> Cipher name:       aes
> Cipher mode:       xts-plain
> Hash spec:         sha1
> Payload offset:    2056
> MK bits:           256
> MK digest:         d4 38 70 47 0d 20 72 42 0e 04 97 94 e8 56 59 1f f9 6f  
> ec 1c
> MK salt:           c6 63 93 f7 67 6b b9 d9 dd a0 5e 7a 46 6f 2e b7
>                    d2 43 63 db 88 1b c7 aa 3b c9 41 2c dd 5c be 58
> MK iterations:     10
> UUID:              b81d8995-33b3-48a8-b1e1-1c0d0c237974
>
> Key Slot 0: ENABLED
>     Iterations:             162621
>     Salt:                   44 cc 3d 3b 6d e1 34 9b 83 e0 b5 e2 0b e1 f0 4d
>                               a3 c6 1e 11 fa c1 6f ab a6 61 04 7d e9 17  
> b9 20
>     Key material offset:    8
>     AF stripes:                4000
> Key Slot 1: DISABLED
> Key Slot 2: DISABLED
> Key Slot 3: DISABLED
> Key Slot 4: DISABLED
> Key Slot 5: DISABLED
> Key Slot 6: DISABLED
> Key Slot 7: DISABLED
>
> I believe the lvm can be easily restored from backups in  
> /etc/lvm/backup, so the remaining problem is the luks header.
>
> Is it possible to restore the LUKS header? If so, how should I proceed?  
> I would appreciate any help with this.
>
> If not, is it possible to recover any data on the volume?
>
> Viktor
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier