From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (ns.km31936-01.keymachine.de [87.118.116.4]) by mail.server123.net (Postfix) with ESMTP for ; Sun, 22 Nov 2015 19:15:29 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-54-224.dclient.hispeed.ch [77.57.54.224]) by v6.tansi.org (Postfix) with ESMTPA id 49EEF20DC13E for ; Sun, 22 Nov 2015 19:15:29 +0100 (CET) Date: Sun, 22 Nov 2015 19:15:28 +0100 From: Arno Wagner Message-ID: <20151122181528.GA7481@tansi.org> References: <20151121184914.GA28647@tansi.org> <5651B1CF.7090306@sapo.pt> <20151122125233.GA4802@tansi.org> <5651D9B3.6000500@sapo.pt> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <5651D9B3.6000500@sapo.pt> Subject: Re: [dm-crypt] Open raid1 with luks encryption after a raid re-create List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sun, Nov 22, 2015 at 16:05:23 CET, Lu=EDs Alexandre wrote:=20 > On 22-11-2015 12:52, Arno Wagner wrote: > >Ok, lets repeat that with the full disks and including the full signature > > > >hd /dev/sdx | grep "0 4c 55 4b 53 ba be 00 01" > > > >with x one of your RAID disks. Do this for both. May take a while. > >This gives you the alignment as well. The "hd" start of a good > >luks header and container (header starts at offset 0) looks like > >this: > > > >00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.= ....| > >Only the first 6 bytes are fixed. Bytes 6 and 7 are the version > >of which there currently is onlyy "0001". This will always be > >aligned to a 512 byte boundary. Doing it this way has the > >advantage that you get the offset as well. >=20 > found it in one of the disks: > 08100000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 > |LUKS....aes.....| >=20 Ok, you may be in luck and may just have killed the partition=20 table. > Can you tell me how should I proceed now? If you still do not have that binary backup of the full disk,=20 make it now. Seriously. A tiny mistake can kill everything=20 permanently at this stage. Next, we will try to copy this LUKS container to the start=20 of a different disk. You need a second disk that is the same=20 size or larger as your LUKS container. (A different option would be to create a partiton at exactly the right spot, but that is tricky. Copying can also be done with dd, but I find the=20 option syntacs rather convoluted. Opter options exist.) Do this:=20 tail -c +135266305 /dev/sdx > /dev/sdy with sdx your source and sdy the target (fresh, empty disk).=20 This essentially makes a copy shifted 129MB forwards on /dev/sdy.=20 May take a long time. (Unfortunately, tail counts from 1,=20 hence the argiment is 129MB + 1) Then try to open the LUKS container on /dev/sdy cryptsetup luksOpen /dev/sdy e1 If that works, you can then mount /dev/mapper/e1 and copy your=20 data off. If it does not, I may have screwed up the offset. The LUKS container should be right at the beginning of /dev/sdy. To just test the header, you can make the copy as above and interrupt after a few seconds. luksOpen will still work if=20 the header is fine.=20 While this may seem a lot of effort, remember that you are very=20 close to a complete, unrecoverable loss of your data. I would advise you not to cut corners and in particular make that=20 full disk binary backup before you do anything else.=20 Regards, Arno > (the other is still being searched: the first one took a few > seconds, this one is now over 1 hour search) >=20 > Many thanks, > Luis >=20 > >Regards, > >Arno > > >=20 > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt --=20 Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of=20 "news" is "something that hardly ever happens." -- Bruce Schneier