From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sun, 30 Apr 2017 20:39:23 +0200 (CEST)
Received: from gatewagner.dyndns.org (77-56-144-126.dclient.hispeed.ch
 [77.56.144.126]) by v1.tansi.org (Postfix) with ESMTPA id 96E3A1401D4
 for <dm-crypt@saout.de>; Sun, 30 Apr 2017 20:39:15 +0200 (CEST)
Date: Sun, 30 Apr 2017 20:39:21 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20170430183920.GA5499@tansi.org>
References: <a6e54426-5188-d4c7-ee7b-6f022b84bf22@depressiverobots.com>
 <f11f16b9-bbcd-4484-bc4b-403d25dc00b5@depressiverobots.com>
 <20170422002548.GA23882@tansi.org> <odfm32$fpm$1@blaine.gmane.org>
 <20170422134557.GB1425@tansi.org>
 <56144922-1d2e-b97c-3a5b-d7a952c84950@depressiverobots.com>
 <6bbee653-87c7-7145-82fe-785ab6fafece@depressiverobots.com>
 <8e8525dc-4620-f4ea-5e70-423c310799a9@depressiverobots.com>
 <a8f28f00-6bac-5d7a-1d7a-003f78bc6e21@depressiverobots.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a8f28f00-6bac-5d7a-1d7a-003f78bc6e21@depressiverobots.com>
Subject: Re: [dm-crypt] LUKS header recovery attempt,
 bruteforce detection of AF-keyslot bit errors
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Sun, Apr 30, 2017 at 17:06:57 CEST, protagonist wrote:
> As a short update, I can confirm that when run with the default options,
> pvcreate initializes the first 512 bytes of the LVM header block with
> 0x00, similarly to ext4, creating excellent known plaintext that is easy
> to spot during debugging of decryption routines.
> 
> This is documented in the manpage of pvcreate:
> "-Z, --zero {y|n}
> Whether or not the first 4 sectors (2048 bytes) of the device should be
> wiped. If this option is not given, the default is to wipe these sectors
> unless either or both of the --restorefile or --uuid options were
> specified."  https://linux.die.net/man/8/pvcreate
> 
> My current memcmp of the first 512 bytes therefore works just as well on
> LVM as on ext4 and has managed to find a bit flip on a deliberately
> corrupted key slot.
> 
> However, this is bad news for my ultimate target of recovering the
> actual master key of the SSD in question, as it seems my previous
> 1-error checks have been unsuccessful, but valid.

Still impressive work. But it was a 10% thing at best.

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier