[dm-crypt] Restore a LUKS partition

[dm-crypt] Restore a LUKS partition

[Michael Grosseck]

Hello,

I created a luks partition for a long time with Ubuntu 10.04. Most 
likely I used following command to create it.

# cryptsetup -c blowfish-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda6

In the meantime I changed the distro to Linux Mint 13.
Now I tried to open it, but I get an error. Also if I try to dump the 
header information.

$ sudo cryptsetup luksDump -vc blowfish-cbc-essiv:sha256 /dev/sda6
Device /dev/sda6 is not a valid LUKS device.
Command failed with code 22: Device /dev/sda6 is not a valid LUKS device.

I was not sure if the drive is a LUKS device at all and I have read in 
another forum I should search for LUKS, what I did.

$ sudo dd if=/dev/sda6 | grep -a -b LUKS
0:�������?\x111�U�LUKS��\x01blowfishcbc-essiv:sha256sh 
E���\x17���֬�y[8�@��/�\x06ā\x04�]1b(�?K \x1c�uP�Xb6'\x18��C��
362478668:rC�+9���\\x01D�#�8*\x12tfoye�/�34ڛ�OCI\x1f[��\x19�5���E\x15!U�3_B\x02��%�\x11rLUKS�\x01$i}�H�[g>�rw̋��G�O 
�����6��>�b�\x02�s��e$�tɞV

So indeed it seems a LUKS device, but the header is somehow corrupt.

Now I tried to make a plain mapping what unexpected really works. But 
the joy was short. I can not mount the mapped device.

$ sudo cryptsetup create -c blowfish-cbc-essiv:sha256 -s 256 crypt /dev/sda6
Enter passphrase:
$ sudo mount /dev/mapper/crypt /home/crypt/
mount: you must specify the filesystem type
$ sudo mount -t ext3 /dev/mapper/crypt /home/crypt/
mount: wrong fs type, bad option, bad superblock on /dev/mapper/crypt,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

Now my question. Is there a little hope to restore the LUKS header or at 
least to read the content of this partition somehow?

Thanks for your help

Michael

Re: [dm-crypt] Restore a LUKS partition

[Arno Wagner]

On Thu, Nov 21, 2013 at 02:25:16 CET, Michael Grosseck wrote:
> Hello,
> 
> I created a luks partition for a long time with Ubuntu 10.04. Most
> likely I used following command to create it.
> 
> # cryptsetup -c blowfish-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda6
> 
> In the meantime I changed the distro to Linux Mint 13.
> Now I tried to open it, but I get an error. Also if I try to dump
> the header information.
> 
> $ sudo cryptsetup luksDump -vc blowfish-cbc-essiv:sha256 /dev/sda6
> Device /dev/sda6 is not a valid LUKS device.
> Command failed with code 22: Device /dev/sda6 is not a valid LUKS device.

Use cryptsetup -v isLuks to find whether it is a LUKS container,
no other parameters.

> I was not sure if the drive is a LUKS device at all and I have read
> in another forum I should search for LUKS, what I did.
> 
> $ sudo dd if=/dev/sda6 | grep -a -b LUKS
> 0:�������?\x111�U�LUKS��\x01blowfishcbc-essiv:sha256sh
> E���\x17���֬�y[8�@��/�\x06ā\x04�]1b(�?K \x1c�uP�Xb6'\x18��C��
> 362478668:rC�+9���\\x01D�#�8*\x12tfoye�/�34ڛ�OCI\x1f[��\x19�5���E\x15!U�3_B\x02��%�\x11rLUKS�\x01$i}�H�[g>�rw̋��G�O
> �����6��>�b�\x02�s��e$�tɞV

That is not the way to search. Better post what
  hd /dev/sda6 | head 
gives you. 
 
> So indeed it seems a LUKS device, but the header is somehow corrupt.
> 
> Now I tried to make a plain mapping what unexpected really works.
> But the joy was short. I can not mount the mapped device.

You can always create a plain mapping, there is no error checking
as a plain device has no header.

> $ sudo cryptsetup create -c blowfish-cbc-essiv:sha256 -s 256 crypt /dev/sda6
> Enter passphrase:
> $ sudo mount /dev/mapper/crypt /home/crypt/
> mount: you must specify the filesystem type
> $ sudo mount -t ext3 /dev/mapper/crypt /home/crypt/
> mount: wrong fs type, bad option, bad superblock on /dev/mapper/crypt,
> missing codepage or helper program, or other error
> In some cases useful info is found in syslog - try
> dmesg | tail or so
> 
> Now my question. Is there a little hope to restore the LUKS header
> or at least to read the content of this partition somehow?

Completely unclear at this time. 
 
Arno

> Thanks for your help
> 
> Michael
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] Restore a LUKS partition

[Michael Grosseck]

On 21.11.2013 02:57, Arno Wagner wrote:
> hd /dev/sda6 | head
thanks Arno for your reply, the command above gives me this output:

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 
|................|
*
000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 ef 
|................|
000001c0  ff ff 83 ef ff ff 3f 00  00 00 11 31 9c 00 00 00 
|......?....1....|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 
|................|
*
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa 
|..............U.|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 
|................|
*
00007e00  4c 55 4b 53 ba be 00 01  62 6c 6f 77 66 69 73 68 
|LUKS....blowfish|

Re: [dm-crypt] Restore a LUKS partition

[Arno Wagner]

Ok, whatever happened, /dev/sda6 is not a LUKS device. There 
is one hidden in there at offset 0x7e00 = 32256 though.
Looks like there was some LVM or other wrapper around it,

The crypsetup man page comments on this sutuation as follows:
"But note that when the LUKS header is at a nonzero offset 
 in a device, then  the  device  is  not  a LUKS device 
 anymore, but has a LUKS container stored in it at an offset."

I am not sure how to access this. Maybe something like
  losetup -o 32256 /dev/loop0 /dev/sda6
would work. If 
  cryptsetup -v isLuks /dev/loop0
woeks afterwards, than you might acces the container
this way. Also note that for LUKS you do not need
to specify cipher or hash (except when formating) as
they are stored in the LUKS header.

Arno



On Thu, Nov 21, 2013 at 09:11:49 CET, Michael Grosseck wrote:
> On 21.11.2013 02:57, Arno Wagner wrote:
> >hd /dev/sda6 | head
> thanks Arno for your reply, the command above gives me this output:
> 
> 00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
> |................|
> *
> 000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 ef
> |................|
> 000001c0  ff ff 83 ef ff ff 3f 00  00 00 11 31 9c 00 00 00
> |......?....1....|
> 000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
> |................|
> *
> 000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa
> |..............U.|
> 00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
> |................|
> *
> 00007e00  4c 55 4b 53 ba be 00 01  62 6c 6f 77 66 69 73 68
> |LUKS....blowfish|
> 
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] Restore a LUKS partition

[Robert Nichols]

On 11/21/2013 02:11 AM, Michael Grosseck wrote:
> On 21.11.2013 02:57, Arno Wagner wrote:
>> hd /dev/sda6 | head
> thanks Arno for your reply, the command above gives me this output:
>
> 00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
> *
> 000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 ef |................|
> 000001c0  ff ff 83 ef ff ff 3f 00  00 00 11 31 9c 00 00 00 |......?....1....|
> 000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
> *
> 000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa |..............U.|
> 00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
> *
> 00007e00  4c 55 4b 53 ba be 00 01  62 6c 6f 77 66 69 73 68 |LUKS....blowfish|

For some reason /dev/sda6 starts with a partition table and looks like
a correctly partitioned whole disk. Did you perhaps use dd to copy an
image of an entire disk onto your current /dev/sda6?

Anyway, if you just want to get access to copy the data elsewhere, you
can do this (as root):

        losetup -o $((0x7e00)) -f --show /dev/sda6

That will display the name of the loop device it used, probably /dev/loop0.
You can then use cryptsetup to unlock /dev/loop0, and all your data should
be there.  You will want to run "losetup -d /dev/loop0" to release the loop
device after you've done a luksClose.

(AFAIK, cryptsetup does not support the "--offset" option for luksOpen.
  That would have been a lot simpler.)

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

Re: [dm-crypt] Restore a LUKS partition

[Michael Grosseck]

thanks Arno, thanks Robert.
You are my heroes of the day. I have no glue why the LUKS device is in 
an container, but your trick is working and I can access the device.

Michael

Re: [dm-crypt] Restore a LUKS partition

[Arno Wagner]

Very good!

Arno

On Thu, Nov 21, 2013 at 22:53:37 CET, Michael Grosseck wrote:
> thanks Arno, thanks Robert.
> You are my heroes of the day. I have no glue why the LUKS device is
> in an container, but your trick is working and I can access the
> device.
> 
> Michael
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

Re: [dm-crypt] Restore a LUKS partition

[Arno Wagner]

On Thu, Nov 21, 2013 at 17:19:58 CET, Robert Nichols wrote:
> On 11/21/2013 02:11 AM, Michael Grosseck wrote:
> >On 21.11.2013 02:57, Arno Wagner wrote:
> >>hd /dev/sda6 | head
> >thanks Arno for your reply, the command above gives me this output:
> >
> >00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
> >*
> >000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 ef |................|
> >000001c0  ff ff 83 ef ff ff 3f 00  00 00 11 31 9c 00 00 00 |......?....1....|
> >000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
> >*
> >000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa |..............U.|
> >00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 |................|
> >*
> >00007e00  4c 55 4b 53 ba be 00 01  62 6c 6f 77 66 69 73 68 |LUKS....blowfish|
> 
> For some reason /dev/sda6 starts with a partition table and looks like
> a correctly partitioned whole disk. Did you perhaps use dd to copy an
> image of an entire disk onto your current /dev/sda6?

Ah, yes, looks like it. The 0x55aa is typical.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare