[dm-crypt] some ideas for recovery?

Milan Broz mbroz at redhat.com
Thu Aug 25 15:49:23 CEST 2011


On 08/25/2011 02:55 PM, Ralf wrote:
> Depending on the fact that the first 64k look random and the 2nd 64k are the 
> luks header - I just tried to swapt block1 and block2:

64k is not enough, you need to copy the whole luks header including keyslots,

> Payload offset:	4040

so you need at least 512 * 4040 bytes of header, do not skip any data, just
dd the whole area + some more so there is some data and try luksOpen.

> Would it even be enough to have 99*64k behind the luks header to decrypt the FS? 

to verify that passphrase works it should be, see above

> Or what exact blocks would it need to for the IV calculations or decryption?
> Is there a way to randomly try to decrypt specific blocks using the luksheader + 
> my well known password to check if it works or not?

passphrase just unlocks keyslot and you need decrypt master key from keyslot,
if the keyslot is corrupted, there is no way to recover it.
(or you need binary backup of header or master key dump to recover)

> Can you explain why my luks header is at offset 64k and why it may reject my 
> password on the offsetted loopback device?

LUKS/cryptsetup never writes header to such offset, LUKS always starts
at 0 offset. It seems like some mdadm/MD problem (64k is usually MD chunk size).

You should check that keyslot area is not damaged (you have only one keyslot active,
starting at sector 8 to sector 512 (iow 0x1000 - 0x40000 - if I am not mistaken).
There should be "ranadom data", any non-random sequence in this aread means that
it was overwritten.

Milan

p.s.
for more info see
http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery


More information about the dm-crypt mailing list