[dm-crypt] Problem recovering encrypted partitions

Arno Wagner arno at wagner.name
Sat Jan 14 22:17:22 CET 2012


Hi Luis,

first thing is to check that the LUKS headers are still there:

  cryptsetup isLuks <device>

If that succeeds, you can still manually map the LUKS containers
and mount the filesystems inside (best only as "ro", i.e. 
read-only) to get your data off.  LUKS and the filesystems
actually do not care about the partitioning (well, the
filesystems care about it but only on creation). Your
partitioning is shot to hell though, so after you rescue your
data, you should at the very least remove sda6/7/8 and recreate
them (with fsidk or cfsisk).  This may or may not repair the damage.  
To be on the safe side, I would recommend you to with the whole 
installation and recreate it from backup.

If the isLuks test fails, then there are several options,
making an image before running testdisk was definitely the 
right thing to do. One option will be to seach the LUKS
headers and map them with offset (no partitions needed
for that).

Arno


On Sat, Jan 14, 2012 at 08:40:19PM +0000, Luis P. Mendes wrote:
> Hi,
> 
> Maybe you can help me on this.
> 
> My problem started when I booted my laptop with an OpenBSD CD that I
> was trying to install to a SD card. OpenBSD installer didn't detect my
> SD card, but went to partition my disk (/dev/sda).
> I didnt' confirm any change to the partition table of my disk but the
> installer changed the partition table of /dev/sda and I lost the
> configuration.
> As I didn't have a backup for the MBR of /dev/sda, I used testdisk
> http://www.cgsecurity.org/ and recovered the structure of the disk.
> 
> Right now, fdisk reports:
> # fdisk -l /dev/sda
> 
> Disk /dev/sda: 320.1 GB, 320072933376 bytes
> 255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors
> Units = sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disk identifier: 0x4483617d
> 
> Device Boot Start End Blocks Id System
> /dev/sda1 63 16064 8001 83 Linux
> /dev/sda2 * 81915435 112631714 15358140 83 Linux
> /dev/sda3 112631715 259080254 73224270 f W95 Ext'd (LBA)
> /dev/sda5 112631778 115700129 1534176 82 Linux swap
> /dev/sda6 115700193 115716194 8001 83 Linux
> /dev/sda7 259064253 259080254 8001 83 Linux
> 
> and cfdisk reports:
> cfdisk (util-linux 2.19)
> 
> Disk Drive: /dev/sda
> Size: 320072933376 bytes, 320.0 GB
> Heads: 255 Sectors per Track: 63 Cylinders: 38913
> 
> Name Flags Part Type FS Type [Label] Size (MB)
> --------------------------------------------------------------------------
> sda1 Primary crypto_LUKS 8.23
> Primary Free Space 41932.48
> sda2 Boot Primary ext3 15726.74
> sda5 Logical Linux swap 1571.03
> sda6 Logical crypto_LUKS 8.23
> Logical Free Space 73394.18
> sda7 Logical crypto_LUKS 8.23
> Pri/Log Free Space 187423.85*
> 
> 
> I can boot the machine (/dev/sda2) but the encrypted partitions are
> not available: /home (/dev/sda6), /opt (/dev/sda7) and /mnt/cr1
> (/dev/sda1).
> 
> As you can see, for each of the three encrypted partitions, testdisk
> recovered the partition as having only circa 8MB and left the rest of
> the original partition as 'Free Space'.
> 
> What can I do to have each one of these partitions consider all the
> 'Free Space" next to them as belonging to them?
> 
> As a note, I did a 'dd' of the whole disk before using testdisk to a file.
> 
> Luis
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list