[dm-crypt] Restore LUKS partition

Arno Wagner arno at wagner.name
Thu Dec 15 23:31:52 CET 2016


Just to add, FAQ Item 6.10 explains how to create a new
LUKS header with the recovered master key in it. That
is probably the most simple option as soon as you have 
recreated the partition.

Arno

On Thu, Dec 15, 2016 at 23:10:39 CET, Milan Broz wrote:
> On 12/15/2016 09:36 PM, Oskar Jauch wrote:
> > Hi,
> > 
> > I've accidentally overwritten the first 1.1 GB of my external hard drive
> > with dd. As far as I remember the drive contained two partitions from
> > which one was encrypted with LUKS. I'm not sure if the encrypted one was
> > the first or the second one...
> > 
> > I dumped the hole disc with ddrescue.
> > 
> > I was able to extract the following from my laptop:
> > 
> > luks-afe73a24-e4ab-4d49-90b9-119da11bc7c6: 0 5860526990 crypt
> > aes-xts-plain64 [key (don't want to share it in this mail)] 0 8:17 4096
> 
> 8:17 should be reference to /dev/sdb1
> 
> So bad thing is that if the first partition was overwritten, you probably
> lost most of it. Even if it is properly decrypted, it will be very hard
> to recover anything (you will see garbage in the area that have been
> overwritten).
> 
> The good thing is that the table above (if it is the proper one),
> contains volume encryption key and it should allow map it even
> without lost LUKS header.
> 
> You will also need first partition (sdb1) offset.
> If the mapping is still active on your pc, you should
> see the offset through "cat /sys/block/sdb/sdb1/start" because
> the sdb1 device in-kernel is still in use.
> (The default is 2048 sectors but it can be also old alignment
> or some other value.)
> 
> Once you have that, you should be able to map the encrypted device.
> 
> The last number in your table (4096 - size of LUKS header) is the device offset,
> you must add recovered partition offset to it. Then you can map the device using
> losetup and dmsetup, something like
> 
> dmsetup create <name> --table "..."
> 
> Replace 8:17 with path to your image (if it is file, you must use losetup
> to map it to block device) and properly update offset.
> More info to format - https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
> 
> Milan
> 
> 
> > 
> > Is there any possibility to restore anything of the encrypted data?
> > 
> > Thank you in advance!
> > 
> > Oskar
> > 
> > 
> > 
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> > 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list