[dm-crypt] Yet another header reconstruction question

Arno Wagner arno at wagner.name
Mon Feb 15 18:04:24 CET 2016


Please re-send as non-HTML. Thanks.

Arno

On Mon, Feb 15, 2016 at 17:07:35 CET, Florian Dotzer wrote:
> <html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Dear Readers of the List .</div>
> 
> <div> </div>
> 
> <div>I had a encrypted RAID 5on my QNAP Device  in /dev/md0.</div>
> 
> <div> </div>
> 
> <div>It worked without any problems for about 6 years . But space went low and desaster began.</div>
> 
> <div>After adding a disk , mdadm had overwritten the header (block device /dev/md0 ) like this :</div>
> 
> <div> </div>
> 
> <div><span style="font-family: courier new , courier , monospace;">6d 64 61 64 6d 3a 20 61 64 64 65 64 20 2f 64 65  mdadm: added /de</span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;">76 2f 73 64 63 33 0a 00 00 00 00 00 00 00 00 00  v/sdc3.......... </span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;">00 00 00 00 00 00 00 00 <strong>63 62 63 2d 70 6c 61 69</strong>  ........cbc-plai </span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;"><strong>6e </strong>00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  n............... </span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;">00 00 00 00 00 00 00 00 <strong>73 68 61 31</strong> 00 00 00 00  ........sha1.... </span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ </span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;">00 00 00 00 00 00 00 00 00 00 <strong>08 08</strong> 00 00 00 <strong>20</strong>  ............... </span></div>
> 
> <div><span style="font-family: courier new , courier , monospace;">bc 31 80 6d da a4 f0 5c ed 9f 24 96 fc 1b 72 6a </span></div>
> 
> <div> </div>
> 
> <div>According to the documentation on-disk-format ,</div>
> 
> <div>magic (LUKS 0xba 0x be )  , version and cipher name seem to be overwritten.</div>
> 
> <div> </div>
> 
> <div>I'd like to know the possible versions ( 00 01 ? ) and cipher names </div>
> 
> <div>(aes ?) in order to be able to reconstruct the header (fingers crossed )</div>
> 
> <div> </div>
> 
> <div>user support from vendor QNAP tried an hour claiming 'fs super block could not be found'</div>
> 
> <div>and finally redirected me to 'commercial $$$upport' . </div>
> 
> <div> </div>
> 
> <div>QNAP advertised my Box with 'Disks can be AES-encrypted with 256 bit " so</div>
> 
> <div>I suspect its something related with aes .</div>
> 
> <div> </div>
> 
> <div>(And no , I had no header backup, Ahhh !)</div>
> 
> <div> </div>
> 
> <div>Any helpful reply is welcome . And yes , I will make backups in the future . ;-))</div>
> 
> <div> </div>
> 
> <div>Greetings , Florian</div></div></body></html>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list