[dm-crypt] Another corrupt luks header thread

Viktor Ekmark viktor at ekmark.se
Tue Jan 18 16:38:24 CET 2011


Hello everyone,

My lvm and luks header went corrupt last week because of a naive user 
and a possible faulty hw-raid controller. I believe the rest of the data 
is intact and I have an old luksDump from when I first created the volume.

The volume had one large LV, which was then encrypted with luks. I have 
other volumes with the same layout to compare with.

Since the lvm is also corrupt, I can only inspect the volume without the 
LV device. All data seems intact after 0x31000. After comparing the 
corrupt volume with a intact volume, I've noticed they both begin data 
at that position and the position inside the LV device is 0x1000.

I'm missing something like this inside the LV (taken from one of my 
intact LV devices:
00000000   4C 55 4B 53  BA BE 00 01  61 65 73 00  00 00 00 00  00 00 00 
00  LUKS....aes.........
00000014   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000028   78 74 73 2D  70 6C 61 69  6E 00 00 00  00 00 00 00  00 00 00 
00  xts-plain...........
0000003C   00 00 00 00  00 00 00 00  00 00 00 00  73 68 61 31  00 00 00 
00  ............sha1....
00000050   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000064   00 00 00 00  00 00 08 08  00 00 00 20  F4 8A 16 39  E5 12 8A 
BA  ........... ...9....
00000078   9B FC D5 B5  C8 BB 2B 13  7B 76 BF 35  55 D5 80 2E  A8 0B 1F 
66  ......+.{v.5U......f
0000008C   0A 07 F3 C1  81 CA FC 46  BB D6 13 F5  FB 12 81 C5  DA 57 6F 
94  .......F.........Wo.
000000A0   04 B5 B9 CA  00 00 00 0A  66 61 32 32  38 64 63 66  2D 31 34 
35  ........fa228dcf-145
000000B4   65 2D 34 38  35 32 2D 38  65 37 33 2D  39 30 38 35  62 37 61 
33  e-4852-8e73-9085b7a3
000000C8   39 38 33 65  00 00 00 00  00 AC 71 F3  00 03 A7 03  6E 67 02 
8D  983e......q.....ng..
000000DC   96 F6 1A B2  36 31 5D 51  4B E1 3A 4C  84 23 D6 41  A5 1F EC 
51  ....61]QK.:L.#.A...Q
000000F0   AB DF F5 4D  B4 CD 8C E6  00 00 00 08  00 00 0F A0  00 00 DE 
AD  ...M................
00000104   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000118   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 01 
08  ....................
0000012C   00 00 0F A0  00 00 DE AD  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000140   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000154   00 00 00 00  00 00 02 08  00 00 0F A0  00 00 DE AD  00 00 00 
00  ....................
00000168   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
0000017C   00 00 00 00  00 00 00 00  00 00 00 00  00 00 03 08  00 00 0F 
A0  ....................
00000190   00 00 DE AD  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
000001A4   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
000001B8   00 00 04 08  00 00 0F A0  00 00 DE AD  00 00 00 00  00 00 00 
00  ....................
000001CC   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
000001E0   00 00 00 00  00 00 00 00  00 00 05 08  00 00 0F A0  00 00 DE 
AD  ....................
000001F4   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000208   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 06 
08  ....................
0000021C   00 00 0F A0  00 00 DE AD  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000230   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 
00  ....................
00000244   00 00 00 00  00 00 07 08  00 00 0F A0  00 00 00 00  00 00 00 
00  ....................

Old luksDump from my corrupt LV:

LUKS header information for /dev/mapper/lv02a-lv02a

Version:           1
Cipher name:       aes
Cipher mode:       xts-plain
Hash spec:         sha1
Payload offset:    2056
MK bits:           256
MK digest:         d4 38 70 47 0d 20 72 42 0e 04 97 94 e8 56 59 1f f9 6f 
ec 1c
MK salt:           c6 63 93 f7 67 6b b9 d9 dd a0 5e 7a 46 6f 2e b7
                    d2 43 63 db 88 1b c7 aa 3b c9 41 2c dd 5c be 58
MK iterations:     10
UUID:              b81d8995-33b3-48a8-b1e1-1c0d0c237974

Key Slot 0: ENABLED
     Iterations:             162621
     Salt:                   44 cc 3d 3b 6d e1 34 9b 83 e0 b5 e2 0b e1 f0 4d
                               a3 c6 1e 11 fa c1 6f ab a6 61 04 7d e9 17 
b9 20
     Key material offset:    8
     AF stripes:                4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

I believe the lvm can be easily restored from backups in 
/etc/lvm/backup, so the remaining problem is the luks header.

Is it possible to restore the LUKS header? If so, how should I proceed? 
I would appreciate any help with this.

If not, is it possible to recover any data on the volume?

Viktor


More information about the dm-crypt mailing list