[dm-crypt] Open raid1 with luks encryption after a raid re-create

Arno Wagner arno at wagner.name
Sun Nov 22 19:15:28 CET 2015

On Sun, Nov 22, 2015 at 16:05:23 CET, Luís Alexandre wrote: 
> On 22-11-2015 12:52, Arno Wagner wrote:
> >Ok, lets repeat that with the full disks and including the full signature
> >
> >hd /dev/sdx | grep "0  4c 55 4b 53 ba be 00 01"
> >
> >with x one of your RAID disks. Do this for both. May take a while.
> >This gives you the alignment as well. The "hd" start of a good
> >luks header and container (header starts at offset 0) looks like
> >this:
> >
> >00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00 |LUKS....aes.....|
> >Only the first 6 bytes are fixed. Bytes 6 and 7 are the version
> >of which there currently is onlyy "0001". This will always be
> >aligned to a 512 byte boundary. Doing it this way has the
> >advantage that you get the offset as well.
> found it in one of the disks:
> 08100000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00
> |LUKS....aes.....|

Ok, you may be in luck and may just have killed the partition 

> Can you tell me how should I proceed now?

If you still do not have that binary backup of the full disk, 
make it now. Seriously. A tiny mistake can kill everything 
permanently at this stage.

Next, we will try to copy this LUKS container to the start 
of a different disk. You need a second disk that is the same 
size or larger as your LUKS container. (A different option would
be to create a partiton at exactly the right spot, but that is
tricky. Copying can also be done with dd, but I find the 
option syntacs rather convoluted. Opter options exist.)

Do this: 

  tail -c +135266305 /dev/sdx > /dev/sdy

with sdx your source and sdy the target (fresh, empty disk). 
This essentially makes a copy shifted 129MB forwards on /dev/sdy. 
May take a long time. (Unfortunately, tail counts from 1, 
hence the argiment is 129MB + 1)

Then try to open the LUKS container on /dev/sdy

  cryptsetup luksOpen /dev/sdy e1

If that works, you can then mount /dev/mapper/e1 and copy your 
data off. If it does not, I may have screwed up the offset.
The LUKS container should be right at the beginning of
/dev/sdy. To just test the header, you can make the copy as above
and interrupt after a few seconds. luksOpen will still work if 
the header is fine. 

While this may seem a lot of effort, remember that you are very 
close to a complete, unrecoverable loss of your data. I would
advise you not to cut corners and in particular make that 
full disk binary backup before you do anything else. 


> (the other is still being searched: the first one took a few
> seconds, this one is now over 1 hour search)
> Many thanks,
> Luis
> >Regards,
> >Arno
> >
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

More information about the dm-crypt mailing list