[dm-crypt] Restore LUKS partition
gmazyland at gmail.com
Thu Dec 15 23:10:39 CET 2016
On 12/15/2016 09:36 PM, Oskar Jauch wrote:
> I've accidentally overwritten the first 1.1 GB of my external hard drive
> with dd. As far as I remember the drive contained two partitions from
> which one was encrypted with LUKS. I'm not sure if the encrypted one was
> the first or the second one...
> I dumped the hole disc with ddrescue.
> I was able to extract the following from my laptop:
> luks-afe73a24-e4ab-4d49-90b9-119da11bc7c6: 0 5860526990 crypt
> aes-xts-plain64 [key (don't want to share it in this mail)] 0 8:17 4096
8:17 should be reference to /dev/sdb1
So bad thing is that if the first partition was overwritten, you probably
lost most of it. Even if it is properly decrypted, it will be very hard
to recover anything (you will see garbage in the area that have been
The good thing is that the table above (if it is the proper one),
contains volume encryption key and it should allow map it even
without lost LUKS header.
You will also need first partition (sdb1) offset.
If the mapping is still active on your pc, you should
see the offset through "cat /sys/block/sdb/sdb1/start" because
the sdb1 device in-kernel is still in use.
(The default is 2048 sectors but it can be also old alignment
or some other value.)
Once you have that, you should be able to map the encrypted device.
The last number in your table (4096 - size of LUKS header) is the device offset,
you must add recovered partition offset to it. Then you can map the device using
losetup and dmsetup, something like
dmsetup create <name> --table "..."
Replace 8:17 with path to your image (if it is file, you must use losetup
to map it to block device) and properly update offset.
More info to format - https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
> Is there any possibility to restore anything of the encrypted data?
> Thank you in advance!
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt