[dm-crypt] LVM on LUKS: volumes missing
fauno at partidopirata.com.ar
Tue Jun 7 16:24:58 CEST 2016
On 04/06/16 05:06, Arno Wagner wrote:
>> If the ASCII strings "LABELONE" and "LVM2" cannot be seen in the
>> first few sectors of the volume, then that volume is either
>> overwritten or not being decrypted correctly. LVM keeps quite a bit
>> of easily recognized ASCII data in the volume header.
>> In this case the fragile link seems to be the LUKS detached header,
>> as I believe there is nothing to associate that header with a device
>> and precise starting point for the payload. Yes, there is a check
>> that the master key was reconstructed correctly. Now the question is
>> what, if anything, does this key decrypt.
> That is the one thing with a detached header: As the sector
> number goes into the decryption, decryption must start at the
> right place. If it does, it will becorrect with LUKS. If not,
> "random" data should result with XTS mode, I agree.
> Now, in theory it would be possible to try each possible offset
> from the start of the device (depends on how the partition
> for the LUKS container was created), until some (later) part
> of the decrypted data has some deviation from uniform
> distribution in byte-counts.
Hi! Thanks for all the feedback. I ran out of time for recovering this,
but as soon as I can I'll get back with the results :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 585 bytes
Desc: OpenPGP digital signature
More information about the dm-crypt