[dm-crypt] LVM on LUKS: volumes missing

fauno fauno at partidopirata.com.ar
Tue Jun 7 16:24:58 CEST 2016

On 04/06/16 05:06, Arno Wagner wrote:

>> If the ASCII strings "LABELONE" and "LVM2" cannot be seen in the
>> first few sectors of the volume, then that volume is either
>> overwritten or not being decrypted correctly.  LVM keeps quite a bit
>> of easily recognized ASCII data in the volume header.
>> In this case the fragile link seems to be the LUKS detached header,
>> as I believe there is nothing to associate that header with a device
>> and precise starting point for the payload. Yes, there is a check
>> that the master key was reconstructed correctly. Now the question is
>> what, if anything, does this key decrypt.
> That is the one thing with a detached header: As the sector
> number goes into the decryption, decryption must start at the
> right place. If it does, it will becorrect with LUKS. If not,
> "random" data should result with XTS mode, I agree.
> Now, in theory it would be possible to try each possible offset 
> from the start of the device (depends on how the partition
> for the LUKS container was created), until some (later) part
> of the decrypted data has some deviation from uniform 
> distribution in byte-counts.

Hi! Thanks for all the feedback.  I ran out of time for recovering this,
but as soon as I can I'll get back with the results :)


