You are not logged in.

Pages: 1

#1 2021-03-13 14:38:28

elfaxxpetga
Member
Registered: 2019-12-02
Posts: 9

[SOLVED] Recover LUKS partition

I was having some problems with grub a few days ago, so yesterday I used the arch installer to chroot into my system. I opened and mounted my LUKS partition using 

cryptsetup luksOpen /dev/sda6 secret

and everything was normal. After reinstalling grub e generating a new config file I just exited. It's probably bad behavior but I remember I didn't unmount and close my LUKS partition, I just straight powered off. Today when trying to chroot again 

cryptsetup luksOpen /dev/sda6 secret

returns 

Device /dev/sda6 is not a valid LUKS device.

I use LVM on LUKS. I don't have a backup of my luks header... Is there any way to fix this or recover my data?

Last edited by elfaxxpetga (2021-03-15 00:04:21)

Offline

#2 2021-03-13 15:07:57

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: [SOLVED] Recover LUKS partition

I just straight powered off.

If by that you mean you pushed the power button and the system shut down, then there's nothing wrong with that. The kernel would umount properly for you.

If you mean you just pulled the plug, then that's bad for the filesystem, but there is still no way it would damage the LUKS header.

So, something else happened.

Is there any way to fix this or recover my data?

Only if the LUKS header still exists. Otherwise, game over.

Did you change anything about your partitioning? Does the partition offset and size of your partition make sense? Is sda the correct device, maybe just some drive letters changed?

Offline

#3 2021-03-13 15:37:24

elfaxxpetga
Member
Registered: 2019-12-02
Posts: 9

Re: [SOLVED] Recover LUKS partition

I powered off using 

poweroff

. No errors.

I forgot to mention that I'm using GPT. I did create a new ext4 partition (/dev/sda8) in the meantime and installed debian in it to have at least 1 working OS. But I didn't change anything with the LUKS partition. I just formatted /dev/sda5 as ext2 (my boot partition), created /dev/sda8 (/) and set /dev/sda7 as my swap. It's kinda messy because /dev/sda7 is at the end of the disk, and for some reason /dev/sda8 is not listed in blkid. Partition offset looks normal in fdisk, partition size is the same and checked the drive letter, it's still sda.

How can I check if my LUKS header is still there?

Offline

#4 2021-03-14 08:11:11

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: [SOLVED] Recover LUKS partition

Well, what is on the partition? cryptsetup luksDump, file -s, hexdump -C -n 32768, ...

You can use `strings -t d -n 4 /dev/disk | grep LUKS` and search entire raw data for possible LUKS header offsets this way but, most likely, something else happened here...

for reference, hexdump -C:

intact luks header for LUKS 1 looks like:

00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69  |........xts-plai|
00000030  6e 36 34 00 00 00 00 00  00 00 00 00 00 00 00 00  |n64.............|
00000040  00 00 00 00 00 00 00 00  73 68 61 32 35 36 00 00  |........sha256..|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 10 00 00 00 00 40  |...............@|
00000070  d2 fd 50 0b 87 5e ce ab  6d 79 4f a1 f6 49 17 2a  |..P..^..myO..I.*|
00000080  d7 8e 6f 1b a7 69 c6 4c  88 68 b7 14 bc bd e1 42  |..o..i.L.h.....B|
00000090  fa ff 01 9b 70 09 0f 18  c7 f0 0b 8e 34 36 1c 51  |....p.......46.Q|
000000a0  aa 03 97 e2 00 01 dc b8  31 34 32 30 39 64 64 31  |........14209dd1|
000000b0  2d 65 33 61 62 2d 34 62  32 30 2d 61 35 64 34 2d  |-e3ab-4b20-a5d4-|
000000c0  34 64 37 30 38 37 34 35  62 37 31 31 00 00 00 00  |4d708745b711....|
000000d0  00 ac 71 f3 00 1d cb 8e  2a a9 56 67 fb db f6 f1  |..q.....*.Vg....|
000000e0  c3 08 ad a1 7b 15 7a 1d  ec 7b c6 f9 33 35 4c d2  |....{.z..{..35L.|
000000f0  db 3d e5 71 82 a3 10 02  00 00 00 08 00 00 0f a0  |.=.q............|
00000100  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 02 00 00 00 0f a0  |................|
00000130  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 03 f8 00 00 0f a0  |................|
00000160  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 05 f0 00 00 0f a0  |................|
00000190  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 07 e8 00 00 0f a0  |................|
000001c0  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 09 e0 00 00 0f a0  |................|
000001f0  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000210  00 00 00 00 00 00 00 00  00 00 0b d8 00 00 0f a0  |................|
00000220  00 00 de ad 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000240  00 00 00 00 00 00 00 00  00 00 0d d0 00 00 0f a0  |................|
00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000  ec f0 7a e5 3a cd 26 42  86 7f 19 01 f7 af f9 bf  |..z.:.&B........|
00001010  6d a0 1b b9 35 20 0b f8  4f 8f 4c 26 5a 55 03 37  |m...5 ..O.L&ZU.7|
00001020  d1 8f b4 86 c7 d3 92 a3  7e f0 b4 8c 49 c8 f0 de  |........~...I...|
...

intact luks header for LUKS 2 looks like:

00000000  4c 55 4b 53 ba be 00 02  00 00 00 00 00 00 40 00  |LUKS..........@.|
00000010  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000040  00 00 00 00 00 00 00 00  73 68 61 32 35 36 00 00  |........sha256..|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  72 48 b9 2c 1a 71 21 fd  |........rH.,.q!.|
00000070  c3 d9 37 19 68 82 ac 26  80 0a 40 fb 96 52 4e e1  |..7.h..&..@..RN.|
00000080  1a cf 58 c1 e1 bf 2f 22  7c b6 0d 7b 4d 55 16 2c  |..X.../"|..{MU.,|
00000090  f8 51 12 cd 5b da c3 fb  f8 f0 bf b4 ba a7 a5 37  |.Q..[..........7|
000000a0  3e 09 9e a4 f5 05 b7 15  33 38 63 64 32 62 62 30  |>.......38cd2bb0|
000000b0  2d 34 33 39 30 2d 34 66  66 31 2d 61 61 33 31 2d  |-4390-4ff1-aa31-|
000000c0  32 33 35 65 64 64 63 33  61 61 65 66 00 00 00 00  |235eddc3aaef....|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001c0  a7 fa 0b c2 00 ab d6 eb  61 b6 89 e6 97 d2 0c 9b  |........a.......|
000001d0  f0 08 5a ba a2 52 7e df  6b 38 77 7f 66 b1 a2 63  |..Z..R~.k8w.f..c|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000  7b 22 6b 65 79 73 6c 6f  74 73 22 3a 7b 22 30 22  |{"keyslots":{"0"|
00001010  3a 7b 22 74 79 70 65 22  3a 22 6c 75 6b 73 32 22  |:{"type":"luks2"|
00001020  2c 22 6b 65 79 5f 73 69  7a 65 22 3a 36 34 2c 22  |,"key_size":64,"|
...

Last edited by frostschutz (2021-03-14 08:17:33)

Offline

#5 2021-03-14 20:33:44

elfaxxpetga
Member
Registered: 2019-12-02
Posts: 9

Re: [SOLVED] Recover LUKS partition

cryptsetup luksDump /dev/sda6

returns with the same error as before: 

Device /dev/sda6 is not a valid LUKS device.
file -s /dev/sda6
/dev/sda6: LVM2 PV (Linux Logical Volume Manager), UUID: lRUZ1k-8eOJ-HQoT-BgOy-f0Dr-FgQw-QxOegA, size: 214748364800

This is interesting, I checked on gparted and the sda6 is being recognized as an empty LVM partition...

hexdump -C -n 32768
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000200  4c 41 42 45 4c 4f 4e 45  01 00 00 00 00 00 00 00  |LABELONE........|
00000210  6d 2c 8f a5 20 00 00 00  4c 56 4d 32 20 30 30 31  |m,.. ...LVM2 001|
00000220  6c 52 55 5a 31 6b 38 65  4f 4a 48 51 6f 54 42 67  |lRUZ1k8eOJHQoTBg|
00000230  4f 79 66 30 44 72 46 67  51 77 51 78 4f 65 67 41  |Oyf0DrFgQwQxOegA|
00000240  00 00 00 00 32 00 00 00  00 00 10 00 00 00 00 00  |....2...........|
00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000260  00 00 00 00 00 00 00 00  00 10 00 00 00 00 00 00  |................|
00000270  00 f0 0f 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000280  00 00 00 00 00 00 00 00  02 00 00 00 00 00 00 00  |................|
00000290  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000  16 d6 8e db 20 4c 56 4d  32 20 78 5b 35 41 25 72  |.... LVM2 x[5A%r|
00001010  30 4e 2a 3e 01 00 00 00  00 10 00 00 00 00 00 00  |0N*>............|
00001020  00 f0 0f 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00001030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00004000  00 00 00 00 00 00 00 02  00 00 00 00 00 00 40 00  |..............@.|
00004010  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 00  |................|
00004020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00004040  00 00 00 00 00 00 00 00  73 68 61 32 35 36 00 00  |........sha256..|
00004050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00004060  00 00 00 00 00 00 00 00  81 16 0e 47 93 05 5e 6c  |...........G..^l|
00004070  cd e4 93 f3 25 60 4e a3  7a cb 6b 0a 94 b3 05 c8  |....%`N.z.k.....|
00004080  33 76 56 d0 65 87 64 ac  68 9d 22 73 0d 35 10 01  |3vV.e.d.h."s.5..|
00004090  25 30 d6 27 b7 9b 3e cb  7a c3 1d 85 23 23 18 df  |%0.'..>.z...##..|
000040a0  94 ac cf 20 84 af d0 7b  34 38 30 31 38 62 33 39  |... ...{48018b39|
000040b0  2d 37 61 61 34 2d 34 61  33 34 2d 61 30 39 38 2d  |-7aa4-4a34-a098-|
000040c0  31 34 30 36 39 65 62 37  66 61 36 61 00 00 00 00  |14069eb7fa6a....|
000040d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00004100  00 00 00 00 00 00 40 00  00 00 00 00 00 00 00 00  |......@.........|
00004110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000041c0  63 28 83 cc d8 a7 1b fe  3d a0 2b 7c 1c 7e 9c 95  |c(......=.+|.~..|
000041d0  77 9b 87 de eb 3c f7 c6  8c 2b 26 4d 24 dc 35 cd  |w....<...+&M$.5.|
000041e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00005000  7b 22 6b 65 79 73 6c 6f  74 73 22 3a 7b 22 30 22  |{"keyslots":{"0"|
00005010  3a 7b 22 74 79 70 65 22  3a 22 6c 75 6b 73 32 22  |:{"type":"luks2"|
00005020  2c 22 6b 65 79 5f 73 69  7a 65 22 3a 36 34 2c 22  |,"key_size":64,"|
00005030  61 66 22 3a 7b 22 74 79  70 65 22 3a 22 6c 75 6b  |af":{"type":"luk|
00005040  73 31 22 2c 22 73 74 72  69 70 65 73 22 3a 34 30  |s1","stripes":40|
00005050  30 30 2c 22 68 61 73 68  22 3a 22 73 68 61 32 35  |00,"hash":"sha25|
00005060  36 22 7d 2c 22 61 72 65  61 22 3a 7b 22 74 79 70  |6"},"area":{"typ|
00005070  65 22 3a 22 72 61 77 22  2c 22 6f 66 66 73 65 74  |e":"raw","offset|
00005080  22 3a 22 33 32 37 36 38  22 2c 22 73 69 7a 65 22  |":"32768","size"|
00005090  3a 22 32 35 38 30 34 38  22 2c 22 65 6e 63 72 79  |:"258048","encry|
000050a0  70 74 69 6f 6e 22 3a 22  61 65 73 2d 78 74 73 2d  |ption":"aes-xts-|
000050b0  70 6c 61 69 6e 36 34 22  2c 22 6b 65 79 5f 73 69  |plain64","key_si|
000050c0  7a 65 22 3a 36 34 7d 2c  22 6b 64 66 22 3a 7b 22  |ze":64},"kdf":{"|
000050d0  74 79 70 65 22 3a 22 61  72 67 6f 6e 32 69 22 2c  |type":"argon2i",|
000050e0  22 74 69 6d 65 22 3a 35  2c 22 6d 65 6d 6f 72 79  |"time":5,"memory|
000050f0  22 3a 31 30 34 38 35 37  36 2c 22 63 70 75 73 22  |":1048576,"cpus"|
00005100  3a 34 2c 22 73 61 6c 74  22 3a 22 35 51 35 58 6e  |:4,"salt":"5Q5Xn|
00005110  59 48 42 79 2b 31 61 6f  58 38 6a 58 69 4c 65 4b  |YHBy+1aoX8jXiLeK|
00005120  43 6b 55 78 34 58 41 2f  4e 6f 2f 57 61 51 35 37  |CkUx4XA/No/WaQ57|
00005130  66 56 56 53 66 55 3d 22  7d 7d 7d 2c 22 74 6f 6b  |fVVSfU="}}},"tok|
00005140  65 6e 73 22 3a 7b 7d 2c  22 73 65 67 6d 65 6e 74  |ens":{},"segment|
00005150  73 22 3a 7b 22 30 22 3a  7b 22 74 79 70 65 22 3a  |s":{"0":{"type":|
00005160  22 63 72 79 70 74 22 2c  22 6f 66 66 73 65 74 22  |"crypt","offset"|
00005170  3a 22 31 36 37 37 37 32  31 36 22 2c 22 73 69 7a  |:"16777216","siz|
00005180  65 22 3a 22 64 79 6e 61  6d 69 63 22 2c 22 69 76  |e":"dynamic","iv|
00005190  5f 74 77 65 61 6b 22 3a  22 30 22 2c 22 65 6e 63  |_tweak":"0","enc|
000051a0  72 79 70 74 69 6f 6e 22  3a 22 61 65 73 2d 78 74  |ryption":"aes-xt|
000051b0  73 2d 70 6c 61 69 6e 36  34 22 2c 22 73 65 63 74  |s-plain64","sect|
000051c0  6f 72 5f 73 69 7a 65 22  3a 35 31 32 7d 7d 2c 22  |or_size":512}},"|
000051d0  64 69 67 65 73 74 73 22  3a 7b 22 30 22 3a 7b 22  |digests":{"0":{"|
000051e0  74 79 70 65 22 3a 22 70  62 6b 64 66 32 22 2c 22  |type":"pbkdf2","|
000051f0  6b 65 79 73 6c 6f 74 73  22 3a 5b 22 30 22 5d 2c  |keyslots":["0"],|
00005200  22 73 65 67 6d 65 6e 74  73 22 3a 5b 22 30 22 5d  |"segments":["0"]|
00005210  2c 22 68 61 73 68 22 3a  22 73 68 61 32 35 36 22  |,"hash":"sha256"|
00005220  2c 22 69 74 65 72 61 74  69 6f 6e 73 22 3a 31 32  |,"iterations":12|
00005230  33 34 31 39 2c 22 73 61  6c 74 22 3a 22 74 74 59  |3419,"salt":"ttY|
00005240  72 6c 4c 58 4c 4a 55 72  68 44 45 34 31 6d 6d 37  |rlLXLJUrhDE41mm7|
00005250  6f 6b 36 46 4c 54 4f 64  52 36 41 34 30 56 4b 51  |ok6FLTOdR6A40VKQ|
00005260  63 78 68 4c 36 71 55 4d  3d 22 2c 22 64 69 67 65  |cxhL6qUM=","dige|
00005270  73 74 22 3a 22 4f 64 48  61 69 6f 71 67 31 38 34  |st":"OdHaioqg184|
00005280  62 59 4f 43 54 6e 33 7a  6f 32 64 53 31 65 6d 54  |bYOCTn3zo2dS1emT|
00005290  55 6d 54 75 67 56 2f 4e  31 66 6b 72 64 2f 48 6b  |UmTugV/N1fkrd/Hk|
000052a0  3d 22 7d 7d 2c 22 63 6f  6e 66 69 67 22 3a 7b 22  |="}},"config":{"|
000052b0  6a 73 6f 6e 5f 73 69 7a  65 22 3a 22 31 32 32 38  |json_size":"1228|
000052c0  38 22 2c 22 6b 65 79 73  6c 6f 74 73 5f 73 69 7a  |8","keyslots_siz|
000052d0  65 22 3a 22 31 36 37 34  34 34 34 38 22 7d 7d 00  |e":"16744448"}}.|
000052e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00008000

big_smile! It looks like the LUKS header has been partially overwritten, I believe. And if I'm not mistaken the unique part of it is intact. What do you think?

Offline

#6 2021-03-14 21:47:26

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: [SOLVED] Recover LUKS partition

So this looks like LVM 'pvcreate' wiped primary and secondary LUKS binary header. Parts of the secondary header seem to be still there. If key material is undamaged it might be recoverable. Might be... maybe... depends on many what if's.

take a copy of this header

head -c 17M /dev/sda6 > luks.damaged.header

loop device for it:

# losetup --find --show luks.damaged.header
/dev/loop9

zero area damaged by lvm anyway:

head -c 16448 /dev/zero > /dev/loop9

restore secondary header magic:

printf "SKUL\xba\xbe\x00\x02""\x00\x00\x00\x00\x00\x00\x40\x00""\x00\x00\x00\x00\x00\x00\x00\x03" | dd bs=1 seek=16384 of=/dev/loop9

( for explanation of these values see luks2_doc_wip.pdf page 3 & 4, this should be magic version header size seqid ... you still have starting from csum_alg. seqid number might differ, you can try other value for \x03, if you ever changed/added passphrase after luksformat.

then big moment (or not)

cryptsetup luksDump /dev/loop9
cryptsetup repair /dev/loop9
cryptsetup open /dev/loop9 luksloop9
file -s /dev/mapper/luksloop9
dmsetup table --showkeys
cryptsetup close luksloop9

if that works to the end, you can attempt to put the repaired header on sda6

but if it works at all, you are very very very lucky and had the ideal case under the circumstances

it can just as well go completely wrong

Last edited by frostschutz (2021-03-14 22:12:17)

Offline

#7 2021-03-15 00:03:53

elfaxxpetga
Member
Registered: 2019-12-02
Posts: 9

Re: [SOLVED] Recover LUKS partition

guess I got lucky, it worked!!!
fixed my grub issue and booted. everything running smoothly, no corrupted files
backing up my header now, should've done it a long time ago
you're a life saver, thank you so much! big_smile

Last edited by elfaxxpetga (2021-03-15 01:55:22)

Offline

#8 2025-04-11 03:18:19

forevergrateful
Member
Registered: 2025-04-11
Posts: 1

Re: [SOLVED] Recover LUKS partition

@frostschutz, you are a lifesaver and I named my Arch account after you, thank you so much for the solution. For the idiots who accidentally deleted their partition tables/LUKS headers (for users using LUKS2), this solution WORKS and for the not-so-savvy Linux users like myself, those commands are do-able, replacing info for the correct loop device. THANK YOU SO MUCH, and if you have a bitcoin lightning address I would like to send you some sats!

Offline

#9 2025-04-11 07:37:44

frostschutz
Member
Registered: 2013-11-15
Posts: 1,637

Re: [SOLVED] Recover LUKS partition

Glad it worked for you.

For anyone finding this thread, I posted two cryptsetup repair guides over at Unix Stackexchange:

cryptsetup repair, magic byte recovery: https://unix.stackexchange.com/a/706071/30851 (this is the same as in post #6 of this thread)

cryptsetup repair, full header recovery: https://unix.stackexchange.com/a/741850/30851 (different approach when the simple method doesn't work)

Both guides are for LUKS2 only.

Offline

Pages: 1

Board footer

Powered by FluxBB