Arch Linux

Fleeep

Member

Registered: 2015-06-07

Posts: 6

[SOLVED] luks-passphrase not working after update

SOLVED: Hard drive was damaged. new hard drive ''fixed'' issue

Hello,

i updated my arch on 2015-06-05. After restarting my cryptsetup does not accept my password anymore.

 No key available with this passphrase. 

Searching the forum i found a couple of simular topics, nevertheless none of them offered a solution to the problem:

https://bbs.archlinux.org/viewtopic.php?id=169408
https://bbs.archlinux.org/viewtopic.php?id=175737
https://bbs.archlinux.org/viewtopic.php?id=148562

So the solutions that did not work so far:
1. Downgrading cryptsetup package
2. Downgrading kbd package
3. Checked that my keyboard works just fine (both in grub and in live system)
4. Manualy loading the aes modules in live system to ensure correct decryption (found that issue somewhere...)

Unfortunatly i did not backup the luks header file.
So i don't know if there is some other way to check if the header is broken or how to find out why it will not decrypt my disk.
I am happy for any solutions or ideas

Regards,

Some outputs from cryptsetup:

cryptsetup -v isLuks /dev/sda2 
Command successful.

cryptsetup -v luksDump /dev/sda2 
LUKS header information for /dev/sda2

Version:       	1
Cipher name:   	aes
Cipher mode:   	xts-plain64
Hash spec:     	sha512
Payload offset:	4096
MK bits:       	512
MK digest:     	66 00 4c 66 17 ec 2c 82 68 b3 26 2e 58 df 76 cf 3b f5 18 ef 
MK salt:       	b8 e0 5d 4d 5c bb 23 6a fc fc 86 d8 5d b6 3f 1f 
               	28 b6 0e 49 33 9a 8b e6 a2 55 f5 42 32 92 95 db 
MK iterations: 	51000
UUID:          	dbe69743-7753-4a54-a221-a662042c0444

Key Slot 0: ENABLED
	Iterations:         	204146
	Salt:               	fa 22 ec 71 49 2c af 9f 64 10 b3 8e f4 76 31 c0 
	                      	02 16 dd 2c 72 7e 2f 4b 0b 08 2f 02 03 dd 52 dc 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Command successful.

Last edited by Fleeep (2015-06-14 12:09:24)

frostschutz

Member

Registered: 2013-11-15

Posts: 1,647

Re: [SOLVED] luks-passphrase not working after update

Have you tried both keyboard layouts? US and whatever you normally use (if it's not US).

Here's an example of a broken LUKS header, breakage being visible in hexdump output (line 3910): https://bpaste.net/show/NNT1xzo4VGeBqEAScBqh

It's rare to have damage as obvious as this. You could just as well damage it by writing random data and you would never see what is wrong with it.

Fleeep

Member

Registered: 2015-06-07

Posts: 6

Re: [SOLVED] luks-passphrase not working after update

My default keyboard layout is US. Also i checked keyboard output in GRUB before cryptsetup and later in livesystem to ensure correct keyboard output.

Would it be of any help to post my LUKS header/ first xxxx bytes...? Is there any way to check the header?
Else, is there any way to force luks to decrypt header with a given passphrase?

Last edited by Fleeep (2015-06-07 13:28:47)

frostschutz

Member

Registered: 2013-11-15

Posts: 1,647

Re: [SOLVED] luks-passphrase not working after update

If you upload your header somewhere and give me your passphrase along with it, I'd be happy to run a few tries on it.

Else, is there any way to force luks to decrypt header with a given passphrase?

You could probably patch cryptsetup to accept any passphrase but the result will most likely be garbage.

There is no relation at all between the passphrase you type and the key that is actually being used for the encryption. The key is entirely random, you cannot produce the key having only the passphrase.

Fleeep

Member

Registered: 2015-06-07

Posts: 6

Re: [SOLVED] luks-passphrase not working after update

If you upload your header somewhere and give me your passphrase along with it, I'd be happy to run a few tries on it.

Hope this covers the necessary bytes:

https://bpaste.net/show/7bdbdd1c0f79

Passphrase:
SomeEncrypt

So if you wonder why my passphrase is so bad, it was supposed to be some basic pw. But since i do not have any sensitive data on the disk there was no cause of updating. Also i am very lazy.

frostschutz

Member

Registered: 2013-11-15

Posts: 1,647

Re: [SOLVED] luks-passphrase not working after update

There is no obvious visible damage in your LUKS header that I can see, and the passphrase does not work. So the possibilities are: It was damaged in a way that is not visible, or: it's the wrong passphrase.

If you want to try the master key that would result for your passphrase if cryptsetup did not verify it:

losetup --read-only /dev/loop7 /dev/sda2
dmsetup create foobar --table '0 2048 crypt aes-xts-plain64 4ec1a210c7c44208ca132559cda338d7651471abd47b619b1d3a15d273ab69875cdd2bcb7c2750f6cab9e6b2e19f487fb4766bb7826819c8b2de898fe3c0b999 0 7:7 4096'
file -s -L /dev/mapper/foobar
hexdump -C /dev/mapper/foobar

But if the passphrase is wrong or the key material damaged, the result will be random garbage.

Last edited by frostschutz (2015-06-07 15:52:44)

Fleeep

Member

Registered: 2015-06-07

Posts: 6

Re: [SOLVED] luks-passphrase not working after update

losetup --read-only /dev/loop7 /dev/sda2
dmsetup create foobar --table '0 2048 crypt aes-xts-plain64 4ec1a210c7c44208ca132559cda338d7651471abd47b619b1d3a15d273ab69875cdd2bcb7c2750f6cab9e6b2e19f487fb4766bb7826819c8b2de898fe3c0b999 0 7:7 4096'
file -s -L /dev/mapper/foobar
hexdump -C /dev/mapper/foobar

Gives me the master key for the decrypted partition (denoted as forum_key_kex).
Do i need to convert this to binary or something to use it...?

Assume Filesystem/dev_sda2 is the partition to decrypt.
So to decrypt the partition directly with master key i have to do one of the following, wasn't sure which hash to take...:

echo "0 `blockdev --getsz Filesystem/dev_sda2` crypt aes-cbc-essiv:sha256 `echo SomeEncrypt | sha256sum | head -c 64` 0 Filesystem/dev_sda2 4096" | dmsetup create luks_volume

echo "0 `blockdev --getsz Filesystem/dev_sda2` crypt aes-cbc-essiv:sha256 `sha256sum forum_key_hex | head -c 64` 0 Filesystem/dev_sda2 4096" | dmsetup create luks_volume

as i found on:
http://unix.stackexchange.com/questions … master-key
(approved by you in the comment as it seems)

But both give me an error:

device-mapper: resume ioctl on luks_volume failed: Invalid argument
Command failed

Did i even do this right?

Also when i copied the partition to an external device dd_rescue observed 6 errors in blocks. So those might just be the cause of failure all the time.

frostschutz

Member

Registered: 2013-11-15

Posts: 1,647

Re: [SOLVED] luks-passphrase not working after update

The commands should work exactly as I wrote them. Do you get an error message? If `file` just says data and `hexdump` only shows random data, this approach is clearly wrong and there's probably nothing else to be done.

But you won't get anywhere with echo passphrase | sha because that's not how it works at all.

Last edited by frostschutz (2015-06-07 21:22:50)

Fleeep

Member

Registered: 2015-06-07

Posts: 6

Re: [SOLVED] luks-passphrase not working after update

Ahh well ok.
Your commands work perfectly, but as predicted its only random data.

But you won't get anywhere with echo passphrase | sha because that's not how it works at all.

Yeah i thought bout that, i just didn't really understand that post on steckexchange...

Well so than i conclude the key material is damaged and i won't get the partition back. Anyway will keep a backup of broken partition, just in case i ever find a solution
Thanks for the help anyway.

frostschutz

Member

Registered: 2013-11-15

Posts: 1,647

Re: [SOLVED] luks-passphrase not working after update

Do you have any notion what could possibly have altered your LUKS header? It's rather unusual.

Are you 140% sure about the passphrase?

Fleeep

Member

Registered: 2015-06-07

Posts: 6

Re: [SOLVED] luks-passphrase not working after update

I have no idea what altered the LUKS header. Last thing i did was (probably) installing some updates with pacman. Then the next day, it said passphrase is wrong.

And yes, i have asked myself about 1000 times if thats the right passphrase but i am m 200% sure. And I have not been out of my mind that day changing it or something...
I have been typing that in for almost a year, i do that by habit. Also my basic passwords are always "SomeXXX" before i switch to a proper password.