Skip to main content
Unix & Linux

Return to Answer

some people seem to be running commands blindly
Source Link
frostschutz
frostschutz
  • 52.2k
  • 7
  • 129
  • 179

SetupFor demonstration purposes, this answer first creates, then damages, then recovers a LUKS2 partition in a sample disk.img file.

Create a sample disk.img file: (do not run this on your real drive!)

Damage the sample disk.img file: (do not run this on your real drive!)

So this is a sample disk.img with a LUKS2 partition at an unknown offset, with a damaged header on it (magic bytes erased, partially overwritten, partition table wiped).

Setup:

Damage:

So this is a disk.img with a LUKS2 partition at an unknown offset, with a damaged header on it (magic bytes erased, partially overwritten, partition table wiped).

For demonstration purposes, this answer first creates, then damages, then recovers a LUKS2 partition in a sample disk.img file.

Create a sample disk.img file: (do not run this on your real drive!)

Damage the sample disk.img file: (do not run this on your real drive!)

So this is a sample disk.img with a LUKS2 partition at an unknown offset, with a damaged header on it (magic bytes erased, partially overwritten, partition table wiped).

added 2 characters in body
Source Link
frostschutz
frostschutz
  • 52.2k
  • 7
  • 129
  • 179
# gzip < header.32768 > header.32768.gz # stat -c %s areaheader.* 258048 258106 
# gzip < header.32768 > header.32768.gz # stat -c %s area.* 258048 258106 
# gzip < header.32768 > header.32768.gz # stat -c %s header.* 258048 258106
Bounty Awarded with 250 reputation awarded by Chris Davies
added 11 characters in body
Source Link
frostschutz
frostschutz
  • 52.2k
  • 7
  • 129
  • 179
# stdbuf -oL strings -n 64 -t d disk.img | grep '"keyslots":' 60837888 {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offset":"32768","size":"258048","encryption":"aes-xts-plain64","key_size":64},"kdf":{"type":"argon2id","time":13,"memory":1048576,"cpus":4,"salt":"R1z3arzSCjRb3STaCAnstIygkHCXf0CHf6kXl5yQj/E="}}},"tokens":{},"segments":{"0":{"type":"crypt","offset":"16777216","size":"dynamic","iv_tweak":"0","encryption":"aes-xts-plain64","sector_size":512}},"digests":{"0":{"type":"pbkdf2","keyslots":["0"],"segments":["0"],"hash":"sha256","iterations":324435,"salt":"0nSkpvmDJlvfkDaQteVVo6JdD/Oqt3vnndkZt1Qnd84=","digest":"lefQ21EaiuSdHFhSIFW3wDfMcRqG0HLCAO1bGI3SfvM="}},"config":{"json_size":"12288","keyslots_size":"16744448"}} 
# strings -n 64 -t d disk.img | grep '"keyslots":' 60837888 {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offset":"32768","size":"258048","encryption":"aes-xts-plain64","key_size":64},"kdf":{"type":"argon2id","time":13,"memory":1048576,"cpus":4,"salt":"R1z3arzSCjRb3STaCAnstIygkHCXf0CHf6kXl5yQj/E="}}},"tokens":{},"segments":{"0":{"type":"crypt","offset":"16777216","size":"dynamic","iv_tweak":"0","encryption":"aes-xts-plain64","sector_size":512}},"digests":{"0":{"type":"pbkdf2","keyslots":["0"],"segments":["0"],"hash":"sha256","iterations":324435,"salt":"0nSkpvmDJlvfkDaQteVVo6JdD/Oqt3vnndkZt1Qnd84=","digest":"lefQ21EaiuSdHFhSIFW3wDfMcRqG0HLCAO1bGI3SfvM="}},"config":{"json_size":"12288","keyslots_size":"16744448"}} 
# stdbuf -oL strings -n 64 -t d disk.img | grep '"keyslots":' 60837888 {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offset":"32768","size":"258048","encryption":"aes-xts-plain64","key_size":64},"kdf":{"type":"argon2id","time":13,"memory":1048576,"cpus":4,"salt":"R1z3arzSCjRb3STaCAnstIygkHCXf0CHf6kXl5yQj/E="}}},"tokens":{},"segments":{"0":{"type":"crypt","offset":"16777216","size":"dynamic","iv_tweak":"0","encryption":"aes-xts-plain64","sector_size":512}},"digests":{"0":{"type":"pbkdf2","keyslots":["0"],"segments":["0"],"hash":"sha256","iterations":324435,"salt":"0nSkpvmDJlvfkDaQteVVo6JdD/Oqt3vnndkZt1Qnd84=","digest":"lefQ21EaiuSdHFhSIFW3wDfMcRqG0HLCAO1bGI3SfvM="}},"config":{"json_size":"12288","keyslots_size":"16744448"}}
make grep more specific, less noise in real scenario
Source Link
frostschutz
frostschutz
  • 52.2k
  • 7
  • 129
  • 179
added 2 characters in body
Source Link
frostschutz
frostschutz
  • 52.2k
  • 7
  • 129
  • 179
Source Link
frostschutz
frostschutz
  • 52.2k
  • 7
  • 129
  • 179