How to know a LUKS header is corrupt

disk-encryptiondmcryptluks

My computer froze for a long time and I pressed the reset button. After reboot, all FIVE luks-encrypted (LUKS 1) file systems will no longer open. The message I get is "No key available with this passphrase." I am sure I am using the right password. I have been using the same password for all file systems for years. I have backups for all those volumes except one so I would like to analyze my options for it. I have tried 'cryptsetup isLuks' and 'cryptsetup luksDump' on all the file systems and all of them are successful, I mean, they are Luks partitions and I can dump their headers and see their slots. However, on research, I found similar cases where people say their headers have been damaged beyond repair. I don't know how to identify that. How do I do that? Thank you for any information.

Best Answer

I found this page:

https://bbs.archlinux.org/viewtopic.php?pid=1846810#p1846810

Also this page:

https://www.linuxquestions.org/questions/linux-general-1/need-help-to-recover-luks-partition-4175613302/#post5756030

More specifically,

"You can tell fairly quickly whether there is any chance of recovery. Run "hexedit -s /dev/sdx" and search for the hex string "4C 55 4B 53 BA BE" at the start of a sector. (That's the ASCII string "LUKS" followed by the hex bytes 0xBA and 0xBE.) If you don't find that within the first few megabytes of the disk, the LUKS header is gone."

All the five file systems that refuse to open have that string intact in their headers so they all seem to be not damaged. Now, why all of them won't open is a separate issue and I suspect I will never find out what happened.

Related Solutions

Centos – how to mount a luks-encrypted file

Given the above, my guess is that you would need to do something like this.

First make your file accessible via a loopback device
- losetup /dev/loop/0 /path/file
Open the loopback device to crypt_fun
- cryptsetup luksOpen /dev/loop/0 crypt_fun
Mount it
- mount /dev/mapper/crypt_fun /crypt

Linux – LUKS partition recovery

The first obvious problem is you're looking in the wrong place. That's not a LUKS header.

The LUKS partition header starts with the six bytes, defined as L, U, K, S, followed by 0xBA, 0xBE. As you can clearly see, two of those six bytes aren't present there.

What you're looking for is pretty obvious:

00000000  4c 55 4b 53 ba be 00 01  61 65 73 00 00 00 00 00  |LUKS....aes.....|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  78 74 73 2d 70 6c 61 69  |........xts-plai|
00000030  6e 36 34 00 00 00 00 00  00 00 00 00 00 00 00 00  |n64.............|
00000040  00 00 00 00 00 00 00 00  73 68 61 31 00 00 00 00  |........sha1....|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  00 00 00 00 00 00 00 00  00 00 10 00 00 00 00 20  |............... |

You'll need to look elsewhere on the disk. Perhaps you need to back up a bit? Or forward. Or just let testdisk do its thing; if there's a valid LUKS header on the disk anywhere it should find it eventually.

Best Answer

Related Solutions

Centos – how to mount a luks-encrypted file

Linux – LUKS partition recovery

Related Topic