bug-ddrescue
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-ddrescue] fill-mode vs luks encryption

From: Marian Csontos
Subject: Re: [Bug-ddrescue] fill-mode vs luks encryption
Date: Fri, 06 Jun 2014 17:59:26 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 
On 06/06/2014 05:30 AM, Atom Smasher wrote:

i've been using ddrescue for a while, usually with great success. thanks!

right now i've got a 1.5TB WD drive (1.4TB, actually) with a luks
(encrypted) partition.

  * Raw_Read_Error_Rate - FAILING_NOW - 66055
  * Current_Pending_Sector - 1450

the drive is screwed. i got most of the data (>99%) recovered from the
drive on the first pass, and over the last month i've been picking tiny
bits and pieces off the drive. currently it's at:
     percent recovered = 99.95278650616919872200
     percent missing = .04721349383080127700

the data on it is nothing critical, but i'd like to recover it... if
nothing else, as an exercise in data recovery from a failing drive.

so far, so good. here's the tricky part...

on other failing drives i've used the "fill mode" to identify files that
haven't been completely recovered, but this disk is encrypted (with
luks). because the drive is encrypted, filling the un-recovered parts of
the image with a string will NOT put that string in the files, after the
image is decrypted.

before i spend too much time on it, does anyone have any tips or ideas
for identifying which files are missing some of their bits?
Hi, first, have you checked the LUKS headers were unaffected? (Or you have backups) Otherwise an attempt to rescue the data may be futile. 

Second, // My terminology may be bit unorthodox...

Hypothetically:
If you wanted markers in the files you would better run ddrescue on the cleartext mapping instead of encrypted device. (However, that may slow things down, and may be unfeasible for some drives holding on just for short periods of time.)
Also similarly to keep data encrypted you should write to cleartext mapping on top of another LUKS-encrypted (loop)device. 

Now, with the encrypted data you have...
I am not sure there is a binary grep tool to find sequences of the marker string in the encrypted device (if not it would not be that difficult to write one) - when identified list of offset and span tuples, you would have to dd over the corresponding parts of your cleartext device. 

-- Martian



thanks...
reply via email to
[Prev in Thread] Current Thread [Next in Thread]