By grepping through a hexdump of the partition, I was able to find that there was a LUKS header present. Since it seemed to be near the beginning of the partition (short time to find it), I stored a hexdump of the partition in a file and used vim to locate the header. From this, I determined that the header appeared to be offset 3MB from the beginning of the partition, so I used dd to copy it starting from that offset to another partition. This was successful and all data was recovered. I am still not certain what is responsible for this error, but I thought I would share my experience in case it is helpful to someone else. Thanks, Robert Kelly III On Dec 28, 2007 11:50 AM, Robert Kelly <bluethegrappler@xxxxxxxxx> wrote: > Indeed, as you suspected, I had tried luksDump and it does in fact give > the same error. I am just as interested in figuring out what went wrong, if > it was something stupid I did (though I can't imagine what), or if I have > found a bug somewhere to track it down and help fix it, as I am in > recovering my data (which I realize is unlikely). I noticed in the hexdump > of a good partition certain recognizable features, like 'LUKS' 'aes' > 'sha256' and 'sha1'... would it be possible to devise a script or something > using grep or awk or somesuch to see if there is a possible LUKS header in > the wrong place, for instance, if the partition boundaries got screwed up? I > also wonder if there is a way to identify any known data structure, like an > fs or something, to see if something might have accidentally been written > over the partitions? For future reference, can you use dd to back up the > LUKS header? > > I feel pretty confident about correctly remembering the changes I made and > what went on each partition because I put comments in my /etc/fstab and > wrote a bash script to make mounting the encrytped partitions (luksOpen and > mount for each) easier, and double checked that everything was right and > working before I rebooted. Besides that, there are five partitions that > don't have an fs mounted by fstab, two of those have an encrypted /tmp and > swap which are mounted with random keys at each boot. That leave only three > partitions unused, and all three of them should be LUKS, so there isn't > anything to confuse them with. A quite confusing situation indeed. Any help > you can offer would be greatly appreciated. Thanks. > > Sincerely, > Robert Kelly III > > > On Dec 28, 2007 7:00 AM, Clemens Fruhwirth <clemens@xxxxxxxxxxxxx> wrote: > > > At Fri, 28 Dec 2007 01:05:26 -0500, > > "Robert Kelly" <bluethegrappler@xxxxxxxxx> wrote: > > > > > > I am sending this to your personal email because I sent it to the > > dm-crypt list about a week ago and have received no mail from the list. I am > > not sure if I am receiving > > > mail from the list or not, or whether my email was received. So I am > > sending this just to make sure that you received it and that I can get a > > reply if I am not receiving mail > > > from the list. If the other was properly posted to the list and there > > has been no activity on the list since Dec 21, you can just ignore this one. > > Thanks. > > > > I'm sorry Robert. I saw your message, but I didn't have any special > > advice for you. You can try to luksDump the partitions, but I > > suspected you already found that flag, also it doesn't give you much > > information. This will probably refuse the work telling you "foobar is > > not a LUKS partition". In this case try to "hexdump -C -n 1024 > > /dev/foobar". > > > > > ---------- Forwarded message ---------- > > > From: Robert Kelly <bluethegrappler@xxxxxxxxx> > > > Date: Dec 21, 2007 1:45 PM > > > Subject: LUKS partitons disappeared > > > To: dm-crypt@xxxxxxxx > > > > > > I recently used the gentoo live CD to migrate my data from reiserfs to > > ext3. In the process, I decided to encrypt some of my data by making new > > LUKS partitions. There was one > > > LUKS partition already in existance. I luksOpened it, mounted the > > /dev/mapper/crypt, copied data off, umounted, and mke2fs -j. Then I > > remounted and put data back. The other > > > two partitions I luksFormated, luksOpened, ran mke2fs -j on their > > respective /dev/mapper/crypts, mounted, and put data on one one of them. > > Before rebooting, I umounted all > > > partitions, but did not luksClose. The two LUKS partitions that had > > data on them are no longer recognized as being LUKS partions by cryptsetup > > luksOpen. The third one has no > > > problems, but contains only the lost+found directory as no data was > > put on this partition. Incidentally, the partition that still works is one > > of the two newly created ones, > > > and the pre-existing one as well as one of the newly created ones is > > no longer working. I can't figure out what could have happened to the two > > partitions. Is there any kind > > > of diagnostic or recovery I can try? > > > > > > > > -- > > Fruhwirth Clemens - http://clemens.endorphin.org > > > >
