> //FORMAT LOOP DEVICE > cryptsetup luksFormat /dev/loop0 For this to work, don't I need to make sure I format the loop device specifying the same cipher as my real device? I originally created the device based on steps from a how-to guide, but I don't remember the url of the guide I used. I can see the string "cbc-essiv:sha256" in my existing header... is that a valid cipher spec, or does it need to have 'aes-' prepended? On Mon, Nov 10, 2008 at 4:54 AM, Bill Hulbert <whulbert@xxxxxxxx> wrote: > Kevin Bowen <kevin@...> writes: >> Is there any way to try to recover a corrupted luks header? If not, >> does anyone have any ideas of what my options are as far as getting my >> data back? >> > > Like has been the general sentiment here, you can't recover a corrupted LUKS > header, but you can restore the parts of it that are standard across multiple > LUKS partitions. Here are commands that will setup a simple file, create a loop > device to it, set it up as a LUKS partition, dump the first part of the LUKS > header that seems to be corrupted on your partition, and then restore this over > your partition header. I tested out myself on a non-data-critical device by > first writing random data to the header to make it "corrupted". Probably would > wait until other people check out my commands before actually doing it, I just > started playing with DD and LUKS so there might be a couple idiosyncrasies I'm > unaware of. > > //BACKUP CORRUPTED HEADER JUST TO BE SAFE WHERE /dev/sda3 IS YOUR LUKS PARTITION > dd if=/dev/sda3 of=backup.img bs=1 count=592 conv=notrunc > //CREATE EMPTY IMAGE FILE FOR LOOP DEVICE > dd if=/dev/zero of=test.img bs=512 count=4 > //SETUP LOOP DEVICE - SHOULD BE /dev/loop0 IF YOU HAVE NO OTHER LOOP DEVICES > losetup -f test.img > //FORMAT LOOP DEVICE > cryptsetup luksFormat /dev/loop0 > //COPY THE FIRST 104 BYTES OF CORRECT HEADER TO CORRUPT HEADER > dd if=/dev/loop0 of=/dev/sda3 bs=1 count=104 conv=notrunc > //SEE IF HEADER IS FIXED BY PERFORMING A LUKSDUMP > cryptsetup luksDump /dev/sda3 > > Hopefully this works for you and doesn't screw things up more. > > -Bill > > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > -- Kevin Bowen kevin@xxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
