Hi Nick, On Thu, Jul 18, 2013 at 10:33:29AM -0700, Ywellc wrote: > Hi, > > I recently accessed a LUKS partition from a Windows operating system (on a > different disk). I was able to mount it using my passphrase. After > turning off the computer, I tried to boot into Ubuntu and received a "evms > activate is not available message." I have no idea what that means. > I booted into a live CD and tried to > mount to the drive. I received an error message from gParted saying the > partition table did not match the signature. I ran fsck and it "fixed" > the problem. That "recovery attempt" is likely what did the damage. > I then tried to boot again, and load Ubuntu. This time, evms activate > message did not show up. It brought me to passphrase screen and I entered > my passphrase. This time I received "unknown file system or bad password > options" message." > > I booted again into live CD (GRML) I try to unlock the container with: > > cryptsetup luksOpen /dev/sda5 > > I receive an error message stating that LUKS Keyslot 4, 6, and 7 is > invalid. I ran the command again with the debug option: > > Invalid keyslot size 8388608 (offset 1032, stripes 0) in keyslot 4 (beyond > data offset 2056) and similar for 6 and 7. Ok, some damage to the keyslot descriptors. The critical things may still be fine. > blkid -p shows "/dev/sdb5 UUID="57ei...." TYPE="crypto-LUKS." > > Is there any way for me to open this container now, or is it FUBAR? Unclear at this time. I think the chances for a full recovery are reasonable. Please make a manual header backup (copy the first 3 MB of the LUKS device) and keep that safe. It will protect you against any additional damage from experimentation. If the data is important, make a full binary backup of /dev/sda5, or better two before _any_ more "recovery attempts". In fact, make a third binary copy of the whole drive onto a same-size or larger drive and only work on that. (Binary copies are best made with dd_rescue.) Make very sure you are copying in the right direction. In fact, bying a forensic write-blocker may be a sensible investment if you are unsure. > I realize this is my fault, and I was actually trying to access the > container to backup everything. I have my whole life on there, school > work everything. Any help you could provide would be greatly appreciated. > I would be willing to shell out the few bitcoins I have to make it worth > your while. No need for that. Next step when you have the backups and the copy to work on is to download the current cryptsetup, compile and install it. Then run the keyslot-checker in misc/keyslot_checker/. There is a good chance it will fail, but it should report on the first keyslot before that, and that is the critical one if you have just one pasphrase. If that works, you can try to explicitely specify the key-slot to cryptsetup, along the lines of cryptsetup luksOpen --key-slot 0 /dev/sda5 That may or may not work. If not, then the keyslot info has to be repaired using a disk-editor. (Lets deal with that if it becomes necessary.) These are just start and offset info and should be defaults. And when you find the time, read the FAQ item 1.2 and everything in FAQ Section 6. If you are sure your passprase is good, you can also send me the first 3 MB of your LUKS partition and I can take a look. May take a few days until I find the time though. Arno > Thanks, > Nick > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
