On 12/15/2016 09:36 PM, Oskar Jauch wrote: > Hi, > > I've accidentally overwritten the first 1.1 GB of my external hard drive > with dd. As far as I remember the drive contained two partitions from > which one was encrypted with LUKS. I'm not sure if the encrypted one was > the first or the second one... > > I dumped the hole disc with ddrescue. > > I was able to extract the following from my laptop: > > luks-afe73a24-e4ab-4d49-90b9-119da11bc7c6: 0 5860526990 crypt > aes-xts-plain64 [key (don't want to share it in this mail)] 0 8:17 4096 8:17 should be reference to /dev/sdb1 So bad thing is that if the first partition was overwritten, you probably lost most of it. Even if it is properly decrypted, it will be very hard to recover anything (you will see garbage in the area that have been overwritten). The good thing is that the table above (if it is the proper one), contains volume encryption key and it should allow map it even without lost LUKS header. You will also need first partition (sdb1) offset. If the mapping is still active on your pc, you should see the offset through "cat /sys/block/sdb/sdb1/start" because the sdb1 device in-kernel is still in use. (The default is 2048 sectors but it can be also old alignment or some other value.) Once you have that, you should be able to map the encrypted device. The last number in your table (4096 - size of LUKS header) is the device offset, you must add recovered partition offset to it. Then you can map the device using losetup and dmsetup, something like dmsetup create <name> --table "..." Replace 8:17 with path to your image (if it is file, you must use losetup to map it to block device) and properly update offset. More info to format - https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt Milan > > Is there any possibility to restore anything of the encrypted data? > > Thank you in advance! > > Oskar > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
