|
From: | Marian Csontos |
Subject: | Re: [Bug-ddrescue] fill-mode vs luks encryption |
Date: | Fri, 06 Jun 2014 17:59:26 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
On 06/06/2014 05:30 AM, Atom Smasher wrote:
i've been using ddrescue for a while, usually with great success. thanks! right now i've got a 1.5TB WD drive (1.4TB, actually) with a luks (encrypted) partition. * Raw_Read_Error_Rate - FAILING_NOW - 66055 * Current_Pending_Sector - 1450 the drive is screwed. i got most of the data (>99%) recovered from the drive on the first pass, and over the last month i've been picking tiny bits and pieces off the drive. currently it's at: percent recovered = 99.95278650616919872200 percent missing = .04721349383080127700 the data on it is nothing critical, but i'd like to recover it... if nothing else, as an exercise in data recovery from a failing drive. so far, so good. here's the tricky part... on other failing drives i've used the "fill mode" to identify files that haven't been completely recovered, but this disk is encrypted (with luks). because the drive is encrypted, filling the un-recovered parts of the image with a string will NOT put that string in the files, after the image is decrypted. before i spend too much time on it, does anyone have any tips or ideas for identifying which files are missing some of their bits?
Hi, first, have you checked the LUKS headers were unaffected? (Or you have backups) Otherwise an attempt to rescue the data may be futile.
Second, // My terminology may be bit unorthodox... Hypothetically:If you wanted markers in the files you would better run ddrescue on the cleartext mapping instead of encrypted device. (However, that may slow things down, and may be unfeasible for some drives holding on just for short periods of time.)
Also similarly to keep data encrypted you should write to cleartext mapping on top of another LUKS-encrypted (loop)device.
Now, with the encrypted data you have...I am not sure there is a binary grep tool to find sequences of the marker string in the encrypted device (if not it would not be that difficult to write one) - when identified list of offset and span tuples, you would have to dd over the corresponding parts of your cleartext device.
-- Martian
thanks...
[Prev in Thread] | Current Thread | [Next in Thread] |