How to recover corrupted HDD with LUKS encryption?

Question

Score:0

Server

How to recover corrupted HDD with LUKS encryption?

AbreQueVoy

9/6/23, 10:43 PM

There's a 1TB HDD which is somehow corrupted. It has only one partition and it's LUKS-encrypted, as far as I know. The password is known. The HDD used to prompt for the password right after it was mounted, but now it doesn't mount automatically as before, and there's no password prompt anymore. Also, the device doesn't appear in the list of available devices in Linux Mint's GUI. However, it's discoverable by lsblk, although size of the partition is reported as only ca. 140GB.

What I did so far, was creating an image with testdisk. The image is ca. 140GB of size, so it apparently didn't take a backup of the whole drive, which is utilized in more than 90%.

I didn't create any LUKS header dump when the disk was fully operational.

I made some analyzes and Deep Search of partitions. Here's the output of testdisk runs (keep in mind that during the 1st run the drive was assigned /dev/sdc, and the next day/run it was mapped as /dev/sdb):

Thu May  5 10:37:39 2022
Command line: TestDisk

TestDisk 7.1, Data Recovery Utility, July 2019
Christophe GRENIER <[email protected]>
https://www.cgsecurity.org
OS: Linux, kernel 5.4.0-109-generic (#123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022) x86_64
Compiler: GCC 9.2
ext2fs lib: 1.45.5, ntfs lib: libntfs-3g, reiserfs lib: none, ewf lib: none, curses lib: ncurses 6.1
/dev/sda: LBA, HPA, LBA48, DCO support
/dev/sda: size       976773168 sectors
/dev/sda: user_max   976773168 sectors
/dev/sda: native_max 976773168 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop0 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop1 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop2 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop3 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop4 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop5 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop6 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop7 - 0 B - 0 sectors, sector size=512
Hard disk list
[...]
Disk /dev/sdc - 1000 GB / 931 GiB - CHS 121601 255 63, sector size=512 - USB3.0 high speed, FW:2210

Partition table type (auto): Intel
Disk /dev/sdc - 1000 GB / 931 GiB - USB3.0 high speed
Partition table type: Intel

Interface Advanced
Geometry from i386 MBR: head=255 sector=63
check_part_i386 1 type E8: no test
 1 P Sys=E8                   0   4  5 15188 254 42  244011008
file_pread(6,256,buffer,9335296(581/24/20)) read err: Partial read
file_pread(6,1,buffer,9335312(581/24/36)) read err: <I/O Error>
file_pread(6,16,buffer,9345807(581/191/10)) read err: <I/O Error>
file_pread(6,1,buffer,9345807(581/191/10)) read err: <I/O Error>
Image created successfully but read errors have occured.

Analyse Disk /dev/sdc - 1000 GB / 931 GiB - CHS 121601 255 63
Geometry from i386 MBR: head=255 sector=63
check_part_i386 1 type E8: no test
Current partition structure:
 1 P Sys=E8                   0   4  5 15188 254 42  244011008
No partition is bootable

search_part()
Disk /dev/sdc - 1000 GB / 931 GiB - CHS 121601 255 63

     Linux                    0  32 33     0  97 33       4096
     LUKS 1 (Data size unknown), 2097 KB / 2048 KiB

Results
   * Linux                    0  32 33     0  97 33       4096
     LUKS 1 (Data size unknown), 2097 KB / 2048 KiB

Hint for advanced users: dmsetup may be used if you prefer to avoid rewriting the partition table for the moment:
echo "0 4096 linear /dev/sdc 2048" | dmsetup create test0

interface_write()
 1 * Linux                    0  32 33     0  97 33       4096
simulate write!

write_mbr_i386: starting...
write_all_log_i386: starting...
No extended partition

TestDisk exited normally.

/////// Only one HDD was attached on that day and the problematic disk is mapped as /dev/sdb now:

Fri May  6 08:45:06 2022
Command line: TestDisk

TestDisk 7.1, Data Recovery Utility, July 2019
Christophe GRENIER <[email protected]>
https://www.cgsecurity.org
OS: Linux, kernel 5.4.0-109-generic (#123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022) x86_64
Compiler: GCC 9.2
ext2fs lib: 1.45.5, ntfs lib: libntfs-3g, reiserfs lib: none, ewf lib: none, curses lib: ncurses 6.1
/dev/sda: LBA, HPA, LBA48, DCO support
/dev/sda: size       976773168 sectors
/dev/sda: user_max   976773168 sectors
/dev/sda: native_max 976773168 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop0 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop1 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop2 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop3 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop4 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop5 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop6 - 0 B - 0 sectors, sector size=512
Warning: can't get size for Disk /dev/loop7 - 0 B - 0 sectors, sector size=512
Hard disk list
[...]
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63, sector size=512 - USB3.0 high speed, FW:2210

Partition table type (auto): Intel
Disk /dev/sdb - 1000 GB / 931 GiB - USB3.0 high speed
Partition table type: Intel

Analyse Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63
Geometry from i386 MBR: head=255 sector=63
check_part_i386 1 type E8: no test
Current partition structure:
 1 P Sys=E8                   0   4  5 15188 254 42  244011008
No partition is bootable

search_part()
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63

     Linux                    0  32 33     0  97 33       4096
     LUKS 1 (Data size unknown), 2097 KB / 2048 KiB
Search for partition aborted

Results
   * Linux                    0  32 33     0  97 33       4096
     LUKS 1 (Data size unknown), 2097 KB / 2048 KiB

Hint for advanced users: dmsetup may be used if you prefer to avoid rewriting the partition table for the moment:
echo "0 4096 linear /dev/sdb 2048" | dmsetup create test0

interface_write()
 1 * Linux                    0  32 33     0  97 33       4096

search_part()
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63

     Linux                    0  32 33     0  97 33       4096
     LUKS 1 (Data size unknown), 2097 KB / 2048 KiB

Results
   * Linux                    0  32 33     0  97 33       4096
     LUKS 1 (Data size unknown), 2097 KB / 2048 KiB

Hint for advanced users: dmsetup may be used if you prefer to avoid rewriting the partition table for the moment:
echo "0 4096 linear /dev/sdb 2048" | dmsetup create test0

interface_write()
 1 * Linux                    0  32 33     0  97 33       4096
simulate write!

write_mbr_i386: starting...
write_all_log_i386: starting...
No extended partition

Interface Advanced
Geometry from i386 MBR: head=255 sector=63
check_part_i386 1 type E8: no test
 1 P Sys=E8                   0   4  5 15188 254 42  244011008
New options :
 Dump : No
 Align partition: Yes
 Expert mode : No

TestDisk exited normally.

What do you think: is it worth trying to recover the drive? If so, what steps/tools should be used?

31

0 + 0

linux

hard-drive

data-recovery

luks

How to recover corrupted HDD with LUKS encryption?

Post an answer