1

I accidentally deleted the partition table of my with LUKS encrypted SSD. I did use the encryption that came with the linux 22.04 installer. Then I was always asked for a password directly at bootup.

What I tried so far:

Re-created partition table with testdisk: https://linuxconfig.org/how-to-recover-partition-table-in-linux

As this did not help, I followed the answer in the link below:

Recover deleted LUKS partition

I then got a response by a user in the forum saying the following:

«You didn't find the correct place, but probably the content of a tool dealing with LUKS. Redo a search on the whole disk (or disk copy). For example with hexedit, (be sure to not be able to write with it) search for either 4c554b53babe0001 (LUKS v1) or 4c554b53babe0002 (LUKS v2) (probably this last).

For v2 there's also 534b554cbabe0002 (SKUL...) for the backup a bit after the normal»

So I searched for the hex-strings and found them:

For me that was at 01A175505 (4c554b53babe0002) and at 01A175605 (534b554cbabe0002)

I then tried to mount the LUKS parition via the link above, but I could not decrypt the device.

So I followed the post in the links below from the user Frostschutz.

Restore a LUKS partition that was overwritten by pvcreate

Part 1 did not help and instead I got an error message at the command:

cryptsetup luksDump luksheaderdamage.img

The error I get is:

Device luksheaderdamage.img is not a valid LUKS device

So now I am trying to go through Part 2 but am having problems how to (the answer creates a separate file if I understand it correctly): Overwritten LUKS with a partition table

I started out with copying 64 Megabyte from each parition sda, sda1, sda2 with the following command:

sudo head -c 64M /dev/sda > luksheaderdamage.img

I then used the following command:

stdbuf -oL strings -n 64 -t d disk.img | grep '"keyslots":'

I also tried to copy more than 64 Megabyte from each partion with the following command:

sudo head -c 2000M /dev/sda > luksheaderdamage.img

This command should return a JSON string. However I get no values returned. And now I dont know how to progress here.

What looks funny to me that I have around 2 MB free space at the beginning of the drive: enter image description here

The partitions are called dev/sda dev/sda1 and dev/sda2

How can I solve this and mount the disk?

Z0OM
  • 1
  • 4
  • 24
  • 56
Stefan13131
  • 11
  • 1
  • disk.img is just a sample file created to demonstrate the method within the answer; you can run strings on /dev/sda directly to search for luks header on sda. or, if you have a HDD with 240GB free space, use ddrescue to pull the entire sda into one big disk.img file to play around with. – frostschutz May 22 '23 at 17:20
  • Thank you. I now created a disk.img of the whole drive. I ran the following command: stdbuf -oL strings -n 64 -t d sda.img | grep '"keyslots":' However, I do get nothing returned – Stefan13131 May 23 '23 at 13:16
  • Then it's either gone, or not in the LUKS 2 format. The offsets you posted above don't make sense either. – frostschutz May 23 '23 at 17:21

0 Answers0