LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 11-03-2013, 06:46 AM   #31
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594

Quote:
Originally Posted by cyberpatrol View Post
Please! When do you stop spreading such a FUD?
If anything is unclear please ask the OP for diagnostic nfo. Else could you please proceed by posting just actual commands that will help the OP?
 
Old 11-03-2013, 07:34 AM   #32
cavig5
LQ Newbie
 
Registered: Nov 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rknichols View Post
There was massive corruption beginning at offset 0x10000, which is within the region for the key material for the first keyslot. The LUKS PHDR itself was, like your, undamaged. If you look at /dev/sdb2 beginning at offset 10000 you will see the ASCII text that gparted dumped there for reasons known only to its authors.
That's it. Here's a snip from a hex dump...

----------------------------
0000ffe0 92 b5 9b af c0 6d 1e 24 78 7b 01 fc e0 fa e4 da |.....m.$x{......|
0000fff0 3c 8b 51 9e ba ec 21 9d 4c 97 79 22 3b c0 ee 99 |<.Q...!.L.y";...|
00010000 30 30 30 30 30 30 30 00 65 78 74 65 6e 64 65 64 |0000000.extended|
00010010 00 6c 69 6e 75 78 2d 73 77 61 70 00 66 61 74 31 |.linux-swap.fat1|
00010020 36 00 66 61 74 33 32 00 68 66 73 00 68 66 73 2b |6.fat32.hfs.hfs+|
00010030 00 75 66 73 00 52 65 49 73 45 72 34 00 0a 2d 00 |.ufs.ReIsEr4..-.|
00010040 54 68 65 20 66 69 6c 65 73 79 73 74 65 6d 20 69 |The filesystem i|
00010050 73 20 64 61 6d 61 67 65 64 00 6d 73 64 6f 73 00 |s damaged.msdos.|
00010060 75 64 65 76 73 65 74 74 6c 65 00 75 64 65 76 73 |udevsettle.udevs|
-----------------------------

It's a bit ironic that gparted trashed my key with the text "The filesystem is damaged"....

Anyway, thanks loads and loads for the time you've put into helping me with this.
 
Old 11-03-2013, 07:51 AM   #33
cyberpatrol
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
If anything is unclear please ask the OP for diagnostic nfo. Else could you please proceed by posting just actual commands that will help the OP?
Theoretically I could, but actually I can't. See my first two posts in this thread. I probably could help him a bit better, probably even with actual commands, if there was a PM here. But I can't do it in the public, because I know what this knowledge is worth, and because naming a certain data recovery lab would most likely be seen as advertising even if I'm not related to this company.

I had the same or at least almost the same issue, too, before. I didn't find any help with this, not even here in this forum, and had to send the harddrive to a data recovery lab, that wasn't able to recover the data. Then I sent it to another data recovery lab. They found at least some hints, but nothing concrete. Then I had an idea, which was, btw., mentioned in this thread and did some searching, had another idea did some more searching. After a while I found the solution, which I tested successfully together with the engineer of this data recovery lab. Because they helped me and have been so kind, not to send me an invoice (because I've found the solution by myself and they got some additional knowledge), and because I don't want to keep them from their possible customers, who can afford their services, I guess you will understand, that I don't want to explain this solution publicly, even if I generally do like OpenSource and open knowledge.

Another problem is, that I don't know if the OP can afford such a data recovery lab or not.

If you don't mind, I will post the name of this data recovery lab of which I know that they know the solution. I don't know if they could or would refer to me, if it turns out that they are too expensive for the OP.

Last edited by cyberpatrol; 11-03-2013 at 08:04 AM.
 
Old 11-03-2013, 08:38 AM   #34
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,449

Rep: Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037
Quote:
Originally Posted by cavig5 View Post
That's it. Here's a snip from a hex dump...
Yes, that's exactly the text that I saw deposited in that location. Sorry that this couldn't work out better for you.

FWIW, I had 3 reasons for not recommending a hex editor for the search:
  1. I don't know of a hex editor that allows you to anchor the search to the start of a sector. False positives for a 4-byte string in the middle of a sector are a nuisance.
  2. For a search a lengthy as a 1-Terabyte drive, I want something that I can let run and look at the results later, not a tool that I have to babysit and restart after each match.
  3. With a hex editor, you can be just one accidental keystroke away from overwriting part of your data. Programs that open the device read-only don't have that problem.
 
Old 11-03-2013, 09:05 AM   #35
cyberpatrol
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by rknichols View Post
Yes, that's exactly the text that I saw deposited in that location. Sorry that this couldn't work out better for you.
His hexdump doesn't say anything relevant to his problem.

Quote:
Originally Posted by rknichols View Post
FWIW, I had 3 reasons for not recommending a hex editor for the search:
[*]I don't know of a hex editor that allows you to anchor the search to the start of a sector.
Totally unimportant and of no interest.

Quote:
Originally Posted by rknichols View Post
[*]For a search a lengthy as a 1-Terabyte drive, I want something that I can let run and look at the results later, not a tool that I have to babysit and restart after each match.
To find the real LUKS header you have to babysit the hex editor. Otherwise you won't be able to see the bytes after your search string. If you want to save time and money, make a daily backup. Btw., my hard drive had 3 TB, and you don't need to search the full hard drive, since the LUKS header is, as you already found out yourself, at the beginning of the partition resp. the LUKS container.

Quote:
Originally Posted by rknichols View Post
[*]With a hex editor, you can be just one accidental keystroke away from overwriting part of your data. Programs that open the device read-only don't have that problem.
That's totally not true, because at least with the hex editors I know you have to explicitly save the changes, before they are really written onto the disk, and you can explecitly discard your changes.

Btw., you usually shouldn't do any data recovery on the original hard drive. You generally should first make a bit by bit copy of your hard drive with e.g. dd.
 
Old 11-03-2013, 09:49 AM   #36
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,449

Rep: Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037Reputation: 2037
Quote:
Originally Posted by cyberpatrol View Post
at least with the hex editors I know you have to explicitly save the changes, before they are really written onto the disk, and you can explecitly discard your changes.
The most commonly available hex editor is hexedit, and for that one "Save changes and exit" is Ctrl-x and "Exit without saving" is Ctrl-c. Those keys are right next to each other.

Anyway, this thread has reached an unfortunate conclusion. You may continue your ranting here undisturbed.
 
Old 11-03-2013, 09:54 AM   #37
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Quote:
Originally Posted by cyberpatrol View Post
I had the same or at least almost the same issue, too, before. I didn't find any help with this, not even here in this forum
You simply never posted the nfo that was asked for. Anyway:

It was that companies decision to not send you an invoice.
That's commercial business and it's their right to do that.

It is your decision to withhold information and potentially force people to pay for the knowledge.
You're in your right to do that.

Other people who actually "do like OpenSource and open knowledge" and act that way may disagree with your practice.
And they too would be in their right to do that.


Quote:
Originally Posted by cyberpatrol View Post
If you don't mind, I will post the name of this data recovery lab of which I know that they know the solution.
If you left click cavig5s handle you'll see a drop down menu with "Send email to cavig5" on it.
That would be a better approach than posting the name of the recovery business.
 
Old 11-03-2013, 10:08 AM   #38
cyberpatrol
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
It was that companies decision to not send you an invoice.
That's commercial business and it's their right to do that.
I find, it was just kind. They could have send me a pretty high invoice, but they appreciated my work and their gain in knowledge.

Quote:
Originally Posted by unSpawn View Post
It is your decision to withhold information and potentially force people to pay for the knowledge.
You're in your right to do that.

Other people who actually "do like OpenSource and open knowledge" and act that way may disagree with your practice.
And they too would be in their right to do that.
I appreciate their help and that they saved me quite a lot of money. So I indeed feel a bit loyal. And I know now what this information is worth.

My concern is that there are also bigger companies which can easily afford a service of such a data recovery lab. So I would keep this data recovery lab from those customers if I would explain it publicly. And in my opinion this goes beyond helping with installing Linux or whatever belongs into the OpenSource community. I wouldn't mind giving this information to people who need to recover their private hard drive and who obviously can't afford a professional data recovery lab.

Quote:
Originally Posted by unSpawn View Post
If you left click cavig5s handle you'll see a drop down menu with "Send email to cavig5" on it.
That would be a better approach than posting the name of the recovery business.
Unfortunately I don't see it. Otherwise I would have done it already.
 
Old 11-03-2013, 10:11 AM   #39
cyberpatrol
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
If you left click cavig5s handle you'll see a drop down menu with "Send email to cavig5" on it.
That would be a better approach than posting the name of the recovery business.
Ok, after activating this Google tracking crap for LQ I saw this drop down menu, but there's still no "Send email to cavig5" on it.
 
Old 11-03-2013, 10:14 AM   #40
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
https://www.linuxquestions.org/quest...ember&u=551663
 
Old 11-03-2013, 10:51 AM   #41
cyberpatrol
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
I just get this:

"LinuxQuestions.org Message

cyberpatrol, you do not have permission to access this page. This could be due to one of several reasons:

1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation."
 
Old 11-03-2013, 11:03 AM   #42
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
I don't know but I'll find out. BRB.
 
Old 11-04-2013, 01:15 AM   #43
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Apparently even Jeremy doesn't see any reason you should be getting that error message and he's not able to reproduce it himself. You could report it as a bug if you wish to help troubleshooting this: https://www.linuxquestions.org/questions/project.php. Else let's ask cavig5 to contact you, see if that works.
 
Old 11-04-2013, 06:22 PM   #44
cavig5
LQ Newbie
 
Registered: Nov 2010
Posts: 6

Original Poster
Rep: Reputation: 0
I get no option to send an email in the drop down and I also get the same error message if I follow the link.

That said, I'm not at all interested in a commercial solution but thanks for the offer.
 
Old 11-04-2013, 06:37 PM   #45
cyberpatrol
Member
 
Registered: Dec 2012
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by cavig5 View Post
That said, I'm not at all interested in a commercial solution but thanks for the offer.
Doesn't necessarily need to be. I just said, that I won't give this information publicly. So we'll see. If there was a PM or an e-mail function here, I already would have contacted you in this way.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
create a partiton-table with Gparted - HowTo sayhello_to_the_world Linux - Newbie 3 05-23-2013 04:24 PM
How To Recover Files Form JFS Partiton dofod Linux - Hardware 5 01-18-2011 10:21 AM
Deleting Partion with Gparted Help hotborad Linux - Hardware 3 08-05-2010 10:05 AM
Recover encrypted LUKS partition itinlopez Linux - General 3 11-30-2008 02:20 AM
injury to partiton table??how to recover farhan Linux - General 4 10-05-2003 08:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration