LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-19-2016, 10:47 PM   #16
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled

Quote:
For starters, putting the key file inside the encrypted container is madness since it cannot be accessed until after the container is unlocked.
I am doing this for learning purposes only on a virtual machine.


Quote:
Please show the exact sequence of commands you used to set up that LUKS container, open it, make the filesystem, and mount it. I have a feeling you are not using encryption at all.
I posted it here:

http://www.linuxquestions.org/questi...em-4175577790/
 
Old 04-19-2016, 10:56 PM   #17
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
I thought I responded with this earlier.... here it is again....

Quote:
For starters, putting the key file inside the encrypted container is madness since it cannot be accessed until after the container is unlocked
I am just trying this out on a virtual machine using CentOS7, for learning purposes only.

Quote:
Please show the exact sequence of commands you used to set up that LUKS container, open it, make the filesystem, and mount it. I have a feeling you are not using encryption at all.
I posted the steps here:

http://www.linuxquestions.org/questi...em-4175577790/
 
Old 04-19-2016, 11:45 PM   #18
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
suicidaleggroll:

I download and unzipped it.
Then ran it like so:

Quote:
user1@localhost ~/testdisk-7.1-WIP $ ls
Android.mk COPYING fidentify_static jni photorec.8 README.md testdisk_static
AUTHORS documentation.html icons l photorec_static readme.txt THANKS
ChangeLog fidentify.8 INFO NEWS README_dev_photorec.txt testdisk.8 VERSION

user1@localhost ~/testdisk-7.1-WIP $ file photorec_static
photorec_static: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.18, BuildID[sha1]=c7cc9d5427518c4195c788270dda1c417acff157, not stripped

user1@localhost ~/testdisk-7.1-WIP $ file testdisk_static
testdisk_static: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.18, BuildID[sha1]=25d4895de989106b88d9b1480148c0d3d97780a2, not stripped

user1@localhost ~/testdisk-7.1-WIP $ sudo photorec_static
sudo: photorec_static: command not found

user1@localhost ~/testdisk-7.1-WIP $ sudo testdisk_static
sudo: testdisk_static: command not found

user1@localhost ~/testdisk-7.1-WIP $

It does not run at all...???
What did I missed?
Thank you.

Last edited by fanoflq; 04-19-2016 at 11:48 PM.
 
Old 04-20-2016, 07:44 AM   #19
frostschutz
Member
 
Registered: Apr 2004
Distribution: Gentoo
Posts: 95

Rep: Reputation: 28
Download? Unzip? Just install it via your distros package manager.

In your specific example the binary is not in your PATH so you have to provide the path, e.g. `sudo ./photorec_static`.

Quote:
$ ls -al mntsda6/
# Say I am looking for luks_file.
And assume first three items in above list are offsets.
ls gives file sizes, not offsets or physical locations, for those you need `filefrag` as stated earlier.

You have very advanced questions for someone who seems to be just starting out with Linux. Maybe you should take a step back and start with the basics first before delving into details such as inner workings of encryption and filesystems...?
 
1 members found this post helpful.
Old 04-20-2016, 07:46 AM   #20
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133Reputation: 2133
You can only get away with just typing the name of the program if it's located in one of the directories in your PATH environment variable. If it's not, you need to tell the shell where to find it (yes, even if it's in your current directory, for security purposes). If it's in your current directory you can use "./", meaning "it's right here".
Code:
./photorec_static
 
1 members found this post helpful.
Old 04-20-2016, 08:31 AM   #21
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,274

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
OK, so you also have a copy of luks_keyfile in your home directory. The copy in ~/mntsda6/luks_keyfile can never be used since you have to unlock the LUKS container and mount it in order to see that file.

Earlier, you wrote
Quote:
[user1@localhost ~]$ ls -al mntsda6/
total 21
drwxr-xr-x. 3 user1 root 1024 Apr 18 23:26 .
drwx------. 16 user1 user1 4096 Apr 19 04:29 ..
drwx------. 2 root root 12288 Apr 18 23:16 lost+found
-rw-rw-r--. 1 user1 user1 7 Apr 18 23:26 luks_keyfile
-rw-rw-r--. 1 user1 user1 23 Apr 18 23:25 testluks.txt

# Say I am looking for luks_file.
And assume first three items in above list are offsets.
Those are not offsets. They are file sizes, and I can guarantee that those three items are not stored back-to-back in the filesystem.

BTW, please don't use [QUOTE] ... [/QUOTE] tags except to quote content from other messages. It makes it hard to quote your content in a reply. Use [CODE] ... [/CODE] tags instead.

To see which sectors in a device hold the data for a particular file use "hdparm --fibmap":
Code:
# hdparm --fibmap /mnt/tmp/testluks.txt

/mnt/tmp/testluks.txt:
 filesystem blocksize 1024, begins at LBA 0; assuming 512 byte sectors.
 byte_offset  begin_LBA    end_LBA    sectors
           0      16902      16903          2
Now you can see the content of that file on the device:
Code:
# hexdump -C -s $((16902*512)) -n 512 /dev/mapper/sda6_mapper 
00840c00  54 68 69 73 20 69 73 20  61 20 74 65 73 74 20 66  |This is a test f|
00840c10  69 6c 65 2e 20 49 74 20  63 6f 6e 74 61 69 6e 73  |ile. It contains|
00840c20  20 73 6f 6d 65 20 74 65  78 74 2e 0a 00 00 00 00  | some text......|
00840c30  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00840e00
To look at the encrypted data, you first need to see the offset where where the filesystem begins in the encrypted device:
Code:
# cryptsetup luksDump /dev/sda6
LUKS header information for /dev/sda6

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-essiv:sha256
Hash spec:     	sha1
Payload offset:	4096
MK bits:       	256
MK digest:     	b9 25 1f 8c f7 53 d6 19 f6 2a 96 2c ec c7 d5 d9 07 96 61 21 
MK salt:       	73 14 3c 72 56 db d0 12 5f 66 53 0d 2a a6 03 cd 
               	87 d2 96 48 d3 00 e3 83 fd d7 36 81 05 d3 34 15 
MK iterations: 	33375
UUID:          	a63236d5-1173-48dd-92a7-8527407d9843

Key Slot 0: ENABLED
	Iterations:         	133663
	Salt:               	07 4a b0 74 b1 6d cd fe e1 02 44 67 2d 46 93 30 
	                      	75 f6 f4 65 ee c3 69 36 ec f2 9d 0b 55 e5 24 d7 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
Now you can look at the encrypted data:
Code:
# hexdump -C -s $(((16902+4096)*512)) -n 128 /dev/sda6
00a40c00  f9 b3 bc 0a e2 11 a7 e4  10 8a 2a 3d 56 71 03 14  |..........*=Vq..|
00a40c10  9a a1 2f c0 5b 67 8c d5  21 97 41 63 40 ec 05 86  |../.[g..!.Ac@...|
00a40c20  95 1c 75 ca 55 20 a3 92  81 fa ce 91 94 44 58 7a  |..u.U .......DXz|
00a40c30  6c 2d cd a2 07 57 ab 47  36 b6 ff 45 66 dc a3 4a  |l-...W.G6..Ef..J|
00a40c40  18 23 b5 b0 51 fd b6 e3  e6 eb 8b 30 4f 6b 8e 70  |.#..Q......0Ok.p|
00a40c50  d9 b8 22 af 58 5e f6 e8  30 a6 e8 d4 f2 a8 b7 38  |..".X^..0......8|
00a40c60  83 02 20 3e fd 12 9f d7  ef 98 8f 3f ae e6 f5 92  |.. >.......?....|
00a40c70  e7 a9 a1 24 65 20 96 3d  54 c6 6d 4f 23 51 e7 a6  |...$e .=T.mO#Q..|
00a40c80
Your data will of course be completely different (different master key). To confirm that this is indeed your file, unmount the filesystem and open the encrypted device with hexedit. (Note, 16902+4096 = 20998.)
Code:
umount /dev/mapper/sda6_mapper
hexedit -s /dev/sda6
### Note: press <Enter> and then enter the sector number.
00A40C00   F9 B3 BC 0A E2 11 A7 E4  10 8A 2A 3D 56 71 03 14  ..........*=Vq..
00A40C10   9A A1 2F C0 5B 67 8C D5  21 97 41 63 40 EC 05 86  ../.[g..!.Ac@...
00A40C20   95 1C 75 CA 55 20 A3 92  81 FA CE 91 94 44 58 7A  ..u.U .......DXz
00A40C30   6C 2D CD A2 07 57 AB 47  36 B6 FF 45 66 DC A3 4A  l-...W.G6..Ef..J
00A40C40   18 23 B5 B0 51 FD B6 E3  E6 EB 8B 30 4F 6B 8E 70  .#..Q......0Ok.p
00A40C50   D9 B8 22 AF 58 5E F6 E8  30 A6 E8 D4 F2 A8 B7 38  ..".X^..0......8
00A40C60   83 02 20 3E FD 12 9F D7  EF 98 8F 3F AE E6 F5 92  .. >.......?....
00A40C70   E7 A9 A1 24 65 20 96 3D  54 C6 6D 4F 23 51 E7 A6  ...$e .=T.mO#Q..
00A40C80   63 C2 38 FD DE B1 6B F7  13 FA 34 BF D8 BA D3 01  c.8...k...4.....
[SNIP]

---  sda6	 --0xA40C00/0xC800000--sector 20998--------------------------
Try changing just one bit of that data.
Code:
00A40C00   F9 B2 BC 0A E2 11 A7 E4  10 8A 2A 3D 56 71 03 14  ..........*=Vq..
00A40C10   9A A1 2F C0 5B 67 8C D5  21 97 41 63 40 EC 05 86  ../.[g..!.Ac@...
00A40C20   95 1C 75 CA 55 20 A3 92  81 FA CE 91 94 44 58 7A  ..u.U .......DXz
00A40C30   6C 2D CD A2 07 57 AB 47  36 B6 FF 45 66 DC A3 4A  l-...W.G6..Ef..J
00A40C40   18 23 B5 B0 51 FD B6 E3  E6 EB 8B 30 4F 6B 8E 70  .#..Q......0Ok.p
00A40C50   D9 B8 22 AF 58 5E F6 E8  30 A6 E8 D4 F2 A8 B7 38  ..".X^..0......8
00A40C60   83 02 20 3E FD 12 9F D7  EF 98 8F 3F AE E6 F5 92  .. >.......?....
00A40C70   E7 A9 A1 24 65 20 96 3D  54 C6 6D 4F 23 51 E7 A6  ...$e .=T.mO#Q..
00A40C80   63 C2 38 FD DE B1 6B F7  13 FA 34 BF D8 BA D3 01  c.8...k...4.....
[SNIP]

-**  sda6	 --0xA40C02/0xC800000--sector 20998--------------------------
Write that out (ctrl-x, then "y"). Remount the filesystem, and see what happened to your file.
 
1 members found this post helpful.
Old 04-20-2016, 02:06 PM   #22
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Good Afternoon Everybody:

Thank you for your generous and patient advice.

rknichols :
Your posting will be ginormously helpful. I will try it out soon.

Quote:
You have very advanced questions for someone who seems to be just starting out with Linux. Maybe you should take a step back and start with the basics first before delving into details such as inner workings of encryption and filesystems...?
When I was reading on encryption, one thought leads to another,
When I asked "Why, When, What, where, how .... " to verify and understand.

In addition,learning this way makes learning Linux a contact sport, and less boring! Once can go to sleep in an instant just reading man pages....

I also cannot just trust what a series of Linux commands do, especially encryption, which leads to this original post.

And in asking these questions on cryptsetup-LUKS, I have learned a whole lot, plus and then some. Again, thank you Master Foo (meaning ALL of you folks! ).

Kindest Regards:

Last edited by fanoflq; 04-20-2016 at 02:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] 14.1: Problems with luks encrypted / partition l0rddarkf0rce Slackware 4 11-17-2013 04:15 AM
changing a LUKS encrypted partition's key Cultist Slackware 1 03-20-2012 12:13 PM
Problem with Encrypted Partition using LUKS on Debian michalng Debian 1 03-18-2011 03:04 PM
[Slackware 13.0]Cryptsetup problem with encrypted home partition dlinux Slackware 3 08-29-2009 12:18 PM
Recover encrypted LUKS partition itinlopez Linux - General 3 11-30-2008 02:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration