[SOLVED] Mounting LUKS with the help of a cloned drive?

kaulalla · 01-11-2010, 08:28 AM

I have cloned my LUKS-encrypted system drive to a bigger one, using dd. The big drive was working fine, until a possible power-failure caused it not to be mountable anymore:

Code:

root@xxx:/home/xxx# cryptsetup luksOpen /dev/sdc1 cheer
Enter LUKS passphrase:
Enter LUKS passphrase:
Enter LUKS passphrase:
Command failed: No key available with this passphrase.

No matter what i do, always results in the same "No key..." output. (Followed a few tutorials already, loaded modules, etc etc).

The original disk (which I'm still using, and this was the source of cloning):

Code:

Disk /dev/sda: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0001b495

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1       38882   312319633+  83  Linux
/dev/sda2           38883       38913      249007+   5  Extended
/dev/sda5           38883       38913      248976   83  Linux

The new (bigger drive):

Code:

Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0001b495

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1   *           1       38882   312319633+  83  Linux
/dev/sdc2           38883       38913      249007+   5  Extended
/dev/sdc3           38914      121601   664191360   83  Linux
/dev/sdc5           38883       38913      248976   83  Linux

Now here is what luksdump says about them:

Code:

LUKS header information for /dev/sda1

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      21 a1 d6 b1 71 a1 99 90 1e 01 74 cd 25 84 16 c6 72 88 bb a7
MK salt:        ed f5 a0 8a 94 33 8d 77 65 28 14 5b da 21 4d 00
                f5 53 4c bf 19 5d 1a d5 21 6e b6 06 48 a6 e1 16
MK iterations:  10
UUID:           1b8386bd-a97e-45a3-9a68-d97969adc6c2

Key Slot 0: ENABLED
        Iterations:             252023
        Salt:                   e6 ab 6a f1 d2 6f 70 b5 96 5b 7d 71 3c 01 d4 de
                                cf 90 af ff 6b d7 4c 1d fa 34 7b 1e 7a 77 e3 42
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

The other drive:

Code:

LUKS header information for /dev/sdc1

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      21 a1 d6 b1 71 a1 99 90 1e 01 74 cd 25 84 16 c6 72 88 bb a7
MK salt:        ed f5 a0 8a 94 33 8d 77 65 28 14 5b da 21 4d 00
                f5 53 4c bf 19 5d 1a d5 21 6e b6 06 48 a6 e1 16
MK iterations:  10
UUID:           1b8386bd-a97e-45a3-9a68-d97969adc6c2

Key Slot 0: ENABLED
        Iterations:             252023
        Salt:                   e6 ab 6a f1 d2 6f 70 b5 96 5b 7d 71 3c 01 d4 de
                                cf 90 af ff 6b d7 4c 1d fa 34 7b 1e 7a 77 e3 42
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Question: Is there any possible way of mounting sdc1 with the help of sda1? At the moment sdc1 is sitting in an external case and the rest of the disk (truecrypt volume) working just fine. I just need the bugger be mounted for half an hour to backup my stuff from it.

Elemecca · 01-11-2010, 10:30 PM

As far as I can tell the LUKS tools don't directly support it. However, it is possible to manually clone the header from the old volume to the new one. Assuming the problem is header corruption (that's what it sounds like), that should fix it.

A LUKS volume starts with a 592-byte volume header, then an arbitrary-sized key material section, then the bulk data section (payload volume). The payload offset field of the volume header tells us what sector the bulk data section starts at. According to the luksDump output in your post, the payload offset is 2056 sectors. Thus, we need to clone the first 2056 sectors (the offset is zero-based so sector 2056 is the 2057th sector).

The first dd command below will back up the new volume's header to '/root/luks-backup.bin', just in case. The second will clone the header from the old volume to the new. These need to be run as root, of course.

Code:

dd if=/dev/sdc1 of=/root/luks-backup.bin bs=512 count=2056
dd if=/dev/sda1 of=/dev/sdc1 bs=512 count=2056

Once you've cloned the header you should be able to mount the new volume as normal.