PDA

View Full Version : Getting data off an encrypted hard drive



dragonbite
15th September 2008, 03:09 PM
Help!
I have installed Fedora 9 with whole disk encryption. It worked for a while before dying on me and I cannot boot for whatever reason. :eek:

I want to pull my files off the hard drive but with the disk encrypted I am not sure I'll be able to!

How can I get my files off of an encrypted hard drive? Would the Fedora 9 Live CD work? What do I need to access the encrypted hard drive?

jtang613
15th September 2008, 05:36 PM
The whole point of disk encryption is to prevent someone without the proper key from accessing the filesystem.

You will need to mount the encrypted partition and enter the key (or passphrase) to access the files. Use the LUKS tools on the rescue CD or LiveCD.

Try something like:

cryptsetup luksOpen /dev/hdaX crypt_hdaX
mount /dev/mapper/crypt_hdaX /mnt/crypt
ls -l /mnt/crypt
cryptsetup luksClose crypt_hdaX
where hdaX is the partition of interest.

-J

dragonbite
15th September 2008, 05:46 PM
Great! I'll have to give it a try tonight.

dragonbite
16th September 2008, 05:29 PM
You will need to mount the encrypted partition and enter the key (or passphrase) to access the files. Use the LUKS tools on the rescue CD or LiveCD.

Which / what rescue CD or LiveCD?

I just tried the Fedora 9 LiveCD and I'm getting

bash: cryptsetup: command not found

I may be able to use an Ubuntu Live CD and install "cryptsetup" but I'm not sure if there is somewhere that is easier/ pre-installed?

jtang613
16th September 2008, 05:36 PM
Try searching the CD for it. If it's not included, then 'yum install' it.

dragonbite
16th September 2008, 06:24 PM
Try searching the CD for it. If it's not included, then 'yum install' it.
Do I need to any special repositories or should it be in the default ones?

That's the only reason I mentioned Ubuntu, I checked online and see it is in there but I would prefer to use Fedora LiveCD instead.

A.Serbinski
16th September 2008, 06:35 PM
cryptsetup IS on the livecd. I checked the 32bit F9, but it should also be on other architectures and older versions.

On the livecd, just as with a regular install, cryptsetup is located in /sbin, therefore unless you are logged in as root or "su -", then you'll need to specify the path.

dragonbite
16th September 2008, 06:42 PM
cryptsetup IS on the livecd. I checked the 32bit F9, but it should also be on other architectures and older versions.

On the livecd, just as with a regular install, cryptsetup is located in /sbin, therefore unless you are logged in as root or "su -", then you'll need to specify the path.

Thank you. I see it listed there and will try it in a little while (brought my laptop with me to work and tried it out originally during lunch).

I was looking for /sbin to be under /bin .. that's the problem with trying different distros, you forget which one puts what where! :cool:

dragonbite
17th September 2008, 02:39 AM
Ok, one step forward, two steps back.

Using what has been mentioned (/sbin/cryptsetup, the "luksOpen" command, etc.) worked! After a couple tries and realizing the file is /dev/sdb2 I received the prompt for the pass phrase and it accepted it! Great!

BUT

it doesn't want to mount the partition and gives the error
mount: unknown filesystem type 'lvm2pv'

I know this is past the scope of accessing an encrypted drive but does anybody know how to get past this?

A.Serbinski
17th September 2008, 04:13 AM
Here you go: http://linux4xceptn.wordpress.com/2008/09/15/how-to-mount-volumes-from-a-rescued-lvm-disk/

Basically, you activate the volume group, which will create yet an other level of mapping. This level will give you access to device files (probably along the lines of /dev/VolGroup00/LogVol00 and /dev/VolGroup00/LogVol01), one will be swap, the other will be ext3. You can mount the ext3 device file directly, however, there is presumably something wrong with the filesystem, so most likely, you'll need to fsck the ext3 file. If you are able to repair it, then first unmap the lvm junk, then "cryptSetup luksClose name", reboot, and your system may come back to life (presuming that the problem was a corrupt ext3 filesystem and that you were able to repair it).

A.Serbinski
17th September 2008, 04:15 AM
** its important to note that encryption does somewhat reduce the reliability of a filesystem. The greater the complexity of a system, the more things can go wrong. Of course, its a tradeoff. You choose encryption if you need to protect your data from thieves.

dragonbite
17th September 2008, 02:33 PM
I would like to announce that last night I was successful. In case anybody comes along with a similar issue I will put down what I did do right here.

The Issues are

Encrypted Partition
LVM Filesystem


So, Part I is to access the encrypted partition. Once this is done then you have access to the unmounted partition just like you would if it wasn't partition and can mount it like ususal. Note in the code below that instead of accessing the drive as /dev/sda2, it now becomes /dev/mapper/[you named it].


su
(into root)

/sbin/cryptsetup luksOpen /dev/sda2 crypt_sda2
(crypt_sda2 = whatever you want to name it)

enter the passphrase.
(It returns "Command successful" if it runs correctly. )

mount /dev/mapper/crypt_sda2 /mnt/crypt
(instead of using the physical volume such as /dev/sda2 like normal,
you use /dev/mapper/[whatever name you gave it] to access it.)
If you formatted the drive as ext2, ext3 or vfat you probably won't have any problem with the mount command above (providing /mnt/crypt directory exists). Unfortunately I forgot that I set up the partition as an LVM, which introduced another layer of complexity.

My Part II had to occur after I gained access to the encrypted drive using the commands above (except the mount command) so I could enable the LVM and then mount it. Assume I've already made the directory /mnt/crypt

su
(into root)

/sbin/vgchange -ya y
(this activates the Logical Volumes)

/sbin/lvscan
(from here you can get the Volume Group name and the Logical Group name
the output will include lines of
/dev/[Volume Group Name]/[Logical Group Name]
in my case the volume I wanted to mount and get access to is
/dev/VolGroup00/LogVol00
so I jotted this down)

mount /dev/VolGroup00/Logvol00 /mnt/crypt
(into root)


And that was it! Easy, huh?! (that is if you don't take into factor the amount of effort it was to not make the laptop become a frisbee :eek: )

I want to thank everybody here who helped start me down my path. jtang613, that code you provided was invaluable and essential so Thank You so much for it.