Trying to recover encrypted home folder

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

Trying to recover encrypted home folder

Postby katrina on Fri Jan 10, 2014 2:51 am

Hi, everyone.

I revived an old netbook with Linux Mint 15 (Olivia) sometime last year and encrypted the disk. I can remember the passphrase for the disk but have forgotten my admin password, so while I can start Mint, I can't get past the login screen.

I tried booting from a live USB stick and changing the password from there, but so far, it isn't working. So, I tried another route, this other tutorial on recovering an encrypted home folder while using a live USB/CD.

I get as far as "sudo nemo", and I manage to find my old home folder with this file, "Access-your-private-data.desktop", inside it. Unfortunately, double-clicking it doesn't do anything. Is there something I'm missing?
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Linux Mint is funded by ads and donations.
 

Re: Trying to recover encrypted home folder

Postby xenopeek on Fri Jan 10, 2014 3:47 am

First, if you change the password for your encrypted account without being logged in with that account--you won't be able to recover the encrypted files. Else encryption would be a bit useless, as root could just change your password and access your files (so no, root can't).

You could try these steps from a LiveCD session: http://bodhizazen.net/Tutorials/Ecryptfs/#Live. I'm not sure as to whether you need to know your password for that or not.
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Wed Jan 15, 2014 8:18 am

After following this tutorial, I'm able to open a /tmp/ecryptfs.<gibberish> folder. Unfortunately, the folders and files inside are still in gibberish.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby katrina on Wed Jan 15, 2014 8:41 am

I haven't been able to change my password. To be honest, as a newbie, I'm pretty confused by "login passphrase" and "mount passphrase". In the simplest terms, when I turn on my netbook, I see a black screen with a lock icon and an input box, and I know the password for that. Then it starts Mint and gets to the login screen — that's the password I've forgotten.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby xenopeek on Wed Jan 15, 2014 8:44 am

Below are my notes about how to recover an encrypted home folder, which I've used successfully in the past. Replace /dev/sda1 with the partition id of your home (or root if not separate) partition, and replace username with your username. If the "su - username" command asks for your password, first become root with "sudo -i" (to become root) and then try again. I can't recall if it asks for your password or not, so :wink:
Code: Select all
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   RECOVERY OF AN ENCRYPTED HOME DIRECTORY WITH A LIVECD
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# Mount the disk partition containing the Encrypted Home Directory
sudo mount /dev/sda1 /mnt

# Establish a proper chroot environment
sudo mount -o bind /dev /mnt/dev
sudo mount -o bind /dev/shm /mnt/dev/shm
sudo mount -o bind /proc /mnt/proc
sudo mount -o bind /sys /mnt/sys
sudo chroot /mnt

# Become the user whose data needs recovery and manually add the necessary mount
# passphrase to the kernel session keyring
su - username
ecryptfs-add-passphrase --fnek

# Mount the encrypted directory and then access the data
ecryptfs-mount-private
cd $HOME
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Wed Jan 15, 2014 8:48 am

Thanks! I'll try this when I get home and report back.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby xenopeek on Wed Jan 15, 2014 9:52 am

To set expectations right, the "ecryptfs-add-passphrase --fnek" command will ask for you to provide your mount passphrase. After the final command you can run the following command to list the files in your home directory:
Code: Select all
ls

If they aren't gibberish now, you can probably open your file manager here. For Cinnamon you'd run:
Code: Select all
nemo .

For MATE, replace nemo with caja. For KDE with dolphin. For Xfce with thunar. The dot in the command is to indicate the file manager should open on your current directory.
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Thu Jan 16, 2014 2:12 am

Sorry, I got stuck at "Establish a chroot environment"; the terminal said that mount point /mnt/dev does not exist.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby xenopeek on Thu Jan 16, 2014 3:32 am

Hm. Are you sure the command before it was correct?
Code: Select all
sudo mount /dev/sda1 /mnt

In fact /dev/sda1 should be of your root partition. Do you have a separate /home partition? If you didn't do a manual partitioning during installation, the answer is no.

If you're not sure which /dev/sd?? you should use, boot from the Linux Mint DVD and run this command (that's the letter l at the end, not number 1):
Code: Select all
sudo parted -l

That will show all your partitions in detail. The ones from the Linux Mint DVD will also be there. Probably you can spot your hard disk's root partition based on its size, else share here for help (see terminal's Edit menu for copying text).
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Fri Jan 17, 2014 2:31 am

Here are the results of parted -l:

Code: Select all
Model: ATA WDC WD1600BEVT-2 (scsi)
Disk /dev/sda: 160GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start   End    Size   Type      File system  Flags
 1      1049kB  256MB  255MB  primary   ext2         boot
 2      257MB   160GB  160GB  extended
 5      257MB   160GB  160GB  logical


Thanks for taking the time to help me, by the way.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby xenopeek on Fri Jan 17, 2014 5:50 am

Looks like you have a separate boot partition. I think you should mount /dev/sda5. So follow my guide again but replace the first command with:
Code: Select all
sudo mount /dev/sda5 /mnt
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Mon Jan 20, 2014 8:24 am

This time, I got "unknown filesystem crypto_LUKS". I feel so close yet so far.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby xenopeek on Mon Jan 20, 2014 9:50 am

Oh... Then you don't have an encrypted home folder, but you have full disk encryption. I haven't tried this put pulled hints from http://blog.miketoscano.com/?p=72 and it may work.

Again, boot from the Linux Mint installation DVD. Open a terminal and become root with this command:
Code: Select all
sudo -i

Next, run this command to unlock your partition--it should prompt for your passphrase:
Code: Select all
cryptsetup luksOpen /dev/sda5 sda5_crypt

Next, see which volumes are available inside the encrypted partition:
Code: Select all
lvdisplay

Enable the logical volume for your root partition, replace "volumename" with the name of the correct volume:
Code: Select all
vgchange -a y volumename

Now you should be able to mount it. Again, replace "volumename":
Code: Select all
mount -t ext4 /dev/volumename/home /mnt

Your home folders from the encrypted partition should now have been mounted to /mnt and you should be able to copy files from there.
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Wed Jan 22, 2014 1:40 am

There wasn't a /dev/volumename/home, only a /dev/volumename/root. So, I mounted that at /mnt and then opened /mnt in nemo, but I then ran into the same problem; there's an access-your-private-data.desktop file inside that does nothing.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Re: Trying to recover encrypted home folder

Postby xenopeek on Wed Jan 22, 2014 2:28 am

Ouch... Then I've run out of ideas on how to get you your files back :(
Forum Rules | IRC Channel Rules
Image
Arch Linux / 64-bit / Gnome Shell
User avatar
xenopeek
Level 21
Level 21
 
Posts: 13692
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Trying to recover encrypted home folder

Postby katrina on Wed Jan 22, 2014 10:59 am

Well, thanks for all your time and help, xenopeek. I really do appreciate it. :) I'll just post again here if I ever find anything.
katrina
Level 1
Level 1
 
Posts: 12
Joined: Fri Jan 03, 2014 5:59 am

Linux Mint is funded by ads and donations.
 

Return to Other topics

Who is online

Users browsing this forum: No registered users and 3 guests