Pulling data off encrypted OS drive

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
scopa
Level 1
Level 1
Posts: 33
Joined: Tue May 21, 2013 8:24 am

Pulling data off encrypted OS drive

Post by scopa »

I just replaced my hard drive. Original was disk encrypted with passphrase. When I attach the device (via external disk enclosure) it prompts my for password but does not accept it.

Asks "enter a passphrase to unlock the volume"

I enter the correct passphrase. Says unable to mount 256GB Encrypted "Operation was cancelled"

Error unlocking /dev/sdb5: Command-line `cryptsetup luksOpen "/dev/sdb5" "luks-06a97eb4-6a3b-491b-82fd-46db7206076f" ' exited with non-zero exit status 2: No key available with this passphrase.

There is another 512MB partition that opens with the drive which includes grub. Could this be the issue. Or could the issue be that the drive is now /sdb5?

I put the drive back in my laptop and it takes the passphrase and loads the OS.

Running Mint Sarah x64

Any ideas why it will not accept the passphrase when loaded via external usb disk enclosure?

Thanks,

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: Pulling data off encrypted OS drive

Post by WharfRat »

Try this

Code: Select all

sudo -i
/sbin/cryptsetup luksOpen /dev/sdb5 crypt
mount /dev/mapper/mint--vg-root /mnt
Now look in /mnt for your system folders.
ImageImage

Mute Ant
Level 14
Level 14
Posts: 5132
Joined: Tue Sep 03, 2013 7:45 pm
Location: Norfolk UK

Re: Pulling data off encrypted OS drive

Post by Mute Ant »

"Any ideas why it will not accept the passphrase" It's not getting the proper character sequence..."No key available with this passphrase" That is, the keyboard-console combination when you installed, and when you boot the drive, is not the same as when there's an OS running and you try to unlock it as an external device.

For example, during boot it's normal for a GB keyboard " press to appear as a US console @ on the screen. That gets corrected when the OS is loaded and the GB keyboard " is displayed as a ". So if my passphrase included a " keypress during normal boot I would have to use an @ keypress after the OS was loaded.

Practice typing the passphrase in a console where you can see the characters. Then, knowing the exact key sequence that assembles the correct passphrase on the screen, use WharfRat's unlocking procedure.
While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named "manual".

scopa
Level 1
Level 1
Posts: 33
Joined: Tue May 21, 2013 8:24 am

Re: Pulling data off encrypted OS drive

Post by scopa »

WhatRat - I did try this and it asks for passphrase - I enter and it brings my back to prompt - not sure if that means it accepted it or not.

But when I traverse /mnt files it is showing my my local system not the attached device on /sbd5

So I reattached the Hard drive via USB and see it listed under devices. Get a prompt to enter passphrase to unlock the device. I then tried:

# /sbin/cryptsetup luksOpen /dev/sdb5 crypt
Device /dev/sdb5 doesn't exist or access denied.

I looked at the device in gparted and it shows up as /dev/sdc5

# /sbin/cryptsetup luksOpen /dev/sdc5 crypt
Device crypt already exists.
----------------------------------------------------------------------------------------------

Mute Ant - I did try this - thanks for the tip I looked at GB Keyboard image online and tried to duplicate what my passphrase would be - but still not working.

I do have an @ symbol and tried shift and no shift on the "/' key to replicate.

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: Pulling data off encrypted OS drive

Post by WharfRat »

# /sbin/cryptsetup luksOpen /dev/sdc5 crypt
Device crypt already exists.
That means that the luks container was open. At this point the LVM has to be mounted.

Code: Select all

mount /dev/mapper/mint--vg-root /mnt
That should do it.

What you should do is reboot, connect the drive, close the dialog that opens asking for a password, run

Code: Select all

sudo blkid|grep LUKS 
and use whatever device it returned, be it sdb5 or sdc5 etc.
ImageImage

scopa
Level 1
Level 1
Posts: 33
Joined: Tue May 21, 2013 8:24 am

Re: Pulling data off encrypted OS drive

Post by scopa »

sorry for the late reply

I run the commands but always /mnt points to my local machine not the usb drive.

assume the system thinks /mint--vg-root is the local device to mount?

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: Pulling data off encrypted OS drive

Post by WharfRat »

I think you might be mistaken, at least I suspect that you are.

When you do an ls /mnt or view it with your file manager it is going to show an entire linux file structure and it is going to resemble doing an ls /
You're mounting the root file system of mint--vg-root that was opened with cryptsetup luksOpen /dev/sdc5 crypt

Change to ls /mnt/home and take a look in that folder.
ImageImage

scopa
Level 1
Level 1
Posts: 33
Joined: Tue May 21, 2013 8:24 am

Re: Pulling data off encrypted OS drive

Post by scopa »

I wish I was incorrect on this

But here is what I did

$ sudo blkid | grep LUKS
/dev/sda5: UUID="6127d646-aabd-4736-8e95-46fd4823173e" TYPE="crypto_LUKS" PARTUUID="15cd1651-05"
/dev/sdb5: UUID="06a97eb4-6a3b-491b-82fd-46db7206076f" TYPE="crypto_LUKS" PARTUUID="2b5badfe-05"
$ sudo -i
~ # /sbin/cryptsetup luksOpen /dev/sdb5 crypt
Enter passphrase for /dev/sdb5:
~ # mount /dev/mapper/mint--vg-root /mnt


Opened File manager when to /mnt and it is mapped to local drive sda5 not sdb5

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: Pulling data off encrypted OS drive

Post by WharfRat »

OK, I didn't realize you were using another encrypted setup so that makes all the sense in the world now since mint's LVM root system is named mint--vg-root.

Try this again, use cryptsetup to open the LUKS container on /dev/sdb5 then past back

Code: Select all

sudo blkid|grep mapper
and

Code: Select all

ls -l /dev/mapper/
ImageImage

scopa
Level 1
Level 1
Posts: 33
Joined: Tue May 21, 2013 8:24 am

Re: Pulling data off encrypted OS drive

Post by scopa »

/dev/mapper/sda5_crypt: UUID="MYN01s-kIAL-01gJ-DQHO-UecD-I51g-i32XLl" TYPE="LVM2_member"
/dev/mapper/mint--vg-root: UUID="967e28a0-5af7-4564-a4e6-d6f9e9389d63" TYPE="ext4"
/dev/mapper/mint--vg-swap_1: UUID="c46bb09f-b84e-4b94-85b6-7a5a40ef2065" TYPE="swap"
/dev/mapper/crypt: UUID="57PfoQ-ElVn-6uJA-h3Ti-dQul-fRNj-z8ytQG" TYPE="LVM2_member"



total 0
crw------- 1 root root 10, 236 Jul 12 06:45 control
lrwxrwxrwx 1 root root 7 Jul 12 07:16 crypt -> ../dm-3
lrwxrwxrwx 1 root root 7 Jul 12 06:45 mint--vg-root -> ../dm-1
lrwxrwxrwx 1 root root 7 Jul 12 06:45 mint--vg-swap_1 -> ../dm-2
lrwxrwxrwx 1 root root 7 Jul 12 06:45 sda5_crypt -> ../dm-0

User avatar
WharfRat
Level 21
Level 21
Posts: 13898
Joined: Thu Apr 07, 2011 8:15 pm

Re: Pulling data off encrypted OS drive

Post by WharfRat »

Now I see what you're working with and you're right it's not working. It might be because it can't map the device.

I have an encrypted flash drive plugged in and the LUKS container opened. The running systen is NOT encrypted. This is my results with blkid

Code: Select all

[bill@rosa] ~ $ sudo blkid|grep mapper
/dev/mapper/crypt: UUID="dfeDZ4-p3YA-kHok-hZPh-3quH-RqW6-taDYlq" TYPE="LVM2_member" 
/dev/mapper/vg-root: LABEL="root" UUID="95616f48-f592-404f-9ca7-00170b0ec423" TYPE="ext4" 
/dev/mapper/vg-swap_1: UUID="c0f84d1e-213e-4c36-b691-b39d93d7e767" TYPE="swap" 
[bill@rosa] ~ $ 
I'm thinking that the lvm logical volumes cannot be renamed so what I would suggest is to boot the live media and try the procedure in that environment.
ImageImage

Satori
Level 1
Level 1
Posts: 22
Joined: Wed Jul 06, 2016 5:19 am

Re: Pulling data off encrypted OS drive

Post by Satori »

I am having the exact same issue. I have a secondary hard drive and for some reason when I reinstalled Linux Mint it got encrypted and I can't decrypt it.

I am willing to pay for a solution or use a professional service to help me out with this.

Thanks.

Mute Ant
Level 14
Level 14
Posts: 5132
Joined: Tue Sep 03, 2013 7:45 pm
Location: Norfolk UK

Re: Pulling data off encrypted OS drive

Post by Mute Ant »

The drive will wear out long before someone can reverse-engineer an encrypted container, if it really is encrypted, not just a bit confused. Who says it's encrypted?

A few bytes from an encrypted file system...
1e848000:b2e6 1ebf 41ed fa6a b888 4d53 749d 5ba2
1e848010:2028 2a4e 1c2d 7009 97de 8ccc 4c3b eb83
1e848020:da44 0df3 c414 2e89 b12c fac4 e657 aa16
1e848030:2545 af88 3038 e4d5 d669 b9a6 3179 39e3
1e848040:3c29 530c 5c47 9d59 2c92 f661 a3ad 6752

A few bytes from a JPG photograph...
01b7740: e057 51a4 d108 d620 f3c3 c723 4aea 7873
01b7750: 62f7 8b50 7656 3c5c b1bb 0156 31eb f986
01b7760: 8026 c667 ae33 9a6e 7823 6501 58af 1c0e
01b7770: 4ec9 c3d8 506e 99f0 9e87 5b14 7084 da1c
01b7780: f24c b447 92a4 a1dd 466a f457 5914 0871
While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named "manual".

Post Reply

Return to “Newbie Questions”