I was attempting to re-install Windows on a spare SSD to troubleshoot a program not working in wine-staging. Windows defaulted to the spinning drive rather than the SSD. The 3 other gnu-linux distros I tried to install (ubunutu, fedora and manjaro) had all defaulted to the SSD first, and I just got too “clicky” I guess and accidentally deleted the LUKS partition that has all my files and backups on it.
I found a nov '20 forum post that said someone was able to recover their partition with testdisk, but they didn’t detail exactly how they did that. Is anyone able to help hold my hand through recovering a LUKS parition?
The drive is a separate drive on it’s own. It’s not being used to boot. It’s a 10Tb drive that was only setup to use 6Tb and it was about 85-90% full. There were no other partitions on the drive.
I’d super appreciate help recovering this. I will be missing so many family and passed on pet photos and important documents
sudo lsblk ✔
[sudo] password for karen:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 9.1T 0 disk
nvme0n1 259:0 0 465.8G 0 disk
├─nvme0n1p1 259:1 0 300M 0 part /boot/efi
└─nvme0n1p2 259:2 0 465.5G 0 part /
~ sudo hexdump -C /dev/sda | grep LUKS ✔
[sudo] password for karen:
00100000 4c 55 4b 53 ba be 00 02 00 00 00 00 00 00 40 00 |LUKS..........@.|
^C
The reason you encrypt the device is to keep data out of reach for prying eyes. So in the event of theft the data is inaccessible.
When you have installed Windows onto the device everything is completely rewritten and as a Windows installation is around 16-20G plus the service and recovery partition(s) you are looking at some seriously dead data.
If you have a backup of the luks headers you may be able to decrypt the device - even if you can do so - the damage to the luks container may be irreparable.
Just to clear something up, I did not do anything other than remove the partition. Windows did not install.
I’m aware of the threat model I was attempting to prepare myself for, which was not for me to royally screw up a partition by deleting it… haha
The hex dump seems to suggest the LUKS information is there. The backups on that disk were JUST dumped from my SSDs for me to play with installing various OSs to see if I could get a program working. I do regularly backup my data to that disk… the problem is that I accidentally wiped my backup while attempting to see if windows would work on my hardware for the application that was not working in linux.
luckily (i think), it’ve only deleted the partition and it’s maybe recoverable. I’m not opposed to paying for that service either. Just thought I’d try here first.
So testdisk finally completed and it sees the LUKS data. Based on my hexdump it also appears the LUKS headers are intact.
TestDisk 7.1, Data Recovery Utility, July 2019
Christophe GRENIER <grenier@cgsecurity.org>
https://www.cgsecurity.org
Disk /dev/sda - 10000 GB / 9314 GiB - CHS 1215865 255 63
Partition Start End Size in sectors
>* Linux 0 32 33 15066 217 63 242046976
P FAT16 <32M 126625 72 24 345462 129 17 3515619990
P FAT32 LBA 776411 133 61 1025559 190 25 4002566176
Structure: Ok. Use Up/Down Arrow keys to select partition.
Use Left/Right Arrow keys to CHANGE partition characteristics:
*=Primary bootable P=Primary L=Logical E=Extended D=Deleted
Keys A: add partition, L: load backup, T: change type,
Enter: to continue
LUKS 2 (Data size unknown), 123 GB / 115 GiB
it appears I need to "a"dd a partition and extend the size of it to 6Tb, but I don’t remember how to do that kind of stuff (cyl, heads, etc…). I haven’t had to deal with that stuff since when there were jumpers on my IDE drives, I was running a 386 DLC w/o a math-co-processor, and we could low level format our disks from CMOS-SETUP menus… lol
