Monthly Archives: January 2013

Accessing an encrypted full disc image (LUKS;LVM)

So I typically use a full disc encryption with LVM over LUKS. So assume you have got an image from your harddisk via

dd if=/dev/sda of=image.img

You now want to access this data again – maybe you don’t even have the drive anymore. So here is a quick rundown how I did it just now.

First we look at the image:

% fdisk -l -u backup_x220_november_2012_sdb.img                        

Disk backup_x220_november_2012_sdb.img: 80.0 GB, 80026361856 bytes, 156301488 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000589c6

                            Device Boot      Start         End      Blocks   Id  System
backup_x220_november_2012_sdb.img1            2048      499711      248832   83  Linux
backup_x220_november_2012_sdb.img2          501758   156301311    77899777    5  Extended
backup_x220_november_2012_sdb.img5          501760   156301311    77899776   83  Linux

Great! So all partitions are in there! We will use kpartx to map this file to a block device which you can use just as your normal drives.

% sudo kpartx -a -v backup_x220_november_2012_sdb.img
add map loop0p1 (254:3): 0 497664 linear /dev/loop0 2048
add map loop0p2 (254:4): 0 2 linear /dev/loop0 501758
add map loop0p5 : 0 155799552 linear /dev/loop0 501760

Even better, now we have the partitions on the image mapped to /dev/mapper/loop0px. It’s now¬†straightforward to mount the encrypted drive loop0p5:

% sudo cryptsetup luksOpen /dev/mapper/loop0p5 imgroot
Enter passphrase for /dev/mapper/loop0p5:

Now find and open the LVM drives inside:

% sudo vgscan
  Reading all physical volumes.  This may take a while...
  Found volume group "mikrocanonix" using metadata type lvm2

% sudo vgchange -a y mikrocanonix
  2 logical volume(s) in volume group "mikrocanonix" now active

% sudo mount /dev/mikrocanonix/root /mnt/