From owner-freebsd-geom@FreeBSD.ORG  Mon Apr  5 00:21:23 2004
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B68FE16A4CE
	for <freebsd-geom@freebsd.org>; Mon,  5 Apr 2004 00:21:23 -0700 (PDT)
Received: from critter.freebsd.dk (0x50a171c6.naenxx7.adsl-dhcp.tele.dk
	[80.161.113.198])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7496C43D39
	for <freebsd-geom@freebsd.org>; Mon,  5 Apr 2004 00:21:22 -0700 (PDT)
	(envelope-from phk@phk.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.11/8.12.11) with ESMTP id i357LJM9001789;
	Mon, 5 Apr 2004 09:21:19 +0200 (CEST)
	(envelope-from phk@phk.freebsd.dk)
To: mmarkows@twcny.rr.com
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Sun, 04 Apr 2004 18:42:33 EDT."
             <c3421fc3355c.c3355cc3421f@nyroc.rr.com> 
Date: Mon, 05 Apr 2004 09:21:19 +0200
Message-ID: <1788.1081149679@critter.freebsd.dk>
cc: freebsd-geom@freebsd.org
Subject: Re: how ro recover encrypted slice 
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2004 07:21:23 -0000

In message <c3421fc3355c.c3355cc3421f@nyroc.rr.com>, mmarkows@twcny.rr.com writ
es:
>Hi,
>
>I mounted a GEOM-encrypted slice to /home2 and stored all my data there. Two days ago, I decided to update my FreeBSD from 5.2 to 5.2.1. I have done it several times before, so I felt self-assured. I backed up my config files, forgetting unfortunately about /etc/gbde/ad1s2.
>
>During the update procedure my system was messed up to the extent that it seemed reasonable to do a clean install of 5.2.1. I did it without saving /etc/gbde/ad1s2, and without touching the encrypted slice.
>
>Now, I am in a predicament because I cannot access my files that I need for my work tomorrow. I know that I messed up, but my last backup is 3 weeks old, and essentially it is no good any more.
>
>Is there any way to recover the data? I have 13 hours to do it.

The data stored in the file you lost is only the encrypted location of
the master key, so in theory you could do a brute force search for the
master key.

Unless your encrypted partition is of rather trivial size, this will take
a lot of time.

You will need to adapt the code from gbde(8) to do this, but that should
be rather straight forward: simply try every single byte offset on the
disk.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.