我正在尝试从使用 Veracrypt 加密的备份驱动器中恢复一些数据,因为我最近input/output error在尝试从中复制一些文件时遇到了消息。这是在驱动器成功安装并使用 Veracrypt 解密之后:
$ sudo veracrypt --text --mount /dev/sdb1 /media/veracrypt5 --protect-hidden no --verbose
由于我怀疑可能存在磁盘故障,因此我决定将整个驱动器映像到ddrescue单独的磁盘上:
$ sudo ddrescue -c1 -O -a 10M -r3 /dev/sdb disk.img disk-ddrescue.log
GNU ddrescue 1.23
Press Ctrl-C to interrupt
ipos: 1998 GB, non-trimmed: 0 B, current rate: 3891 kB/s
opos: 1998 GB, non-scraped: 0 B, average rate: 37039 kB/s
non-tried: 0 B, bad-sector: 0 B, error rate: 0 B/s
rescued: 2000 GB, bad areas: 0, run time: 15h 6s
pct rescued: 100.00%, read errors: 0, remaining time: n/a
slow reads: 2936, time since last successful read: n/a
Finished
$ cat disk-ddrescue.log
# Mapfile. Created by GNU ddrescue version 1.23
# Command line: ddrescue -c1 -O -a 10M -r3 /dev/sdb disk.img disk-ddrescue.log
# Start time: 2022-06-11 19:58:50
# Current time: 2022-06-12 10:59:08
# Finished
# current_pos current_status current_pass
0x1D151B24C00 + 3
# pos size status
0x00000000 0x1D1C1116000 +
我检查了一下dmesg,发现该设备出现以下错误:
[2057020.050884] Buffer I/O error on dev dm-3, logical block 488378288, async page read
[2057020.051069] Buffer I/O error on dev dm-3, logical block 488378288, async page read
[2057020.051105] Buffer I/O error on dev dm-3, logical block 488378302, async page read
[2057021.136808] Buffer I/O error on dev dm-3, logical block 488378288, async page read
[2057021.136863] Buffer I/O error on dev dm-3, logical block 488378288, async page read
[2057024.705572] Buffer I/O error on dev dm-3, logical block 1027, async page read
[2057024.705605] Buffer I/O error on dev dm-3, logical block 1027, async page read
[2057031.930962] Buffer I/O error on dev dm-3, logical block 488378288, async page read
[2057063.008430] Buffer I/O error on dev dm-3, logical block 0, lost sync page write
要确认错误确实来自有问题的驱动器:
$ sudo dmsetup info /dev/dm-3
Name: veracrypt5
State: ACTIVE
Read Ahead: 256
Tables present: LIVE
Open count: 1
Event number: 0
Major, minor: 253, 3
Number of targets: 1
的输出sudo fdisk,sudo lsblk以及sudo blkid解密后的输出:
$ sudo fdisk -l
Disk /dev/sdb: 1,84 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: 002-2DV164
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 5BB9ECBE-197E-40EE-B85D-D90DF4876C77
Device Start End Sectors Size Type
/dev/sdb1 2048 3907028991 3907026944 1,8T Linux filesystem
Disk /dev/mapper/veracrypt5: 1,84 TiB, 2000397533184 bytes, 3907026432 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
$ sudo fdisk -lu disk.img
Disk disk.img: 1,84 TiB, 2000398934016 bytes, 3907029168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 5BB9ECBE-197E-40EE-B85D-D90DF4876C77
Device Start End Sectors Size Type
disk.img1 2048 3907028991 3907026944 1,8T Linux filesystem
$ sudo lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
...
sdb 8:16 0 1,8T 0 disk
└─sdb1 8:17 0 1,8T 0 part
└─veracrypt5 253:3 0 1,8T 0 dm /media/veracrypt5
sdc 8:32 0 4,6T 0 disk
└─sdc1 8:33 0 4,6T 0 part
└─veracrypt8 253:4 0 4,6T 0 dm /media/veracrypt8
$ sudo blkid
/dev/mapper/veracrypt8: UUID="26877f0f-d351-478e-9ef5-a0f1c560d53d" TYPE="ext3"
/dev/mapper/veracrypt5: UUID="c0f9c7fe-431c-4a1d-b47a-a583dd3783e3" TYPE="ext3"
/dev/loop7: PTTYPE="atari"
/dev/sdc1: PARTUUID="15ad3a77-6366-4315-b2ef-382988c67b7b"
/dev/sdb1: PTTYPE="atari" PARTUUID="4fc3b79a-c7d1-46bd-ae15-d844b862ed1b"
作为参考,这里是输出smartctl -a /dev/sdb:
$ sudo smartctl -a /dev/sdb
smartctl 7.1 2019-12-30 r5022 [x86_64-linux-5.13.0-41-generic] (local build)
Copyright (C) 2002-19, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF INFORMATION SECTION ===
Model Family: Seagate FireCuda 3.5
Device Model: ST2000DX002-2DV164
Serial Number: Z4ZCP6Z5
LU WWN Device Id: 5 000c50 0b4ec3ff9
Firmware Version: CC41
User Capacity: 2 000 398 934 016 bytes [2,00 TB]
Sector Sizes: 512 bytes logical, 4096 bytes physical
Rotation Rate: 7200 rpm
Form Factor: 3.5 inches
Device is: In smartctl database [for details use: -P show]
ATA Version is: ACS-2, ACS-3 T13/2161-D revision 3b
SATA Version is: SATA 3.1, 6.0 Gb/s (current: 1.5 Gb/s)
Local Time is: Sun Jun 12 20:25:48 2022 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
General SMART Values:
Offline data collection status: (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status: ( 0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection: ( 0) seconds.
Offline data collection
capabilities: (0x73) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 1) minutes.
Extended self-test routine
recommended polling time: ( 230) minutes.
Conveyance self-test routine
recommended polling time: ( 2) minutes.
SCT capabilities: (0x1081) SCT Status supported.
SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x000f 101 099 006 Pre-fail Always - 3415264
3 Spin_Up_Time 0x0003 098 095 000 Pre-fail Always - 0
4 Start_Stop_Count 0x0032 100 100 020 Old_age Always - 826
5 Reallocated_Sector_Ct 0x0033 100 100 010 Pre-fail Always - 0
7 Seek_Error_Rate 0x000f 081 060 030 Pre-fail Always - 150879843
9 Power_On_Hours 0x0032 073 073 000 Old_age Always - 23876
10 Spin_Retry_Count 0x0013 100 100 097 Pre-fail Always - 0
12 Power_Cycle_Count 0x0032 099 099 020 Old_age Always - 2029
183 Runtime_Bad_Block 0x0032 098 098 000 Old_age Always - 2
184 End-to-End_Error 0x0032 100 100 099 Old_age Always - 0
187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 0
188 Command_Timeout 0x0032 100 100 000 Old_age Always - 6
189 High_Fly_Writes 0x003a 099 099 000 Old_age Always - 1
190 Airflow_Temperature_Cel 0x0022 064 049 045 Old_age Always - 36 (Min/Max 32/36)
191 G-Sense_Error_Rate 0x0032 100 100 000 Old_age Always - 0
192 Power-Off_Retract_Count 0x0032 100 100 000 Old_age Always - 25
193 Load_Cycle_Count 0x0032 098 098 000 Old_age Always - 5451
194 Temperature_Celsius 0x0022 036 051 000 Old_age Always - 36 (0 11 0 0 0)
197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0010 100 100 000 Old_age Offline - 0
199 UDMA_CRC_Error_Count 0x003e 200 200 000 Old_age Always - 11
240 Head_Flying_Hours 0x0000 100 253 000 Old_age Offline - 21475h+37m+00.325s
241 Total_LBAs_Written 0x0000 100 253 000 Old_age Offline - 30779265742
242 Total_LBAs_Read 0x0000 100 253 000 Old_age Offline - 288499467100
SMART Error Log Version: 1
No Errors Logged
SMART Self-test log structure revision number 1
No self-tests have been logged. [To run self-tests, use: smartctl -t]
SMART Selective self-test log data structure revision number 1
SPAN MIN_LBA MAX_LBA CURRENT_TEST_STATUS
1 0 0 Not_testing
2 0 0 Not_testing
3 0 0 Not_testing
4 0 0 Not_testing
5 0 0 Not_testing
Selective self-test flags (0x0):
After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
有趣的是,当我将图像安装到环回设备并对其进行 fsck 时,我得到以下信息:
$ losetup -f
/dev/loop7
# mount disk image to loopback device, -o 1048576 because of offset of 2048 and sector size of 512 = 2048*512
$ sudo losetup -o 1048576 /dev/loop7 disk.img
# running fsck on loopback device
$ sudo fsck -fv /dev/loop7
fsck from util-linux 2.34
e2fsck 1.45.5 (07-Jan-2020)
ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
fsck.ext2: Bad magic number in super-block while trying to open /dev/loop7
The superblock could not be read or does not describe a valid ext2/ext3/ext4
filesystem. If the device is valid and it really contains an ext2/ext3/ext4
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193 <device>
or
e2fsck -b 32768 <device>
Found a atari partition table in /dev/loop7
如果我尝试disk.img直接挂载到另一个非环回的挂载点并使用相同的偏移量,我会收到另一个错误:
$ sudo mount -o loop,offset=1048576 disk.img /mnt/sshd1
NTFS signature is missing.
Failed to mount '/dev/loop7': Invalid argument
The device '/dev/loop7' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?
$ file disk.img
disk.img: DOS/MBR boot sector; partition 1 : ID=0xee, start-CHS (0x0,0,2), end-CHS (0x3ff,255,63), startsector 1, 3907029167 sectors, extended partition table (last)
我不知道为什么mount,它file自动将其检测为NTFS/ msdos。可能是因为当磁盘连接到 Windows 工作站时,Windows 覆盖了超级块或部分分区表?
我的目标很简单:我只想恢复 Veracrypt 卷中的数据,但我不知道该怎么做,因为当我尝试在解密后复制数据时,我只收到消息,或者驱动器断开连接并发出咔嗒声(不好)。解密后可以浏览驱动器以查看文件名。我还可以看到一些文件大小不正确,表明已损坏。我的想法是,如果我能正确安装映像,input/output error也许可以恢复一些文件。testdisk
我也发现很奇怪,只有当我尝试在解密后访问文件时磁盘才会表现得很奇怪,但是在克隆驱动器时没有出现任何错误?
类似问题的链接:“缺少 NTFS 签名。”如何安装此硬盘?(或者它受密码保护?)
答案1
根据您的 pastebin,要操作的设备是 /dev/mapper/veracrypt6(您可以在 sudo lsblk 下看到 veracrypt6 是 loop7 的子项)。
您需要先卸载文件系统以防止进一步损坏,即使用
umount /media/veracrypt6
完成此操作后,您应该能够尝试在 /dev/mapper/veracrypt6 上执行所需的任何块/文件系统恢复操作
尝试恢复文件需要执行恢复的程序了解文件系统,并尽可能使用文件系统特定的引用来促进恢复。另一种方法是使用 photorec(testdisk 套件的一部分)之类的东西来查看原始磁盘并提取它能识别的任何内容 - 这样可以为您提供更多文件,但缺点是不能处理碎片化的文件,不知道文件名,只能恢复某些文件类型(它根据在原始数据流中识别的签名尝试恢复。这意味着它不能使用文件名,因为它们存储在文件系统的不同部分,而且在大多数情况下,它不知道如何链接分散在文件系统不同部分的文件,也不知道哪些文件应该被删除等)。