从内存转储中破解 Luks 加密

tag-icon tag-icon linux lvm encryption disk luks
从内存转储中破解 Luks 加密

我丢失了 LUKS 加密密码,并且我知道有多种方法可以从内存转储中恢复磁盘,因此我使用了以下帖子苏巴什SN

我使用 findaes 从转储中提取密钥:

Searching snapshot.raw
Found AES-128 key schedule at offset 0x2ab8b02b:
99 d4 7b 6a d0 44 9a 51 cc bf 5d f1 3c f7 12 0f
Found AES-128 key schedule at offset 0x2d456d0d:
de 84 11 39 06 a1 de 36 66 72 55 38 31 d2 84 13
Found AES-256 key schedule at offset 0x330716ff:
79 8a 00 0f 0c 17 9e b8 97 4e 91 92 5b c3 ae ac 2c 8f bf 8d 67 98 60 03 f5 0b e6 11 cc 77 60 d4
Found AES-256 key schedule at offset 0x33071eff:
72 98 38 ae c8 d5 89 5e b0 7a 57 75 74 ec 6f 9e 5b 4d 30 c1 cb fd 51 59 1f 93 a1 30 92 1f 24 8d

我正在使用 SystemRescueCD 并安装磁盘,输出fdisk -l

Disk /dev/sda: 100 GiB, 107374182400 bytes, 209715200 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0cf378c8

Device     Boot   Start       End   Sectors  Size Id Type
/dev/sda1  *       2048    999423    997376  487M 83 Linux
/dev/sda2       1001470 209713151 208711682 99.5G  5 Extended
/dev/sda5       1001472 209713151 208711680 99.5G 83 Linux

下一步是找到加密分区的大小/dev/sda5

blockdev --getsz /dev/sda5
208711680

下一步是解锁和解密分区:

echo "0 <size> crypt aes-xts-plain64 <key> 0 </dev/drive> 4096" | sudo dmsetup create luks-volume

我按如下方式使用它:

echo "0 208711680 crypt aes-xts-plain64 798a000f0c179eb8974e91925bc3aeac2c8fbf8d67986003f50be611cc7760d4729838aec8d5895eb07a577574ec6f9e5b4d30c1cbfd51591f93a130921f248d 0 /dev/sda5 4096" | dmestup create luks-volume.

我没有收到任何错误或警告。但如果我使用lsblk我无法看到 LVM 分区。

Disk /dev/sda: 100 GiB, 107374182400 bytes, 209715200 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0cf378c8

Device     Boot   Start       End   Sectors  Size Id Type
/dev/sda1  *       2048    999423    997376  487M 83 Linux
/dev/sda2       1001470 209713151 208711682 99.5G  5 Extended
/dev/sda5       1001472 209713151 208711680 99.5G 83 Linux


Disk /dev/mapper/luks-volume: 99.5 GiB, 106843602944 bytes, 208678912 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

我缺少什么?

相关内容