Blobfox.es

@Jain hey, do you have experience with data recovery companies?

@critical no, but i did some data recovery myself... whats up?

@Jain my laptop fell and after 1 day it stopped recognising the boot drive (SSD). It managed to boot after some time, but it's really slow. Benchmarks say 100mb/s read (from 320 before) and 3.2 ms latency (from 0.2 before) and the system crashes after some time - the taskbar disappears and the open windows stop working one by one. SMART tests show no errors, but when the system crashes and I try running a test then - it gives an error and can't start.

@Jain also the disk is LUKS encrypted

@critical hmm... i recommend that you check the RAM...

@critical do a LUKS Header Backup rn! if the header is broken you wont be able to recover any data at all

@Jain could the RAM be responsible for the slow read speeds?

@Jain how???

@critical cryptsetup luksHeaderBackup /dev/DEVICE --header-backup-file /path/to/backupfile

@critical how are you doing?

@Jain I was better before yesterday, when the laptop decided to go blobcatgooglytrash in the middle of my presentation.

Otherwise, I better now. Got some big stuff done with and now I have to grimd until the summer.
Then I should finally be free

@Jain and you?

@critical im fine but i ment how things are going with your laptop rn... did you do a luks header backup?

@Jain no, not yet. It's turned off. I'll be home in 15 mins and I have a flash drive ready to copy over the header. From what I saw, it's a text file with the configuration, right? No more than 1 MB.

@critical its not that much yeah but no, what you probably saw is luksDump...

@Jain it's not booting mokouDead

@critical do you have a spare computer for downloading a rescue iso or something like that?

@Jain yes, would I be able to recover the data from there or should I just get the header?

@critical hopefully both... Which distro do you use? Maybe the installation image is enough

@critical but we should care about the first one because you wont be able to acces any of your data if the header is broken

@critical i feel that you dont really know what luks is... luks use some kind of master key and your password just decrypt the master key, so if you lose the header you wont be able to recover any of your data

@Jain so, when the boot failed, I had the option in the BIOS to check the second disk and it got a warning on DST.
Stuff's failing ablobcatknitsweats

@Jain Manjaro

@Jain i have a backup of a recovery key or something like that. I got it when I set it up the first time

@critical blobcatsweat oh well, thats probably the header then... but i recommend you to make a backup anyway so that you are safe... i dont know if manjaro does have a basic installation image which doesnt have a automatic installation process... if so you can use this but if not, just use the arch linux installation image

@Jain the key looks like a randomly generated password. I will do a header backup regardless.

On both disks, since both show signs of nearing their end

@critical yeah please do that

@Jain if part of the disk gets corrupted or inaccessible, even with the headers backed up, can I recover data?

@critical then you should be able to recover the data which is fine

@Jain I get error code 1.

@Jain nvm, wrong drive. Accessed it through mapper and not sda1 :

@Jain but the SSD is not recognised again ablobsweating

@critical blobcatsweats so your ssd isnt recognised anymore? did dmesg show something? or do you just use the wrong device? if you have a nvme its probably not sda1

@Jain I got a 2mb file with, what looks like, binary data. Only readable thing is LUKS right at the beginning. I guess this is the header?

@critical try
cryptsetup luksDump /path/to/backupfile

@Jain blkid had a device that had luks in the name, so I picked that one

@Jain the SSD doesn't show up as a bootable device in the BIOS. In the live OS I can see my secondary drive (HDD), which also is encrypted and failed its self test.

@Jain yes, this is readable now

@critical so you got a backup of one and none of the other one?

@Jain yes, the SSD is no longer accessible and I don't have the headers.
The HDD, which only had a warning and is still accessible, I managed to get the headers backed up.

Most of my data is (was) on the SSD and the HDD is for unneeded stuff...

@Jain what are my options?

@critical well thats not good...
If you want your data back, you probably need to turn to professionals now. Chances are good that your SSD still contains data, since a dropped chip shouldn't be damaged as badly as a hard drive. But this could be expensive, they may have to read the chips individually...

@critical this is a pretty advanced case, if it would just be a deleted file on a usb, we could do much more, but now its a hardware problem

@Jain I found a local shop that offers data recovery from broken drives. 100GB for about 45 euros.
Thing is, the drive is 128 GB and it's encrypted, so idk how this works, especially since I don't have the headers.

@critical the chances are still good, since you backuped something which manjaro recommended you to do (lets hope its the key/header) and usually, as i said, chips dont get easily destroyed from dropping them.
Point is, i doubt that a local shop can read out ssds that easily. So you should ask them specifically how they extract data from potentialy broken ssds. If they have tools to handle ssd chips i would say go for it.
You should tell them that your harddrive is encrypted and that they wont find a traditional filesystem. If they know what they do, they should give you a big image with the encrypted data in it. From there we should be able to recover your data.
replies
1
announces
0
likes
1

@Jain ok, so I'm hoping on a mirror image of my encrypted drive

@Jain the thing I backed up was probably some password recovery key.

@critical if you trust them, you can give them your manjaro backup file and the password... That could have the advantae that they could verify the data

@critical that might be, to be sure we had to look up which software recommended you to backup what

@Jain unwrapped passphrase

@critical lets hope its a compressed luks header

@Jain it's 32 characters long. I highly doubt it is a header.

@critical well beside of your backup key, the chances are good that the ssd chips arent broken, and even if some of them are, it would just be a problem if the chip with the header on it is broken.

@critical but i recommend that you speak with them about your broken ssd, since i never had to recover something from a broken device. just tell them everything you told me... just make sure you know what they want to do and that they know how your system looks like, before you give them the ssd, otherwise they probably think that there is just broken data on it.

@Jain I GOT THE HEADERS!
I let it cool off and it got recognised.
I got all the headers I could find.
Named them according to the sdX name and also copied the output of blkid

@critical nice one and now you should keep your laptop turned off

@critical looks like just some cooling system of your laptop is broken

@Jain thank you very much meowHuggies

@critical so the next step would be to get your data with a different computer or with your laptop (depends on how your laptop is broken/cooling system is fucked/how good you can open up your laptop)

@Jain laptop seems fine. I suspect that the SSD might be overheating or something similar. I'm not sure how it manages heat inside itself.

So, when I go to the service center, I give them the SSD, tell them how it happened, tell them it's encrypted using LUKS and that it can work if it's cold. And then what?

Should I give them the headers I backed up? Do they need the password or can they validate the data using the headers? Do I give them everything and tell them which folder I want the data from?

Do I want them to be able to read right off the chips?

How does one proceed with this?

@critical uh oh, which service center? I have only had bad experiences, usually they install a new windows on the laptop... Do you mean the local shop for data recovery?

If so, i think you shouldnt give them the header and the password. Based on our knowledge now they just have to open up your laptop, get the ssd out of there and cool down the ssd while extracting the data... Just tell them that its encrypted and that they should make an image out of it or mirror the data on a different one, that should actually not be a problem

Thats actually something you can do too with your other computer and if you can open up your laptop.

@critical

@Jain @critical @critical ah the thread is now on blob.cat too