2

How can I recover an ext4 partition after luksFormat?

It was late one night when I decided to try gnome-shell 3.16 without messing up my Ubuntu box. So, I downloaded an Antergos image and booted it. I was maybe half asleep when I told the python installer (called Cnchi) to encrypt my home partition with LUKS, even though I knew that my home folder was encrypted with ecryptfs (the Ubuntu default procedure). The moral: never play with a new distro before going to bed. As far as I can tell, the script created a container with luksFormat, which I can open (via luksOpen or with gnome-disks) and see nothing but the empty folders created at first login. I have already changed the /home partition mount in order to avoid any further change.

I've read some posts on how to (try to) recover a lost LUKS partition, but found none on accidental LUKS formatting.

Update

testdisk's deep search found the following two partitions whose difference is minimal: they have the same size (1764434816 sectors), but one partition starts two sectors later.

testdisk

The partition beginning in sector 165566464 and ending in sector 1932001279 is the LUKS container, as reported by gparted:

gparted

If I change the D [Deleted] label to a P [Partition], in both cases, testdisk doesn't report any file. Insted, it shows Can't open filesystem. Filesystem seems damaged.

Improve this question
6
  • Your ecryptfs must have been sitting on top of another filesystem: run a file recovery tool for that filesystem and then launch ecryptfs on recovered files.
    – Enos
    Commented Jun 1, 2015 at 23:29
  • @Enos ecryptfs was under an ext4 partition (/dev/sda6). But then I did the luksFormart which wiped out the first 2MB, according to an Antergos dev. So, you suggest to run a file recovery tool on sda6 when LUKS is mounted?
    – Ludenticus
    Commented Jun 1, 2015 at 23:38
  • Yes. For our purposes LUKS has just overwritten some space. Check this Ubuntu recovery guide and make sure to work on backups. FYI I am just speculating, I did not do this myself.
    – Enos
    Commented Jun 2, 2015 at 0:01
  • @Enos The Ubuntu guide is undoubtedly a good starting point to experiment... but there is no reference to LUKS or how to proceed. I mean, I'm not even sure if I have to look for a lost partition or try to savage the ecryptfs private folder. For instance, should I mount the LUKS container or should I leave it closed? I will do some test in a «dummy» image ('cause the original would be pretty slow to work with, as it is ~900Gb)
    – Ludenticus
    Commented Jun 2, 2015 at 3:51
  • if I understand your situation, you do not need to work with LUKS. LUKS has just overwritten space. You need to recover the older filesystem which has nothing to do with LUKS. ecryptFS is just files on top of an ext* filesystem. Recover the ext* files and then launch ecryptFS on them. Unless I'm missing something...
    – Enos
    Commented Jun 2, 2015 at 15:27

0

Reset to default

You must log in to answer this question.