Recovering encrypted LVM partitions with testdisk possible?

How to use TestDisk to recover lost partition
Forum rules
When asking for technical support:
- Search for posts on the same topic before posting a new question.
- Give clear, specific information in the title of your post.
- Include as many details as you can, MOST POSTS WILL GET ONLY ONE OR TWO ANSWERS.
- Post a follow up with a "Thank you" or "This worked!"
- When you learn something, use that knowledge to HELP ANOTHER USER LATER.
Before posting, please read https://www.cgsecurity.org/testdisk.pdf
Locked
Message
Author
shoreditch
Posts: 1
Joined: 06 Jul 2013, 17:12

Recovering encrypted LVM partitions with testdisk possible?

#1 Post by shoreditch »

Windows (or more specifically, the Acer eRecovery tool) messed up my boot partition on my dual boot system (Windows 7 and Fedora 18). I have a Windows partition (sda1, sda2 and sda3) and LVM encrypted partitions (sda4), which include a home, boot (unencrypted), swap and root partition. (There is also a separate data partition that is also encrypted and was on sda5)

When I typed "ls", the answer was:
grub rescue> ls
(hd0) (hd0,msdos5) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)

When I typed lvdisplay, vgdisplay, or lvscan, the answer was: No volumes groups found.

Because I could not find or mount the encrypted LVM partitions anymore, I then started testdisk.

Before using testdisk, fdisk showed this output:

fdisk -l
Device --- Boot ---Start--- End--- Blocks--- Id ---System
/dev/sda1 ---2040 ---31459327--- 15728640 ---27--- Hidden--- NTFS ---WinRE *Windows*
/dev/sda2 ---*--- 31459328 ---31664127 ---102400--- 7--- HPFS/NTFS/exFAT *Windows Acer eRecovery*
/dev/sda3 ---31664128--- 502896639--- 235616256 ---7 ---HPFS/NTFS/exFAT *Windows main partition*
/dev/sda4 ---502896640 ---1465149167 ---401126264--- 5--- Extended *I believe the LVM partitions should be here*
/dev/sda5 ---614004736 ---1465147391--- 425571328 ---83 (this is just a data partition, no Operating System)

I then used testdisk, which showed this partition table:

fdisk -l
Device ---Boot ---Start--- End--- Blocks--- Id--- System
/dev/sda1 ---2040 ---31459327 ---15728640 ---27--- Hidden NTFS WinRE
/dev/sda2--- *--- 31459328 ---31664127 ---102400--- 7--- HPFS/NTFS/exFAT
/dev/sda3--- 31664128--- 502896639--- 235616256 ---7 ---HPFS/NTFS/exFAT
/dev/sda4--- 502898760 ---1465160129 ---481130685 ---f W95 Ext'd (LBA)
/dev/sda5 ---502900736 ---503924735--- 512000--- 83--- Linux
/dev/sda6 ---503926784 ---503930879 ---2048 ---83--- Linux
/dev/sda7--- 614004736--- 614008831 ---2048 ---83 ---Linux

I then wrote this partition table to the MBR with testdisk.

As a result, I seem to have lost my original sda5 data partition, which I cannot open/decrypt anymore.
When I now run cryptsetup luksOpen on sda6 and on sda7, I can enter the password for the root partition of Fedora 18 at sda6 and the password for the data partition (which was before on sda5) on sda7. But I get the error message:Requested offset is beyond real size of device" and I cannot open the encrypted partitions.

Testdisk also showed this:

Disk /dev/sda 750 GB 698 GiB CHS 91202 255 63
The harddisk (750GB/698 GiB ) seems too small. (<2878GB/2680 GiB)
Check the harddisk size: HD jumpers settings, BIOS detection....

The following partitions can't be recovered:
Partition Start End Size in sectors
FAT16 <32M 241432 55 6 349921 45 32 1742875182
FAT32 LBA 264128 56 24 32533 15 8 954338727

Continue
892 GB
488 GB

HPFS NTFS 0 32 33 1958 64 26 31457280 PQSERVICE
HPFS NTFS 1958 64 27 1971 0 13 204800 SYSTEM RESERVED
HPFS NTFS 1971 0 14 31303 221 22 471232512 ACER
LINUX 31367 252 54 31368 62 54 4096 (this could be the Fedora livecd)
LINUX 38220 6 59 38220 71 59 4096 (this could be the Fedora livecd)

Current Partition structure
Partition Start End Size in sectors
1 * HPFS NTFS 0 32 33 1958 64 26 31457280 PQSERVICE
2 P HPFS NTFS 1958 64 27 1971 0 13 204800 SYSTEM RESERVED
3 P HPFS NTFS 1971 0 14 31303 221 22 471232512 ACER
4 E extended LBA 31304 0 1 91201 254 63 962261370
5 L Linux 31304 31 24 31367 220 21 1024000
X extended 31367 251 1 31368 62 54 4212
6 L Linux 31367 252 54 31368 62 54 4096
X extended 8220 5 1 38220 71 59 4217
7 L Linux 38220 6 59 38220 71 59 4096

Now my questions are:
1. Is it possible to revert the changes that testdisk did to the partition table, so I can at least open again the data partition (the original sda5 partition)?
2. Is it possible with testdisk that I recover the encrypted LVM partitions?

cmonty
Posts: 5
Joined: 13 Jul 2013, 08:56

Re: Recovering encrypted LVM partitions with testdisk possib

#2 Post by cmonty »

Hi!

I'm facing a similar issue... did you find a solution for your problem, though?

THX

Locked