Recover damaged & luks-encrypted BTRFS partition

How to use TestDisk to recover lost partition
Recover damaged & luks-encrypted BTRFS partition

#1 Post by LinuxUser576249


Here's my problem:

I have a Virtual Machine that I had to reset because the UI became very buggy after I tried to mount a hot-pluggable virtual disk image to copy some files.
Well that was actually premature, should not have done that - but shit sometimes happens.

The Virtual Disk is encrypted with luks1 and the file system used is btrfs.
I also have backed up the virtual disk in working state.
I made some changes to the certain files [a password db and my firefox profile &
some other documents] that are not in my last backup.
Therefore I would like to restore my btrfs partition

When I enter the password the following error appears (when I start up the vm):


Enter passphrase for hd0,gpt2 (91188ec2-c31a-4812-a8c8-654cf5c793fb):
Attempting to decrypt master key...
Slot 0 opened
error: unknown filesystem
grub rescue>


I tried to restore the partition using a live-system
but the partition is not mountable

Since I backed up the corrupted virtual disk to a safe location.
I am capable to start over if something goes sideways.
Just need to copy the corrupted virtual disk from backup location to
working directory of the VM. So creating an image of my vm partition won't be necessary

GParted shows the follwing errors
when I open the information window for my btrfs partition.
So it does not recognize the filesystem.


Encryption: luks
Path: /dev/mapper/sda2_crypt
UUID: 91188ec2-c31a-4812-a8c8-654cf5c793fb
Status: Open

Path /dev/sda2
1st Sector: 618496
Last Sector: 188731619
Total Sectors: 188113124

Unable to detect file system! Possible reasons are:
- The file system is damaged
- The file system is unknown to GParted
- There is no file system available [unformatted]
- The device entry /dev/mapper/sda_crypt2 is missing



I used btrfs-tools and testdisk:

Command: btrfs rescue super-recover /dev/mapper/sda2_crypt
Output: No valid btrfs found on /dev/mapper/sda2_crypt


Additional Info's:

The ssd's of my host system and it's partitions are in healthy state - so no issues here!
The vm is an efi system & uses gpt as partition table!

The screenshots from GParted show the disk before the Data Corruption occurred:



dmesg shows an this error message when I attempt to mount the my btrfs partition
with this command: mount /dev/mapper/sda2_crypt or /dev/sda1

/dev/mapper/sda2_crypt: Can't open blockdev
/dev/sda1: Can't open blockdev


Command:dmesg | tail

Output: systemd-gpt-auto-generator[3165]: (the boot loader did not set EFI variable LoaderDevicePartUUID.)
systemd-gpt-auto-generator[4398]: EFI loader partition unknown, exiting.

This output shows a few time with diffrent numbers between the [].


Command: hexdump /dev/sda2 | grep LUKS

Output: 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....|

So I guess the luks header is still there!


The testdisk results: see attached Code (testdisk log!)

I would like to restore the partition to working state.

Help would be appreciated

testdisk log:

Re: Recover damaged & luks-encrypted BTRFS partition

#2 Post by recuperation

You have three additional levels of complexity:

2. Virtualization
3. Encryption

You are starting backwards to remove them:

ad 3.
Remove the encryption layer. If on or more sectors of the partition are unreadable you might need to have to use a luks header backup.

ad 2.
Save the partition in an uncompressed form into a file.
That means that a 128 GB should partition should have a on-disk (file) representation of 128 GB not some say 5 GB in case of hardly used partition.

ad 1.
Run TestDisk hoping that your poblems are caused just by a broken BTFS bootsector.
TestDisk won't show the internals of your TestDisk partition nor repair anything within the BTRFS partition.

If that does not help, search third party software for BTRFS recovery or use the built-in BTRFS. Such software won't "repair" anything by writing on the oiginal source disk. Data recovery is mostlx data extraction and not "in situ repair".

The worst case would be using PhotoRec trying to recover data from your BTRFS partition.

