What did win7 install do?

Discussion in 'encryption problems' started by andrewjsmart, Apr 2, 2016.

  1. andrewjsmart

    andrewjsmart Registered Member

    Joined:
    Apr 2, 2016
    Posts:
    2
    I'm trying to figure out what the hell I did. I wish I had addressed this 2 years ago before I moved for work.
    Before moving, I had installed windows 7 on a HDD. But, I had accidentally left a Linux HDD with FDE connected. Initially I had been careful to disconnect all other HDDs as I'm well aware windows @#&%s with things it shouldn't, but I reconnected the linux HDD to boot to it and run gparted to tweak NTFS parameters of the partition I was installing win7 to. So, while installing windows I'd realized I'd @&#%ed up and left the other HDD connected. I should've pulled the plug then but I thought all I'd have to do is reinstall grub.
    Well NOPE! Windows wrote a 100mb partition over it. (That's what I've figured out so far, at least I think that is what occurred).

    So, I'm trying to look at things to figure out what the hell happened.
    I know I encrypted it with either aes128 or 256, default salt or no salting, with maybe a 512 byte offset. Prior I had filled the disk with /dev/random. I was following an "Ubuntu full disk encryption" guide. I'm trying to track down the exact guide by searching through my google search history. (For once I'm glad google keeps a history of searches on their servers)

    I often had funky setups. A possibility is grub on a spare disk loaded the FDE disk. Attempting to boot to that grub yields a "device with uuid=22765-177... not found". When windows wrote the 100mb partition it would've changed the uuid of the disk, right? There is a route of inquiry, analysing that grub.
    I'm not sure if it was truecrypt or plain. I really wish I had addressed this then as I'd remember. That guide would say.
    The FDE disk was unlocked by a password prompted at boot (by grub?). I'm trying to recall if it would ask 3 times like truecrypt does or if'd just fail to find things if the first pass was wrong. It had 2-3 partitions on it. 2 ext4, and maybe swap (swap likely first or middle partition). Swap may've been on different encryted disk though, I don't recall (can't open that one without the key on this one).

    P.S. every single one of those Ubuntu guides makes no mention of backing up your MBR or volume headers as this forum does. It's a trap!
     
    Last edited: Apr 2, 2016
  2. andrewjsmart

    andrewjsmart Registered Member

    Joined:
    Apr 2, 2016
    Posts:
    2
    Looks like I googled 'Debian encryption', 'debian encryption aes speed', 'debian on usb', 'write iso to disk dd' and many other things like 'lvm' Jan 15, 2012.
    To do this I downloaded the archive from google.com/search history , indented the json files in the archive with 'python -mjson.tool $f', grepped for 'encrypt', then looked around the matches.
    Too bad I didn't google the exact encryption parameters :)
    Can see I ran Debian live from a USB and installed/prepped the disk from there.

    P.S. isn't this a great application of machine learning & pattern matching? To identify known filesystem/header/file structures in a more general way than hand crafted scripts?
     
Loading...