Recovering Key from Reformatted USB

[Dylan Tully]

My FreeNAS (running version 9.10.1) was running fine for about two days and then it stopped being able to boot up properly. Based on a suggestion I saw elsewhere, I tried "updating" the software version using the 9.10.1 installation media to try and get the system working again. It looks like it instead attempted a clean install and reformatted the USB stick but failed to resolve the "CAM status: CCB request booted with error" problem that I was trying to fix in the first place.

The USB drive is no longer bootable, has been quick-formatted and now I do not have the encryption key to import my pool on a fresh install on a new USB.

Does anyone know how to go about looking for an Encryption Key after the usb stick has been reformatted? Or any other suggestions on how I might proceed to get access to my pool again?

 

[melloa]

So ... you did a fresh install and booted. Can't you go to: Storage -> Import Volumes? You will probably have to configure all your users, CIFs, etc, but your data must be OK.
Also ... if you have saved your config, you can import: system -> General -> Upload config.
Wait a little for other comments to see if there is any magic trick you can use besides the above...

 

[anodos]

My FreeNAS (running version 9.10.1) was running fine for about two days and then it stopped being able to boot up properly. Based on a suggestion I saw elsewhere, I tried "updating" the software version using the 9.10.1 installation media to try and get the system working again. It looks like it instead attempted a clean install and reformatted the USB stick but failed to resolve the "CAM status: CCB request booted with error" problem that I was trying to fix in the first place.

The USB drive is no longer bootable, has been quick-formatted and now I do not have the encryption key to import my pool on a fresh install on a new USB.

Does anyone know how to go about looking for an Encryption Key after the usb stick has been reformatted? Or any other suggestions on how I might proceed to get access to my pool again?

It sounds like the boot medium failed prior to the reformatting. I don't think that recovery is going to be possible unless you backed up the key somewhere else. :(

 

[SweetAndLow]

You're toast. Do you have the recovery key backed up?

Sent from my Nexus 5X using Tapatalk

 

[Dylan Tully]

Based on the recommendation a user made in a PM, I booted FreeNAS from a different boot media with the USB stick plugged in and ran the following in shell:

dd if=/dev/da1 bs=32k | hexdump | grep "4547 4d4f 3a3a 4c45"

It took a while but it did spit back a string of alphanumeric characters in the format of "xxxxxxxx xxx xxx xxx 4547 4d4f 3a3a 4c45 xxxx" where x is an alphanumeric character. Does that look like an encryption key? And if so, what do I do to make the keyfile so that I need to supply when importing the pool?

 

[m0nkey_]

My FreeNAS (running version 9.10.1) was running fine for about two days and then it stopped being able to boot up properly. Based on a suggestion I saw elsewhere, I tried "updating" the software version using the 9.10.1 installation media to try and get the system working again. It looks like it instead attempted a clean install and reformatted the USB stick but failed to resolve the "CAM status: CCB request booted with error" problem that I was trying to fix in the first place.

The USB drive is no longer bootable, has been quick-formatted and now I do not have the encryption key to import my pool on a fresh install on a new USB.

Does anyone know how to go about looking for an Encryption Key after the usb stick has been reformatted? Or any other suggestions on how I might proceed to get access to my pool again?

http://doc.freenas.org/9.10/storage.html#encryption

As per the documentation:

To create an encrypted volume, check the “Encryption” box shown in Figure 8.1.1. A pop-up message will remind you that it is extremely important to make a backup of the key as without it the data on the disks is inaccessible. Refer to Managing Encrypted Volumes for instructions.

It sounds to me you failed to backup your keys.

Your only option now is to re-build your pool and recover data from a backup.

 

[Dylan Tully]

Hey,

It's been a little while, but I've had some developments:

I took the USB drive, created a disk image of it and have been looking through the raw data using the hex editor Hxd on the off chance I would be able to find the encryption key. I started looking for "The_Scary_Door", which was the name of the pool and found a recurring string around it (seen below):

758868639093965688The_Scary_Doord9ea9b72-d982-49b3-9c7e-7038da5da920ZFS

The string around The_Scary_Door doesn't occur every time, but it does come up pretty frequently. I thought that particularly the latter part of the string looked promising and eventually found:

d9ea9b72-d982-49b3-9c7e-7038da5da920.key

Which looks like 16 characters in some sort of .key file and the text only appears once in the disk image. Is it possible I got lucky in my panning and found a gold nugget?

 

[Dylan Tully]

tl:dr backup your key like it tells you to.

I created a fresh install of FreeNAS and made a new encrypted pool on a little flash drive I had, taking care to download that encryption key. I was then able to locate the trial encryption key on an image of the boot drive.

I used ImageUSB v1.3.1002 to take the boot drive image and so it may have messed with the offset a little bit but I did find the trial key at offset # 0D858B000.

Unfortunately when I looked at the equivalent region in the disk image of what was my original boot drive, it appeared that the entire region had already been scrubbed over by the time I had made the image. With that, I'm calling it quits.

Fortunately nothing irreplaceable was lost and I've learned a lot of things but I did want to share that I was able to find a Geli encryption key from the boot drive.

 

[m0nkey_]

If the keys were so easily recoverable, it'll defeat the purpose of encryption.

 

[Dice]

If the keys were so easily recoverable, it'll defeat the purpose of encryption.

indeed.
Perhaps this is why rumor has it that encryption wont be pursued in FreeNAS 10.

post #8 might be of interest to @dlavigne

 

[jdong]

The boot pool is ZFS formatted, and ZFS is not an old school filesystem where you can just hope that data associated with a file is just laid out in plain text contiguously around a known string.

ZFS extents will have all sorts of metadata around it, not to mention it could potentially be compressed or have some extents compressed with LZ4 by default, so this search is going to be pretty challenging without a pretty good amount of knowledge about ZFS's on-disk data structures.

You might get lucky from time to time and just find the entirety of the key packed into one extent and have LZ4 pursue its "early incompressible bail-out" path where the data is not encrypted, but on a real-world FreeNAS boot volume that might've seen a good deal of activity before the creation / rekey of your pool, that's less likely.


I gave up on creating encrypted pools as well with my latest build. It was way too prone to error. The slightest mistake in the order of adding new drives, rekeying, downloading, especially combined with a badly timed power outage…. it's way too easy to accidentally lose the whole pool.

 

[m0nkey_]

indeed.
Perhaps this is why rumor has it that encryption wont be pursued in FreeNAS 10.[/USER]

Encryption will still be available, just not via the GUI. It's available via the CLI.