Bug#802089: ext4magic: recover or examine on ext4 file system is impossible
Eriberto Mota
eriberto at debian.org
Mon Nov 30 01:02:05 UTC 2015
Hi Roberto,
Thanks for your report. I tested ext4magic over Debian Unstable now
and the problem also occurs.
I applied your patch and uploaded a new package to unstable. When in
testing (five days), I will upload to Jessie-Backports.
To close this bug, I will wait a final solution.
Thanks a lot in advance.
Regards,
Eriberto
2015-10-17 10:45 GMT-03:00 Roberto Maar <robi6 at users.sf.net>:
> Package: ext4magic
> Version: 0.3.2-2
> Severity: normal
>
> Dear Maintainer,
>
> ext4magic has a misinterpretation of the physical block addresses and block lengths of ext4 inode.
> With each call by ext4magic be other random and too large values dertermined.
> Thus, a recover from ext4 file system is not possible.
> The error is permanent and 100% reproducible (also on i386)
> Often with the additional warning: "error-NR 22 can not found file"
>
>
> Example:
>
> # ext4magic -T -I2 -x /dev/sdb1 #debian 8.2 (amd64)
> ....
> Dump Inode 2 from journal transaction 0
> Inode: 2 Type: directory Mode: 0755 Flags: 0x80000
> Generation: 0 Version: 0x00000000:00000004
> User: 0 Group: 0 Size: 4096
> File ACL: 0 Directory ACL: 0
> Links: 5 Blockcount: 8
> Fragment: Address: 0 Number: 0 Size: 0
> ctime: 1444944845:3712000000 -- Thu Oct 15 23:34:05 2015
> atime: 1444944255:1968000000 -- Thu Oct 15 23:24:15 2015
> mtime: 1444944845:3712000000 -- Thu Oct 15 23:34:05 2015
> crtime: 1444943306:0000000000 -- Thu Oct 15 23:08:26 2015
> Size of extra inode fields: 28
> Level Entries Logical Physical Length Flags
> 0/ 0 1/ 1 0 - 25855 89219572695840 - 89219572721695 25856
> ......
> The block length 25855 and the start block 89219572695840 are random values
> and the false block data would also be used while trying a recover.
>
>
>
> The correct output should be: #OpenSuse 13.1 (x86-64)
> ......
> Dump Inode 2 from journal transaction 0
> Inode: 2 Type: directory Mode: 0755 Flags: 0x80000
> Generation: 0 Version: 0x00000000:00000004
> User: 0 Group: 0 Size: 4096
> File ACL: 0 Directory ACL: 0
> Links: 5 Blockcount: 8
> Fragment: Address: 0 Number: 0 Size: 0
> ctime: 1444944845:3712000000 -- Thu Oct 15 23:34:05 2015
> atime: 1444944255:1968000000 -- Thu Oct 15 23:24:15 2015
> mtime: 1444944845:3712000000 -- Thu Oct 15 23:34:05 2015
> crtime: 1444943306:0000000000 -- Thu Oct 15 23:08:26 2015
> Size of extra inode fields: 28
> Level Entries Logical Physical Length Flags
> 0/ 0 1/ 1 0 - 0 8865 - 8865 1
> 2 d 755 (2) 0 0 4096 15-Oct-2015 23:08 .
> 2 d 755 (2) 0 0 4096 15-Oct-2015 23:08 ..
> 11 d 700 (2) 0 0 16384 15-Oct-2015 23:08 lost+found
> 393217 d 755 (2) 0 0 12288 15-Oct-2015 23:04 etc
> < 131073> d 755 (2) 0 0 65536 15-Oct-2015 23:20 doc
> 524289 d 755 (2) 0 0 4096 15-Oct-2015 22:51 help
> .......
>
> See also Ticket #3 on ext4magic sf.net site.
>
>
> -- System Information:
> Debian Release: 8.2
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages ext4magic depends on:
> ii e2fslibs 1.42.12-1.1
> ii libblkid1 2.25.2-6
> ii libbz2-1.0 1.0.6-7+b3
> ii libc6 2.19-18+deb8u1
> ii libmagic1 1:5.22+15-2
> ii libuuid1 2.25.2-6
> ii zlib1g 1:1.2.8.dfsg-2+b1
>
> ext4magic recommends no packages.
>
> ext4magic suggests no packages.
>
> -- no debconf information
>
> _______________________________________________
> forensics-devel mailing list
> forensics-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
More information about the forensics-devel
mailing list