API tools faq
paste
genBTC

DD dump and then searching for pool_guid in hex

genBTC
Jul 8th, 2020 (edited)
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.06 KB | None | 0 0
raw download clone embed print report
  1. [130]EOFL@freenas:~$ gpart show da0
  2. => 40 7814037088 da0 GPT (3.6T)
  3. 40 88 - free - (44K)
  4. 128 7814036992 1 freebsd-zfs (3.6T)
  5. 7814037120 8 - free - (4.0K)
  6.  
  7. EOFL@freenas:~$ sudo dd if=/dev/da0 of=~/da0lastsectors.bin skip=7814036000
  8. Password:
  9. 1168+0 records in
  10. 1168+0 records out
  11. 598016 bytes transferred in 15.721707 secs (38038 bytes/sec)
  12.  
  13. #This is the actual good pool (on partition 1)
  14. EOFL@freenas:~$ sudo zdb -l /dev/da0p1
  15. ------------------------------------
  16. LABEL 0
  17. ------------------------------------
  18. version: 5000
  19. name: 'RaidZ-4TBx3'
  20. state: 0
  21. txg: 13958374
  22. pool_guid: 3025141855217507971 <-------------
  23.  
  24. #Convert to hex
  25. 3025141855217507971 == 29fb767d4b67de83
  26.  
  27. #run xxd (linux) or hd (BSD) = (hexdump)
  28. EOFL@freenas:~$ xxd da0lastsectors.bin
  29. 000010a0: 0000 0028 0000 0009 706f 6f6c 5f67 7569 ...(....pool_gui
  30. 000010b0: 6400 0000 0000 0008 0000 0001 29fb 767d d...........).v} <--- 29fb 767d
  31. 000010c0: 4b67 de83 0000 0024 0000 0020 0000 0006 Kg.....$... .... <--- 4b67 de83
  32.  
  33. #GUID = last 2 bytes of line2, first 2 of line 3.
  34.  
  35. #This is the broken remnant pool (with the same name) (on wholedisk/mbr?)
  36. EOFL@freenas:~$ sudo zdb -l /dev/da0
  37. ------------------------------------
  38. LABEL 0
  39. ------------------------------------
  40. failed to unpack label 0
  41. ------------------------------------
  42. LABEL 1
  43. ------------------------------------
  44. failed to unpack label 1
  45. ------------------------------------
  46. LABEL 2
  47. ------------------------------------
  48. version: 5000
  49. name: 'RaidZ-4TBx3'
  50. state: 2
  51. txg: 162
  52. pool_guid: 1085295563579971048 <-------------
  53.  
  54. #Convert to hex
  55. 1085295563579971048 == F0FBE909F7DD5E8 == 0f0f be90 9f7d d5e8 (leading zero)
  56.  
  57. # FOUND! at the very beginning of the sector dump. (grep for "0f0f be90" or other pairs, may be newline/split)
  58. # manually translate hex to sector numbers/offsets.
  59. # manually erased with targeted dd ~4 sectors. (real pool has to be exported first because ZFS locks the dev)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!