Re: Problem mounting encrypted blu-ray disc or image

To: debian-user@lists.debian.org, Thomas Schmitt <scdbackup@gmx.net>
Subject: Re: Problem mounting encrypted blu-ray disc or image
From: "B.M." <b-misc@gmx.ch>
Date: Thu, 07 Jul 2022 14:26:07 +0200
Message-id: <[🔎] 3497397.LZWGnKmheA@engiadina>
In-reply-to: <[🔎] 4494375477432488177@scdbackup.webframe.org>
References: <[🔎] 2337929.obQ9GjlxrE@engiadina> <[🔎] 4494375477432488177@scdbackup.webframe.org>

> > file "$IMGFILE"
> > LUKS encrypted file, ver 2 [, , sha256] UUID:
> > 835847ff-2cb3-4c6d-aa04-d3b79010a2d3
> So it did not stay unencrypted by mistake.
> (I assume this is one of the unreadable images.)

It looks like this for both, the readable and the unreadable discs.

> > mount -t udf -o novrs /dev/mapper/BDbackup /mnt/BDbackup
> > [62614.207920] UDF-fs: warning (device dm-10): udf_load_vrs: No anchor
> > found [62614.207922] UDF-fs: Scanning with blocksize 2048 failed
> > So now I'm stuck again, but maybe one little step later...
> 
> Yeah. Reading the anchor is a little bit further in the procedure.
> But already the missing VRS is a clear indication that the image or disc
> does not get properly decrypted when being mounted for reading.
> The VRS was there when it was mounted for writing. Later it's gone.
> 
> A UDF filesystem image is supposed to bear at its start 32 KiB of zeros.
> Have a look with a hex dumper or editor at /dev/mapper/BDbackup.
> If you see something heavily non-zero, then decryption is the main
> suspect.

This is indeed the case:

9F AC 31 11  1B EA FC 5D  28 A7 41 4E  12 B6 DA D1 | .¬1..êü](§AN.¶ÚÑ
AE 29 C2 30  ED 7D 1E 75  80 2A 1E 3D  4A 45 1C 6F | ®)Â0í}.u.*.=JE.o
78 0C 78 F1  6F 6F FB 62  A6 79 E5 50  CA 67 9F 6E | x.xñooûb¦yåPÊg.n
69 C2 86 C0  36 40 A8 62  2C F5 15 0F  83 79 B8 46 | iÂ.À6@¨b,õ...y¸F
DF 38 E7 33  0D 2D C9 59  20 4C AF 06  B1 37 80 B2 | ß8ç3.-ÉY L¯.±7.²
D8 D3 00 61  69 07 2B 4B  1D 64 20 92  4A B9 72 29 | ØÓ.ai.+K.d .J¹r)
66 65 A8 FE  F0 BF D1 1F  AC 48 2E 7B  65 42 CB 69 | fe¨þð¿Ñ.¬H.{eBËi
9B DA EC 7E  55 F3 F3 08  82 F5 A9 0F  DB D2 BD 6D | .Úì~Uóó..õ©.ÛÒ½m
2B BC 00 F5  A2 68 A2 CF  18 11 77 49  05 18 B1 18 | +¼.õ¢h¢Ï..wI..±.
C1 18 E5 CB  48 F3 C6 FF  E5 85 C3 E5  60 F9 01 81 | Á.åËHóÆÿå.Ãå`ù..
96 DA B0 44  07 A4 E6 8D  99 E0 A4 F5  6F 1F F8 2E | .Ú°D.¤æ..à¤õo.ø.
36 B4 80 19  11 1F C3 93  0A EA BC 3B  09 D7 B2 D4 | 6´....Ã..ê¼;.×²Ô

For a readable disk, this look like you said: 
Only zeros.


> 
> > Thanks again for any hints...
> 
> As said, i would try whether UDF works fine without encryption.
> If yes, i would try whether dd-ing an unencryptedly populated UDF image
> into /dev/mapper/BDbackup yields images which are more reliably readable.
> 
> If UDF does not work even unencrypted, then i'd consider ext2 or ISO 9660
> as alternatives.
> (ext2 would be treated like UDF. For ISO 9660 i'd propose xorriso and
>  directing its output to the not mounted /dev/mapper/BDbackup.)

Why should UDF not work correctly without encryption?

I have an idea what might be the root cause for my problems:
As I mentioned earlier, from the small sample of discs I checked it seems that 
if I burned two discs for a backup session instead of one (too much data for 
one disc), the first one is unreadable, but the second one is readable.
With respect to the first discs it might be that during the execution of my 
script files get copied until the filesystem is full. Multi-disc backups are not 
handled by my script, I have to intervene manually. I never expected it to 
harm my process, moved some backup files manually, created another image which 
I burned on a second disc. So my question is basically:

Might it be possible, that when my UDF filesystem gets filled completely, the 
encryption get damaged? Or is my filesystem too large?

# Parameter:
[...]
IMGSIZE=24064000K
# There is an old comment in my script at this line, saying:
# let's try that: 24064000K
# 24438784K according to dvd+rw-mediainfo but creates at
# least sometimes INVALID ADDRESS FOR WRITE;
# alternative according to internet research: 23500M
IMGFILE=/home/TMP_BKP/backup.img
IMGLOOP=`losetup -f`

[...]

# Prepare loopback device:
echo "Preparing loopback device..."
touch $IMGFILE
truncate -s $IMGSIZE $IMGFILE
losetup $IMGLOOP $IMGFILE
echo "Creating encryption, filesystem and mounting:"
cryptsetup luksFormat --cipher aes-xts-plain64 $IMGLOOP
cryptsetup luksOpen $IMGLOOP BDbackup
mkudffs -b 2048 -m bdr --label $1 /dev/mapper/BDbackup
mount -t udf /dev/mapper/BDbackup /mnt/BDbackup

But: it's not only the burned disc which is not readable/mountable, it's also 
the image I created before burning.

Thank you once again.

Best,
Bernd

Reply to:

Follow-Ups:
- Re: Problem mounting encrypted blu-ray disc or image
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

References:
- Re: Problem mounting encrypted blu-ray disc or image
  - From: "B.M." <b-misc@gmx.ch>
- Re: Problem mounting encrypted blu-ray disc or image
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: nft newbie
Next by Date: Re: Problem mounting encrypted blu-ray disc or image
Previous by thread: Re: Problem mounting encrypted blu-ray disc or image
Next by thread: Re: Problem mounting encrypted blu-ray disc or image
Index(es):
- Date
- Thread