Unable to clone a Truecrypt full encrypted HDD to another HDD

[halb9]

Hello there,

I hope you're all doing good these days.

Hmm, where do I start? Well I have this old hard drive. It sat quietly in the "I'll do it later when I have time" closet for years. And now... now I have time.

Ok so what exactly are we talking about?

This is a Samsung HD103UJ (1TB, 7200rpm, 32M). It was encrypted with Truecrypt (don't know the exact version) with full disk encryption. I'm pretty sure I used Windows 7 at the time so there is probably a NTFS Partition 'under' the encryption layer. But the drive itself was just a data archive. So just one big partition, no Windows installation.

I still have the password and everything. So I tried mounting it in my Ubuntu 18.04 with Veracrypt. Sadly I got the following error.

A quick smart lookup looks like the drive is not in good shape.

smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.15.0-96-generic] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     SAMSUNG SpinPoint F1 DT
Device Model:     SAMSUNG HD103UJ
Serial Number:    xxx
LU WWN Device Id: 5 0024e9 002cec1d7
Firmware Version: 1AA01118
User Capacity:    1.000.204.886.016 bytes [1,00 TB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ATA/ATAPI-7, ATA8-ACS T13/1699-D revision 3b
Local Time is:    Fri Apr 10 00:18:34 2020 CEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
                    was never started.
                    Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
                    without error or no self-test has ever 
                    been run.
Total time to complete Offline 
data collection:        (14286) seconds.
Offline data collection
capabilities:            (0x7f) SMART execute Offline immediate.
                    Auto Offline data collection on/off support.
                    Abort Offline collection upon new
                    command.
                    Offline surface scan supported.
                    Self-test supported.
                    Conveyance Self-test supported.
                    Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
                    power-saving mode.
                    Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
                    General Purpose Logging supported.
Short self-test routine 
recommended polling time:    (   2) minutes.
Extended self-test routine
recommended polling time:    ( 239) minutes.
Conveyance self-test routine
recommended polling time:    (  25) minutes.
SCT capabilities:          (0x003f) SCT Status supported.
                    SCT Error Recovery Control supported.
                    SCT Feature Control supported.
                    SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   099   092   051    Pre-fail  Always       -       1845
  3 Spin_Up_Time            0x0007   054   054   011    Pre-fail  Always       -       14610
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       161
  5 Reallocated_Sector_Ct   0x0033   100   100   010    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000f   253   253   051    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0025   100   100   015    Pre-fail  Offline      -       11541
  9 Power_On_Hours          0x0032   098   098   000    Old_age   Always       -       8419
 10 Spin_Retry_Count        0x0033   100   100   051    Pre-fail  Always       -       0
 11 Calibration_Retry_Count 0x0012   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       151
 13 Read_Soft_Error_Rate    0x000e   099   093   000    Old_age   Always       -       1744
183 Runtime_Bad_Block       0x0032   100   100   000    Old_age   Always       -       0
184 End-to-End_Error        0x0033   100   100   000    Pre-fail  Always       -       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       2479
188 Command_Timeout         0x0032   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   067   058   000    Old_age   Always       -       33 (Min/Max 33/33)
194 Temperature_Celsius     0x0022   067   056   000    Old_age   Always       -       33 (Min/Max 33/33)
195 Hardware_ECC_Recovered  0x001a   100   100   000    Old_age   Always       -       301
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0012   096   096   000    Old_age   Always       -       180
198 Offline_Uncorrectable   0x0030   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x003e   100   100   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x000a   100   100   000    Old_age   Always       -       0
201 Soft_Read_Error_Rate    0x000a   253   253   000    Old_age   Always       -       0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Aborted by host               140%      8413         -
# 2  Extended offline    Completed: read failure       90%      8411         212558014
# 3  Short offline       Completed: read failure       20%      8410         212558014
# 4  Extended offline    Completed: read failure       40%      3020         1130237452
# 5  Short offline       Completed without error       00%      2974         -
# 6  Short offline       Completed without error       00%       873         -
# 7  Short offline       Completed without error       00%         0         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

My goal: I have a spare identical drive (HD103UJ). Do a raw sector-by-sector copy from the old to the new drive. Tinker with the new one and hopefully be able to encrypt it and make a backup.

First I tried a simple dd run. This failed me after about 100GB. Probably due to the bad sectors.

Next I tried using Acronis True Image 2017. The Live CD didn't even recognize my drives at all.
I put clonezilla onto a bootable USB thumbdrive. Tried the default non-expert device-device clone function which did not work.
Some google search findings suggest there might be a good set of values to be selected in the advanced menu. But I didn't want to stress my drive more than necessary.

Could you give me advice on what parameter might be good choice?

Thanks in advance and have a great day.

halb9

[Steven Shiau]

Since you mentioned that it might have some bad sectors, I would suggest you use the "ddrescue", which is also included in Clonezilla live, to do the sector by sector cloning.

Steven

[halb9]

Hi,

thank you for your answer. It is really appreciated.

Before your posting I already tried ddrescue and it is still ongoing.

It turns out TrueCrypt stores a backup disk header embedded in the volume.
You can use that to restore the main header in the case it might be corrupted.
https://www.neowin.net/forum/topic/984006-guide-backup-truecrypt-disk-header/
https://www.truecrypt71a.com/documentation/troubleshooting/

I was able to do that with VeraCrypt 1.24-Update 4 on my Ubuntu 18.04. Don't know if it really was nessecary but it's too late now.
The error message remained.

But TrueCrypt gives you the option to NOT mount the Filesystem when mounting the crypto layer. I did that (plus read-only mode) and was able to succesfully mount the volume.

As far as I can tell this probably means the crypto layer is intact, however the NTFS layer is corrupted.
This is the part where ddrescue comes into play.

I didn't want to tinker on my original harddrive and break something that is irreversible. So my primary goal was to make a copy of the full NTFS partition.

I found
https://datarecovery.com/rd/how-to-clone-hard-disks-with-ddrescue/
and started to image the partition onto a new 2TB hard disk.

This has been running for about 36 hours now and is still going. Slowly but the percentage is still going up.

If that goes well it should be possible to make additional copys of the hard disk image and try to repair the NTFS partition. Or use a file recovery tool.
I'll have a look at that later.

Thank you for your time.

[halb9]

Hi there,
short update:
ddrescue got me to 99.85%. It took about 6 hours to go from 99.84% to 99.85%. I let it run additional 10 hours but it was still stuck at 99.85%. For me this was the time to stop it.

As a side note. The link above strongly advice against(!) running it so many times if there are bad sectors. They suggest to seek the help of a professional data recovery center.
The data on the drive is not so important I would be willing to spend a good amount of money on it. I partly wanted to see how far I can come all on my own. Even at the risk of loosing everything.

With ddrescueview you can get a nice gui representation of the logfile, created by ddrescue.

Im going to make additional backups of my IMG file now and we will see how it goes from there.

[Steven Shiau]

OK, thanks for sharing that.

Steven

[halb9]

Hi there again, sorry for the long wait.

I was able to make additional copys of my .IMG file so I could work on them instead of the original HDD. Although probably not necessary I copied the IMG back to an identical hard drive.

I tried restoring the NTFS header with various tools. Which was not very successfull.

From that point I switched to PhotoRec to try to recover my files directly without the convenient help of a filesystem. And this is where I hit my biggest disappointment.
It seems kinda obvious now in hindsight but PhotoRec recovers files only. No directory structure, no filenames, nothing, just plain files. While this at no point is a failure of PhotoRec, for me it meant to have a bunch of unsorted random files. This might be good enough if you're looking for specific .pdf oder .doc(x) documents. If you had a bunch of .mp3 files and VIDEO_TS folder for complete dvds this is a pretty big mess.
Again, not pointing fingers here, just rationalizing that the amount of time I have to put into this to get back to the state I had before is simply not feasable. If possible at all.

My final thoughts.

Make backups
It was a fun ride.
It was a lot of work.
It did not go as I hoped it would go.
I'm glad it wasn't any family pictures or otherwise important files.
Make backups

Thanks for all the fish

Have a good day

TLDR;
Found an old encrypted hard drive.
Restored the crypto header.
Filesystem corrupt as well bad sectors on drive.
Made 99.85% 1:1 copy of failing drive with ddrescue.
Did not manage to restore NTFS filesystem header.
Restored files directly with PhotoRec
Realized this will be to much work.
End project without success. Cry in the corner.