Can't mount encrypted volume on the SSD
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
#379 Can't mount encrypted volume on the SSD
External SSD Samsung Portable SSD T5 (1TB), almost new. For 2-3 months it was used to store data only under Win10 with native Samsung encryption software (a program called Samsung Portable SSD Software).
I needed to use it under Ubuntu 20.04. And Samsung for some reason did not write its program for Linux, so I decided to encrypt the disk using VeraCrypt.
Did the following:
- The SSD was decrypted under Win10 by the native Samsung program, disabled the password request.
- Copied all data to a new external HDD, which was previously encrypted by VeraCrypt (no hidden volume, only for short-term backup).
- SSD formatted with the standard Win10 utility (full).
- Encrypted SSD using VeraCrypt ("Encrypt a non-system partition/drive", created normal and hidden volumes), everything by default, without PIM and key files, exFAT. Unfortunately, the header was not backed up. I checked it several times - everything is mounted and unmounted without problems.
- Copied data from external HDD to hidden volume on encrypted SSD. I checked it a few more times - it mounts and unmounts, the data was copied completely, readable. The same thing after disconnecting the SSD and reconnecting it. The normal encrypted volume with files written to it before the creation of the hidden volume is also OK. After the creation of the hidden volume, I did not write anything to the normal one.
- Since the main data backup was supposed to be done on another disk, and the copy on the HDD was made only for data transfer, this HDD was formatted and overwritten. That is, the backup is no longer there.
What happened next:
The computer turned off completely. The SSD was disconnected before shutting down. After a few hours, I start the computer, load Ubuntu right away, plug in the SSD and try to mount the hidden volume. I get the infamous message: “Operation failed due to one or more of the following: - Incorrect password; - Incorrect Volume PIM number; - Incorrect PRF (hash); - not a valid volume. Source: MountVolume: 8299 ".
It's exactly the same with the normal encrypted volume.
Everything is the same under Win10.
Win10 Explorer does not see the SSD, but before shutting down it was seen as unformatted. In system tools the SSD is shown as uninitialized and Win10 offers to initialize it (of course, I refused). Under Ubuntu the SSD is shown in the application Drives, but when connected, Ubuntu does not recognize it as an external media that can be operated (the disk icon does not appear). VeraCrypt sees the SSD in the list of devices as Hard Disk 2, but without partitions, but when trying to mount a volume after selecting a device, it writes in the main window “\Device\Harddisk2\Partition0”.
There are no signs of failure of the SSD itself. VeraCrypt passwords are unambiguously correct (of course, different for the normal and hidden volumes). TRIM, in theory, should not have done something wrong, because after formatting the SSD, it should have been considered "empty", and after encryption the data was written to the encrypted volume, and from the point of view of the OS, no files were written to the drive or deleted.
The task is to somehow restore the data and understand what not to do in the future, so as not to get into such a situation again. Thanks in advance for any thoughts and advice.
Have you tried to mount it with "Use backup header embedded in volume if available"?
If you can mount hidden one that way but not the outer one it may be that not only the header is corrupt but also the filesystem data. If that is the case most of the data should still be recoverable.
minesheep, thank you for trying to help me.
"Have you tried to mount it with "Use backup header embedded in volume if available"?"
Yes, but it doesn't work.
"If you can mount hidden one that way but not the outer one it may be that not only the header is corrupt but also the filesystem data. If that is the case most of the data should still be recoverable."
in the usual way, I could not mount any of the volumes. But I managed to mount the volume from a sector-by-sector copy of the SSD. Thus, managed to access the data and save it. But after disconnecting the drive containing the sector-by-sector copy, the same issue occurred when reconnecting.
As a result of my experiments, I came to the conclusion that any fully encrypted non-system drive works only as long as it is not disconnected from the computer.
in my case, before creating a sector-by-sector copy, it was necessary to first partition a new drive, and after creating a copy, do not disconnect it from the computer until the data is saved to another medium. When you reconnect the same drive, it always becomes unpartitioned and VC can't mount any volumes.
In the case of a container file written to any normal partitioned disk, there are no problems.
Despite the fact that I was able to save the data, I would like to understand how to encrypt entire non-system drives, so that later I can mount the encrypted volume.
how did you perform sector-by-sector copy ??