SUMMARY: Solaris partition table recovery?

From: Alfredo Sola <klk_at_intelideas.com>
Date: Mon Jul 05 2004 - 12:12:25 EDT
	Hi managers,

	I solved this problem. Actually, I had two solutions: a short-term solution, which is what I used; and a long-term solution, which is what I hope someone in the future can use to make it less painful.

	In short, the issue was:

>  I have to recover the partitions of a disk, normally in a Netra 
>(Sparc) box, that got its partitions wiped "accidentally". The "backup" 
>operation of format doesn't help.

	thanks to all the fellows that provided valuable suggestions, and especially to Joe Fletcher, Matthew Stier and Russell Page, who inspired the long-term solution.

Short-term solution
-------------------

	1. Find out the cylinder size in sectors. The fdisk option of format says this even with the vtoc wiped out. In my case, it was 1008 sectors; I have seen other IDE drives with a cylinder size of 4080 sectors.

	2. Add the disk to another box as a secondary, non-boot, and make an image of it. I used a Linux system with support for UFS and loopback devices:

	dd if=/dev/hdc of=/tmp/broken_partitions_disk_dump

	3. Look for a ufs filesystem in every cylinder of the drive. This will take only a couple hours for a disk that is several gigs in size; that is, if only a sample a couple megabytes long is extracted for each cylinder. I used this:

#!/bin/sh
#
# 	$Id: buscar-ufs-en-disco.sh,v 1.1 2004/07/05 16:07:35 alfredo Exp $	
#
#
Origen=/tmp/broken_partitions_disk_dump
Prueba=/tmp/try_this_chunk
Historico=/tmp/testlog
inicio=0

while [ $inicio -le 39000000 ] ; do
        printf "Probando con $inicio..."
	dd if=$Origen of=$Prueba bs=512 count=50000 skip=$inicio
	mount -t ufs -o ro,ufstype=sun,loop $Prueba /media/local
	resultado=$?
	case $resultado in
		0) printf "Exito con inicio en $inicio\n"
		   mail root@your-pc.com < "Exito con $inicio"
		   break
		   ;;
		*) printf "Resultado=$resultado\n"
		   ;;
	esac
	printf "Probado inicio=$inicio, resultado=$resultado\n" >> $Historico
	inicio=`expr $inicio + 1008`
done

	You need to substitute 1008 with your cylinder size, and 39000000 with the number of sectors that your disk has.

	Each time you find a partition, you just write down the sector where you found it, set the script to start in the next cylinder and search for more. Granted, it could be done more elegant; but this one was the quick, dirty and effective solution, so...

	4. For each partition found, dump it out of the disk image (again with dd, but using its actual size or more; problem is to fall short, not long), mount it just like the script does and rescue whatever you want.


Long-term solution
------------------

	During my googling in search of other cases like this one, I found a nice utility called testdisk by Christophe GRENIER at <http://www.cgsecurity.org/>. This small gem will do this for PC disks, but unfortunately it still does not support Solaris partitions. However, Christophe is very keen to add support for Solaris disks, and Testdisk will do the above automatically, faster and better once the support for Solaris is finished, hopefully by the next revision.

-- 
Alfredo Sola
ASP5-RIPE



-- 
Alfredo Sola
ASP5-RIPE
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Jul 5 12:34:48 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:33 EST