luks 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126
  1. #------------------------------------------------------------------------------
  2. # $File: luks,v 1.5 2022/09/07 11:23:44 christos Exp $
  3. # luks: file(1) magic for Linux Unified Key Setup
  4. # URL: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
  5. # http://fileformats.archiveteam.org/wiki/LUKS
  6. # From: Anthon van der Neut <anthon@mnt.org>
  7. # Update: Joerg Jenderek
  8. # Note: verfied by command like `cryptsetup luksDump /dev/sda3`
  9. 0 string LUKS\xba\xbe LUKS encrypted file,
  10. # https://reposcope.com/mimetype/application/x-raw-disk-image
  11. !:mime application/x-raw-disk-image
  12. #!:mime application/x-luks-volume
  13. # img is the generic extension; no suffix for partitions; luksVolumeHeaderBackUp via zuluCrypt
  14. !:ext /luks/img/luksVolumeHeaderBackUp
  15. # version like: 1 2
  16. >6 beshort x ver %d
  17. # test for version 1 variant
  18. >6 beshort 1
  19. >>0 use luks-v1
  20. # test for version 2 variant
  21. >6 beshort >1
  22. >>0 use luks-v2
  23. # Reference: https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf
  24. # http://mark0.net/download/triddefs_xml.7z/defs/l/luks.trid.xml
  25. # display information about LUKS version 1
  26. 0 name luks-v1
  27. # cipher-name like: aes twofish
  28. >8 string x [%s,
  29. # cipher-mode like: xts-plain64 cbc-essiv
  30. >40 string x %s,
  31. # hash specification like: sha256 sha1 ripemd160
  32. >72 string x %s]
  33. >168 string x UUID: %s
  34. # NEW PART!
  35. # payload-offset; start offset of the bulk data
  36. >104 ubelong x \b, at %#x data
  37. # key-bytes; number of key bytes; key-bytes*8=MK-bits
  38. >108 ubelong x \b, %u key bytes
  39. # mk-digest[20]; master key checksum from PBKDF2
  40. >112 ubequad x \b, MK digest %#16.16llx
  41. >>120 ubequad x \b%16.16llx
  42. >>128 ubelong x \b%8.8x
  43. # mk-digest-salt[32]; salt parameter for master key PBKDF2
  44. >132 ubequad x \b, MK salt %#16.16llx
  45. >>140 ubequad x \b%16.16llx
  46. >>148 ubequad x \b%16.16llx
  47. >>156 ubequad x \b%16.16llx
  48. # mk-digest-iter; iterations parameter for master key PBKDF2
  49. >164 ubelong x \b, %u MK iterations
  50. # key slot 1
  51. >208 ubelong =0x00AC71F3 \b; slot #0
  52. >>208 use luks-slot
  53. # key slot 2
  54. >256 ubelong =0x00AC71F3 \b; slot #1
  55. >>256 use luks-slot
  56. # key slot 3
  57. >304 ubelong =0x00AC71F3 \b; slot #2
  58. >>304 use luks-slot
  59. # key slot 4
  60. >352 ubelong =0x00AC71F3 \b; slot #3
  61. >>352 use luks-slot
  62. # key slot 5
  63. >400 ubelong =0x00AC71F3 \b; slot #4
  64. >>400 use luks-slot
  65. # key slot 6
  66. >448 ubelong =0x00AC71F3 \b; slot #5
  67. >>448 use luks-slot
  68. # key slot 7
  69. >496 ubelong =0x00AC71F3 \b; slot #6
  70. >>496 use luks-slot
  71. # key slot 8
  72. >544 ubelong =0x00AC71F3 \b; slot #7
  73. >>544 use luks-slot
  74. # Reference: https://gitlab.com/cryptsetup/LUKS2-docs/-/raw/master/luks2_doc_wip.pdf
  75. # http://mark0.net/download/triddefs_xml.7z/defs/l/luks2.trid.xml
  76. # display information about LUKS version 2
  77. 0 name luks-v2
  78. # hdr_size; size including JSON area called Metadata area by cryptsetup with value like: 16384
  79. >8 ubequad x \b, header size %llu
  80. # possible check for MAGIC_2ND after header
  81. #>(8.Q) string SKUL\xba\xbe \b, 2nd_HEADER_OK
  82. # seqid; sequence ID, increased on update; called Epoch by cryptsetup with value like: 3 4 8 10
  83. >16 ubequad x \b, ID %llu
  84. # label[48]; optional ASCII label or empty; called Label by cryptsetup with value like: "LUKS2_EXT4_ROOT"
  85. >24 string >\0 \b, label %s
  86. # csum_alg[32]; checksum algorithm like: sha256 sha1 sha512 wirlpool ripemd160
  87. >72 string x \b, algo %s
  88. # salt[64]; salt , unique for every header
  89. >104 ubequad x \b, salt %#llx...
  90. # uuid[40]; UID of device as string like: 242256c6-396e-4a35-af5f-5b70cb7af9a7
  91. >168 string x \b, UUID: %-.40s
  92. # subsystem[48]; optional owner subsystem label or empty
  93. >208 string >\0 \b, sub label %-.48s
  94. # hdr_offset; offset from device start [ bytes ] like: 0
  95. >256 ubequad !0 \b, offset %llx
  96. # char _padding [184]; must be zeroed
  97. #>264 ubequad x \b, padding %#16.16llx
  98. #>440 ubequad x \b...%16.16llx
  99. # csum[64]; header checksum
  100. >448 ubequad x \b, crc %#llx...
  101. # char _padding4096 [7*512]; Padding , must be zeroed
  102. #>512 ubequad x \b, more padding %#16.16llx
  103. #>4088 ubequad x \b...%16.16llx
  104. # JSON text data terminated by the zero character; unused remainder empty and filled with zeroes like:
  105. # {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse"
  106. >0x1000 string x \b, at 0x1000 %s
  107. #>0x1000 indirect x
  108. # display information (like active) about LUKS1 slot
  109. 0 name luks-slot
  110. # state of keyslot; 0x00AC71F3~active 0x0000DEAD~inactive
  111. #>0 ubelong x \b, status %#8.8x
  112. >0 ubelong =0x00AC71F3 active
  113. >0 ubelong =0x0000DEAD inactive
  114. # iteration parameter for PBKDF2
  115. #>4 ubelong x \b, %u iterations
  116. # salt parameter for PBKDF2
  117. #>8 ubequad x \b, salt %#16.16llx
  118. #>>16 ubequad x \b%16.16llx
  119. #>>24 ubequad x \b%16.16llx
  120. #>>32 ubequad x \b%16.16llx
  121. # start sector of key material like: 8 0x200 0x3f8 0x5f0 0xdd0
  122. >40 ubelong x \b, %#x material offset
  123. # number of anti-forensic stripes like: 4000
  124. >44 ubelong !4000 \b, %u stripes