| 00:05:12 | | sralracer quits [Quit: Ooops, wrong browser tab.] |
| 00:32:06 | | etnguyen03 quits [Client Quit] |
| 00:38:02 | | pixel (pixel) joins |
| 01:10:50 | | fangfufu is now authenticated as fangfufu |
| 01:18:06 | | etnguyen03 (etnguyen03) joins |
| 02:17:11 | | nicolas17 joins |
| 02:17:13 | | nicolas17 is now authenticated as nicolas17 |
| 02:23:23 | | steering deletes his primary keyfile for his disk encryption |
| 02:23:32 | | steering was trying to delete the backup keyfile whose passphrase he doesn't remember |
| 02:23:43 | <steering> | f |
| 02:31:56 | <@imer> | .. which is fine, since you can just pull it out of one of the many external backups you have.. right? |
| 02:32:03 | <steering> | bahahahahahahahahah |
| 02:32:27 | <@imer> | :( |
| 02:33:11 | <@JAA> | Or it's unlocked, so you can just add another key to it, right? |
| 02:33:24 | <steering> | it is unlocked, but i don't think that's possible with luks2. |
| 02:33:51 | <@JAA> | Huh, it's not? |
| 02:34:06 | <@JAA> | Does it require you to present an existing key to add another slot? |
| 02:34:15 | <steering> | I do have sufficient available storage (new hdd's just arrived) to copy the data off. However, I don't have enough time to do more than start copying as much as I can to the first drive. (I only have 1 USB adapter) |
| 02:34:19 | <steering> | yeah |
| 02:34:22 | <@JAA> | TIL |
| 02:34:42 | <steering> | with luks1 you can just grab the key with dmsetup commands but apparently that's not possible with luks2. |
| 02:36:43 | <steering> | In theory *maybe* I could pull it out of kcore? IDK. |
| 02:38:51 | <steering> | There's a flag --disable-keyring in the cryptsetup CLI (and a corresponding flag in libcryptsetup) which deactivates the LUKS2 feature: By default in LUKS2, the volume key is apparently put into a kernel space where it's impossible to extract from user space. With LUKS1 or the --disable-keyring flag, it's put into dmcrypt. |
| 02:39:11 | <@JAA> | Ah |
| 02:40:57 | <@JAA> | But yeah, this kind of scenario is why I keep a backup of the LUKS header. |
| 02:50:52 | | steering plugs in new drive and starts rsync |
| 02:51:38 | | Stagnant quits [Remote host closed the connection] |
| 02:53:40 | <steering> | it's not even the header that's an issue. |
| 02:53:50 | <@JAA> | Hmm yeah, right. |
| 02:53:51 | <steering> | and also fireonlive had a copy of both keyfiles for me. |
| 02:53:57 | <@JAA> | Welp |
| 02:53:59 | <steering> | yep. |
| 02:54:01 | <@JAA> | fireonlive1+ |
| 02:54:03 | <@JAA> | fireonlive++ |
| 02:54:04 | <eggdrop> | [karma] 'fireonlive' now has 772 karma! |
| 02:54:23 | <datechnoman> | fireonlive++ |
| 02:54:24 | <eggdrop> | [karma] 'fireonlive' now has 773 karma! |
| 02:54:39 | <nulldata> | fireonlive++ |
| 02:54:39 | <eggdrop> | [karma] 'fireonlive' now has 774 karma! |
| 02:56:55 | <nulldata> | TotalBiscuit++ |
| 02:56:57 | <eggdrop> | [karma] 'TotalBiscuit' now has 1 karma! |
| 03:02:43 | | Stagnant (Stagnant) joins |
| 03:03:45 | | SootBector quits [Remote host closed the connection] |
| 03:03:46 | | sec^nd quits [Remote host closed the connection] |
| 03:04:00 | | sec^nd (second) joins |
| 03:04:07 | | SootBector (SootBector) joins |
| 03:11:46 | <nicolas17> | ohno |
| 03:20:03 | | etnguyen03 quits [Client Quit] |
| 03:20:43 | | nicolas17 quits [Client Quit] |
| 03:28:05 | | datechnoman quits [Quit: The Lounge - https://thelounge.chat] |
| 03:28:25 | | etnguyen03 (etnguyen03) joins |
| 03:28:50 | | datechnoman (datechnoman) joins |
| 03:29:15 | | steering finds some random kernel module on github that promises to make a memory dump |
| 03:39:40 | | etnguyen03 quits [Remote host closed the connection] |
| 03:59:23 | <steering> | yaaaaaaaaaaaaaaaaaaaaaaaa |
| 03:59:24 | <steering> | it works |
| 04:00:11 | <steering> | https://github.com/504ensicsLabs/LiME + https://sourceforge.net/projects/findaes/ -> just try every key until blkid is successful on the result |
| 04:00:19 | <steering> | & https://blog.appsecco.com/breaking-full-disk-encryption-from-a-memory-dump-5a868c4fc81e |
| 04:00:27 | <@imer> | nice |
| 04:00:35 | <steering> | key="... ..."; dmsetup remove luks-vol; dmsetup create luks-vol --table '0 1953492400 crypt aes-xts-plain64 '"$(echo $key | tr -d ' ')"' 0 /dev/loop1 32768' |
| 04:01:28 | <steering> | blkid /dev/mapper/luks-vol |
| 04:01:28 | <steering> | /dev/mapper/luks-vol: LABEL="datassd" UUID="d6306bbc-0fbe-419b-9540-dfac6c54779f" BLOCK_SIZE="4096" TYPE="ext4" |
| 04:02:50 | <@JAA> | Neat |
| 04:02:56 | <steering> | now i just have to find the key for 6 other drives |
| 04:04:22 | <steering> | (... and re-key everything afterwards since i've now stored key material unencrypted on an ssd) |
| 04:04:55 | <@JAA> | FUN |
| 04:10:36 | | i_have_n0_idea quits [Quit: The Lounge - https://thelounge.chat] |
| 04:11:03 | | i_have_n0_idea (i_have_n0_idea) joins |
| 04:11:50 | | Jake quits [Quit: Leaving for a bit!] |
| 04:12:07 | | Jake (Jake) joins |
| 04:45:14 | <steering> | not too bad, only like 40 mins |
| 04:46:04 | <steering> | turns out all 7 keys were in like the first 8-10 keys it dumped out, or so. just that the first one i tried was one of the last keys in the group |
| 04:47:28 | | DogsRNice quits [Read error: Connection reset by peer] |
| 04:50:26 | | i_have_n0_idea quits [Client Quit] |
| 04:50:55 | | i_have_n0_idea (i_have_n0_idea) joins |
| 04:52:41 | | i_have_n0_idea quits [Client Quit] |
| 04:53:23 | | i_have_n0_idea (i_have_n0_idea) joins |
| 05:07:41 | | benjins3 joins |
| 05:07:54 | | benjins2_ joins |
| 05:09:57 | | benjins2 quits [Ping timeout: 260 seconds] |
| 05:09:57 | | benjins3__ quits [Ping timeout: 260 seconds] |
| 05:09:57 | | benjinsm quits [Ping timeout: 260 seconds] |
| 05:14:17 | <steering> | yaaaay and also with cryptsetup I can do |
| 05:14:22 | <steering> | cryptsetup luksAddKey --volume-key-file fakekey /dev/nvme0n1 |
| 05:14:22 | <steering> | Volume key does not match the volume. |
| 05:14:28 | <steering> | cryptsetup luksAddKey --volume-key-file mayberealkey /dev/nvme0n1 |
| 05:14:28 | <steering> | Enter new passphrase for key slot: |
| 05:15:32 | <monoxane> | neato |
| 05:15:47 | <monoxane> | dont tell the feds xd |
| 05:16:02 | <steering> | echo '43 31 fc c4 1c 78 2a 13 56 60 14 e1 6a f1 d7 27 b0 91 78 ff d7 5e 4f da d5 4b 50 53 67 e7 80 deb7 20 eb 10 ae 4a 4f 31 bb a9 83 87 96 b1 20 98 19 7a 52 b2 78 9f 31 d1 42 42 41 87 20 5f 55 bb' | perl -ne 's/ //g; while (/(..)/g) { print chr hex $1; }' >mayberealkey |
| 05:16:18 | <steering> | if you're worried about this as an attack the solution is simple, just disable module loading (and kexec while you're at it) during boot |
| 05:16:38 | <steering> | (or don't give other people root / the ability to load modules) |
| 05:17:24 | <monoxane> | I think this very strongly falls into the "if someone has physical access to the running machine you're fucked anyway" class of attack |
| 05:17:43 | <steering> | I didn't need physical access for this, just root, but also true |
| 05:18:15 | <steering> | also, OOPS, even more reason to rotate key LOL |
| 05:18:16 | <steering> | oh well |
| 05:29:01 | | BlueMaxima quits [Quit: Leaving] |
| 06:08:57 | | tek_dmn quits [Quit: ZNC - https://znc.in] |
| 08:00:52 | | qwertyasdfuiopghjkl2 quits [Ping timeout: 260 seconds] |
| 09:18:22 | | qwertyasdfuiopghjkl2 (qwertyasdfuiopghjkl2) joins |
| 09:49:05 | <immibis> | there's always a trade off between security and availability |
| 09:49:11 | <immibis> | or usability |
| 09:50:11 | <immibis> | it's why I'm generally skeptical of drive encryption (but I encrypted my drives anyway when the police started raiding people for opposing the Palestine genocide) |
| 10:05:40 | | mls (mls) joins |
| 10:17:27 | <f_> | immibis: wait what? |
| 10:17:53 | <f_> | Well that sucks. |
| 10:36:23 | | tek_dmn (tek_dmn) joins |
| 11:08:42 | | SF quits [Ping timeout: 260 seconds] |
| 11:21:20 | | SF joins |
| 11:22:47 | | sralracer (sralracer) joins |
| 12:00:01 | | Bleo182600722719623 quits [Quit: The Lounge - https://thelounge.chat] |
| 12:02:44 | | Bleo182600722719623 joins |
| 12:30:15 | | mls quits [Client Quit] |
| 13:11:45 | | sludge quits [Remote host closed the connection] |
| 13:11:59 | | sludge joins |
| 13:53:12 | | tek_dmn quits [Ping timeout: 260 seconds] |
| 13:54:22 | | tek_dmn (tek_dmn) joins |
| 14:11:22 | | LddPotato quits [Read error: Connection reset by peer] |
| 14:11:45 | | LddPotato (LddPotato) joins |
| 14:13:37 | | ThreeHM_ quits [Ping timeout: 260 seconds] |
| 14:47:35 | | ThreeHM (ThreeHeadedMonkey) joins |
| 15:17:52 | | tek_dmn quits [Client Quit] |
| 15:19:48 | | tek_dmn (tek_dmn) joins |
| 15:41:52 | | DigitalDragons quits [Quit: Ping timeout (120 seconds)] |
| 15:41:52 | | Exorcism quits [Quit: Ping timeout (120 seconds)] |
| 15:50:05 | | AlsoHP_Archivist quits [Quit: Leaving] |
| 16:35:59 | | sludge is now authenticated as sludge |
| 18:01:22 | | lukash984 joins |
| 18:02:40 | | lukash980 joins |
| 18:04:37 | | lukash98 quits [Ping timeout: 260 seconds] |
| 18:04:37 | | lukash980 is now known as lukash98 |
| 18:06:22 | | lukash984 quits [Ping timeout: 260 seconds] |
| 18:20:32 | | DigitalDragons (DigitalDragons) joins |
| 18:24:55 | | HP_Archivist (HP_Archivist) joins |
| 18:35:32 | | eroc1990 quits [Quit: The Lounge - https://thelounge.chat] |
| 18:36:03 | | eroc1990 (eroc1990) joins |
| 20:18:48 | | Froxcey (Froxcey) joins |
| 20:33:21 | | DigitalDragons quits [Client Quit] |
| 20:33:56 | | DigitalDragons (DigitalDragons) joins |
| 21:21:05 | | nic8693102004 quits [Quit: The Lounge - https://thelounge.chat] |
| 21:24:22 | | nic8693102004 (nic) joins |
| 21:28:35 | | Exorcism (exorcism) joins |
| 22:08:15 | | Froxcey_ joins |
| 22:08:15 | | Froxcey quits [Read error: Connection reset by peer] |
| 22:09:21 | | Froxcey (Froxcey) joins |
| 22:09:21 | | Froxcey_ quits [Read error: Connection reset by peer] |
| 22:11:45 | | etnguyen03 (etnguyen03) joins |
| 22:14:18 | | BlueMaxima joins |
| 23:00:02 | | SootBector quits [Remote host closed the connection] |
| 23:00:28 | | SootBector (SootBector) joins |
| 23:13:32 | | etnguyen03 quits [Client Quit] |
| 23:23:53 | | colla quits [Quit: Lost terminal] |
| 23:30:24 | | etnguyen03 (etnguyen03) joins |
| 23:57:19 | | PredatorIWD2 quits [Read error: Connection reset by peer] |