Look at the data.. yup, its there, lets see what I can do.. this will be maddening to walk by hand.. screw it. sparc64 we go....

Could it be the IV for geli is endian specific.... YES IT IS. Patch kernel to force endianness on it.. BOOM it works.. I have access.

I look at the raw data from geli.. look at drive 1.. totally random.. I GUESS it could be in the middle of a data block.. look at drive 2.. a clear UFS header... OK.. so this clearly works. Look at a few more blocks... randomness. I SHOULD be seeing inode blocks, I know what they look like.. what gives?.. and which is the GEOM_STRIPE footer missing?

So, first I decide to just bring them over to x86, I know UFS will be a problem with the endianness, but I can just get a good poke at the data, make sure it is even there. Get the disks attach, geli attach... accepts the passwords, but the stripe doesn't show up?!

This old copy was on USB external disks, striped (2 of them) geli encrypted and written to on SPARC64/FreeBSD.. I think now you know the trajectory of the story (Maybe I should have opened with that)

The beginning: Recently I have gotten back to some old projects, and I started to re-hydrate some OLD data files. One of these was curiously corrupt. After tracking down how (looks like it got truncated in one of the copies), I remember I still had a SUPER old copy on a backup from WAY back when (think 10 + years)

I figured I would chronicle my latest journey here, because I know some people will get a kick out it it. The theme: Retro computing with a side of data recovery.. or is that data recovery with a side of retro computing..... first in a series 🧵

ugh, so apparently geli IVs are host endian specific. well, that is going to complicate things.

