Recover deleted LUKS partition


Make an image (backup) of the drive BEFORE you do all this.

Read the documentation (e.g., "man pages") for all commands, and make sure you understand what they do, before using them.


For future reference, here's the solution:

  1. Find where the LUKS partition starts.  All LUKS partitions have a plaintext header containing the word LUKS. So

    sudo hexdump -C /dev/<the disk>  | grep LUKS
  2. Note where LUKS was.  hexdump should list an offset where it found the start of this header.  Mount the partition as a loopback device starting where the offset you found the LUKS header is

    sudo losetup -o <offset> -r -f /dev/nvme0n1

    For reference, my offset, in Xubuntu with an Intel SSD and GRUB2, was 0x3e900000.

  3. Find out which device it got losetup'd as

    losetup -a
  4. Decrypt & mount

    sudo cryptsetup luksOpen /dev/loop1 luksrecover

    At this point the disk should have been mounted under /media/.  However: your /home should still be encrypted.  It's time to decrypt

  5.  cd /home/<yourusername>
     sudo ecryptfs-recover-private .Private/

    This should produce the following

    INFO: Found [.Private/].
    Try to recover this directory? [Y/n]: Y
    INFO: Found your wrapped-passphrase
    Do you know your LOGIN passphrase? [Y/n] Y
    INFO: Enter your LOGIN passphrase...
    Inserted auth tok with sig [8c5d84b9d7f0cc5b] into the user session keyring
    INFO: Success!  Private data mounted at [/tmp/ecryptfs.mxsowbiD].

    Plug in an external storage device (e.g., an HDD), save your /home, /opt and whatever else you need. Re-install and replace the /home with your own. Or just move the existing filesystem to a proper partition.

Crisis averted, and it took only a few hours.