{"id":6261,"date":"2020-02-18T14:29:35","date_gmt":"2020-02-18T05:29:35","guid":{"rendered":"http:\/\/takuyakobayashi.jp\/blog\/?p=6261"},"modified":"2020-02-18T14:36:10","modified_gmt":"2020-02-18T05:36:10","slug":"cryptsetup%e3%81%a7luks%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%82%b7%e3%82%b9%e3%83%86%e3%83%a0%e3%82%92%e4%bd%bf%e7%94%a8%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/takuyakobayashi.jp\/blog\/2020\/02\/18\/6261","title":{"rendered":"cryptsetup\u3067LUKS\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3059\u308b"},"content":{"rendered":"

\u4eca\u56de\u306fHDD\u306a\u3069\u306e\u7269\u7406\u5a92\u4f53\u3092\u6697\u53f7\u5316\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u3001\u30d5\u30a1\u30a4\u30eb\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002<\/p>\n

dd\u30b3\u30de\u30f3\u30c9\u3067\u30c6\u30b9\u30c8\u7528\u30d5\u30a1\u30a4\u30ebluks.img\uff081GB\uff09\u3092\u4f5c\u6210\u3002<\/p>\n

# dd if=\/dev\/zero of=luks.img bs=1M count=1024<\/strong><\/code><\/p>\n

1.LUKS\u3068\u3057\u3066\u30d5\u30a9\u30fc\u30de\u30c3\u30c8<\/h2>\n

\u300ccryptsetup luksFormat \u30a4\u30e1\u30fc\u30b8\u30d5\u30a1\u30a4\u30ebor\u30c7\u30d0\u30a4\u30b9\u30d5\u30a1\u30a4\u30eb<\/em>\u300d\u3067LUKS\u3068\u3057\u3066\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3057\u307e\u3059\u3002A you sure?\u306b\u306f\u5927\u6587\u5b57\u3067YES\u3068\u5165\u529b\u3002\u6b21\u306b\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u30922\u5ea6\u805e\u304b\u308c\u308b\u306e\u3067\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n

# cryptsetup luksFormat luks.img<\/strong>
\nWARNING!
\n========
\nThis will overwrite data on luks.img irrevocably.
\nAre you sure? (Type uppercase yes): YES<\/strong>
\nEnter passphrase for luks.img:
\n\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u78ba\u8a8d:
\n<\/code><\/p>\n

file\u30b3\u30de\u30f3\u30c9\u3067\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n

# file luks.img <\/strong>
\nluks.img: LUKS encrypted file, ver 1 [aes, xts-plain64, sha256] UUID: 94fd36b1-f397-4f14-8ee6-a39c6c88809b<\/code><\/p>\n

cryptsetup luksDump\u3067\u8a73\u7d30\u306a\u60c5\u5831\u304c\u5f97\u3089\u308c\u307e\u3059\u3002<\/p>\n

# cryptsetup luksDump luks.img<\/strong>
\nLUKS header information for luks.img
\nVersion: \t1
\nCipher name: \taes
\nCipher mode: \txts-plain64
\nHash spec: \tsha256
\nPayload offset:\t4096
\nMK bits: \t256
\nMK digest: \tf6 53 e6 6a 29 a1 28 9d 42 45 4e 75 63 89 c6 29 fc 96 59 01
\nMK salt: \t9b 37 90 94 1c 97 e9 b6 4e 6b b6 b1 3e 6e 01 ee
\n \tef 3b a9 70 9c e4 b8 03 4e 52 15 ae e0 d1 3c 83
\nMK iterations: \t213472
\nUUID: \t94fd36b1-f397-4f14-8ee6-a39c6c88809b
\nKey Slot 0: ENABLED
\n\tIterations: \t3415556
\n\tSalt: \ta6 aa 14 a3 0a c7 f9 e3 c9 72 9b ab 75 92 de 60
\n\t \t70 44 cc 6e 1f b6 c0 0e 16 76 45 b9 07 f9 76 b7
\n\tKey material offset:\t8
\n\tAF stripes: \t4000
\nKey Slot 1: DISABLED
\n:<\/code><\/p>\n

2.LUKS\u3092\u958b\u304f<\/h2>\n

\u300ccryptsetup luksOpen \u30a4\u30e1\u30fc\u30b8\u30d5\u30a1\u30a4\u30ebor\u30c7\u30d0\u30a4\u30b9\u30d5\u30a1\u30a4\u30eb \u4efb\u610f\u306e\u540d\u524d<\/em>\u300d\u3067LUKS\u3092\u958b\u304d\u307e\u3059\u3002<\/p>\n

# cryptsetup luksOpen luks.img luksfilesystem<\/strong>
\nEnter passphrase for luks.img:
\n<\/code><\/p>\n

\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u6b63\u3057\u3044\u5834\u5408\u300c\/dev\/mapper\/\u4efb\u610f\u306e\u540d\u524d\u300d\u306b\u30c7\u30d0\u30a4\u30b9\u30d5\u30a1\u30a4\u30eb\u304c\u51fa\u73fe\u3057\u307e\u3059\u3002\u300cluksfilesystem\u300d\u3068\u3044\u3046\u540d\u524d\u3067\u958b\u3044\u305f\u306e\u3067\u300c\/dev\/mapper\/luksfilesystem\u300d\u304c\u5bfe\u8c61\u306e\u30d5\u30a1\u30a4\u30eb\u3067\u3059\u3002<\/p>\n

# ls \/dev\/mapper\/<\/strong>
\ncontrol luksfilesystem\u2190\u3053\u308c<\/em>
\n<\/code><\/p>\n

3.\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f5c\u6210<\/h2>\n

\u901a\u5e38\u306e\u30c7\u30d0\u30a4\u30b9\u3068\u540c\u3058\u8981\u9818\u3067mkfs\u306a\u3069\u3067\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n

# mkfs -t ext4 \/dev\/mapper\/luksfilesystem<\/strong><\/code><\/p>\n

4.\u30de\u30a6\u30f3\u30c8\u3059\u308b<\/h2>\n

\u901a\u5e38\u306e\u30c7\u30d0\u30a4\u30b9\u3068\u540c\u3058\u8981\u9818\u3067\u30de\u30a6\u30f3\u30c8\u3057\u307e\u3059\u3002<\/p>\n

# mount \/dev\/mapper\/luksfilesystem \/mnt<\/strong><\/code><\/p>\n

\u901a\u5e38\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3068\u540c\u3058\u3088\u3046\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u307e\u3059\u3002<\/p>\n

# df -h \/mnt<\/strong>
\nFilesystem Size Used Avail Use% Mounted on
\n\/dev\/mapper\/luksfilesystem 990M 2.6M 921M 1% \/mnt
\n# ls \/mnt<\/strong>
\nlost+found
\n<\/code><\/p>\n

5.\u30a2\u30f3\u30de\u30a6\u30f3\u30c8\u3057\u3066LUKS\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u9589\u3058\u308b<\/h2>\n

\u30c7\u30d0\u30a4\u30b9\u306e\u53d6\u308a\u5916\u3057\u306e\u969b\u306b\u306f\u30a2\u30f3\u30de\u30a6\u30f3\u30c8\u3057\u305f\u5f8c\u306bcryptsetup luksClose\u3092\u5b9f\u884c\u3057\u3066LUKS\u3092\u9589\u3058\u307e\u3059\u3002<\/p>\n

# unmount \/mnt<\/strong>
\n# cryptsetup luksClose luksfilesystem<\/strong><\/code><\/p>\n

\u304a\u307e\u3051 bruteforce-luks<\/h2>\n

\u30ad\u30fc\u30d5\u30ec\u30fc\u30ba\u304c\u8a2d\u5b9a\u3055\u308c\u305fLUKS\u306fbruteforce-luks\u3067\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u3084\u8f9e\u66f8\u30a2\u30bf\u30c3\u30af\u304c\u53ef\u80fd\u3067\u3059\u3002\u3061\u306a\u307f\u306bLUKS\u30d5\u30a1\u30a4\u30eb\u306e\u982d10MB\u3042\u308c\u3070\u653b\u6483\u53ef\u80fd\u3067\u3059\u3002<\/p>\n

# dd if=luks.img of=lukstest.img bs=1M count=10<\/strong>
\n# bruteforce-luks -f \/usr\/share\/john\/password.lst lukstest.img<\/strong><\/code><\/p>\n

\"\"<\/p>\n","protected":false},"excerpt":{"rendered":"

\u4eca\u56de\u306fHDD\u306a\u3069\u306e\u7269\u7406\u5a92\u4f53\u3092\u6697\u53f7\u5316\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u3001\u30d5\u30a1\u30a4\u30eb\u3092\u6697\u53f7\u5316\u3057\u307e\u3059\u3002 dd\u30b3\u30de\u30f3\u30c9\u3067\u30c6\u30b9\u30c8\u7528\u30d5\u30a1\u30a4\u30ebluks.img\uff081GB\uff09\u3092\u4f5c\u6210\u3002 # dd if=\/dev\/zero of=luks.img bs=1M cou … \u7d9a\u304d\u3092\u8aad\u3080 cryptsetup\u3067LUKS\u30d5\u30a1\u30a4\u30eb\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3059\u308b<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":6262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-6261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tips"],"_links":{"self":[{"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/posts\/6261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/comments?post=6261"}],"version-history":[{"count":0,"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/posts\/6261\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/media\/6262"}],"wp:attachment":[{"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/media?parent=6261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/categories?post=6261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/takuyakobayashi.jp\/blog\/wp-json\/wp\/v2\/tags?post=6261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}