Rescatux is from the developers of Super GRUB2. It is a useful distro for disaster recovery, e.g., your system is not booting or there is a filesystem error. You can create a live USB out of the distro ISO using Universal USB Installer or Ubuntu ImageWriter. Continue reading Rescatux: Debian based rescue distro
Most of us have the habit of depending on the browser to remember our passwords. What if you have forgotten the password and want to recover it? Not only the browser, there are several applications in your system which remember your passwords Continue reading LaZagne: password recovery tool
Harald Hoyer from Red Hat has come up with a demonstration of booting the Linux kernel to a command prompt on a UEFI device using a single image. It is the userland proof of concept for the work done by Kay Sievers and David Herrmann in gummiboot. They created a UEFI loader which starts a linux kernel with an initrd and a kernel cmdline, all stuffed-in as the COFF section of the executable.
Hover did this using a shell script which creates a rescue image on Fedora using a rescue kernel and rescue initrd. The kernel cmdline parameter rd.retry is set to 20 seconds to wait for devices. Finally it drops to a shell as the root device is specified as “root=/dev/failme” which does not exist. You can fsck your devices, mount them and repair your system from this shell.
To try it out on Fedora, run:
# yum install gummiboot binutils # wget https://raw.githubusercontent.com/haraldh/mkrescue-uefi/master/mkrescue-uefi.sh # chmod +x mkrescue-uefi.sh # bash mkrescue-uefi.sh BOOTX64.EFI
Copy the generated BOOTX64.EFI to a UEFI-formatted bootable FAT32 USB volume under EFI/BOOT/ and point your BIOS to boot from the USB stick. If you are not sure how to create the FAT32 volume, refer to my earlier article on creating a UEFI bootable ArchBang USB.
Hard disk or CD with important information gone bad? You might still be able to recover readable data using the low-level rescue tool safecopy. It’s a utility similar to GNU ddrescue.
safecopy does not fail where other tools (like cat or cp) fail on encountering an I/O error. It uses low level IO to read media in raw mode as well as direct hardware access with O_DIRECT instead of making calls through the virtual filesystem. In addition it issues device resets and other helpful low level operations.
Users can force continue a previous safecopy run at arbitrary position. It can keep trying to open source files even when they went away. This allows copying from devices that vanish temporarily in case of errors, like USB drives that renumerate in case of device resets.
From the developer notes: internally safecopy does this by identifying and skipping problematic or damaged areas, and continuing reading afterwards. The corresponding area in the destination file is either skipped (on initial creation that means padded with zeros) or deliberately filled with a recognizable pattern to later find affected files on a corrupted device. safecopy uses an incremental algorithm to identify the exact beginning and end of bad areas, allowing the user to trade minimum accesses to bad areas for thorough data resurrection. Multiple passes over the same file are possible, to first retrieve as much data from a device as possible with minimum harm, and then trying to retrieve some of the remaining data with increasingly aggressive read attempts.
safecopy can generate data to simulate a corrupt media. This data can be used to benchmark safecopy against similar data recovery tools.
To install safecopy on Ubuntu:
$ sudo apt-get install safecopy
A few common use cases:
- To view the options safecopy provides, run:
$ safecopy --help
- Resurrect a file from a mounted but damaged media, that cp failed on:
$ safecopy /path/to/problemfile ~/saved-file
- Create a filesystem image of a damaged disk/cdrom:
$ safecopy /dev/device ~/diskimage
- Interrupt and later resume a data rescue operation:
$ safecopy source dest <CTRL+C> (safecopy aborts) $ safecopy source dest -I /dev/null
- Find the corrupted files on a partially successful rescued file system:
$ safecopy /dev/filesystem image -M CoRrUpTeD $ fsck image $ mount -o loop image /mnt/mountpoint $ grep -R /mnt/mountpoint "CoRrUpTeD"
- Create an image of a device that starts at X and is Y in size:
$ safecopy /dev/filesystem -b -s <X/bsize> -l <Y/bsize>
Losing your images can be costly. You’ll definitely miss those precious moments from your kid’s childhood lost due to a disk or filesystem failure. Here’s the good news – if the disk is still readable there’s a chance that you can recover the images, thanks to Jaypack. It is a small open source tool that scans your disk to recover the files.
Jaypack works on a simple algorithm. It bypasses the filesystem and scans the disk for the image signature. To be more accurate, it checks for the characteristical SOI signature:
FF D8 FF, followed by a byte determining the type of the image (at the time of writing only for JPEG/JFIF, SPIFF and Exif images can be recovered) and then keeps track of these, as well as EOI signatures (
The tool is still under development and has its limitations – it uses a linear algorithm, has a limit on the maximum size of a file (by default set to 10MB, but configurable) and a number of skip bytes, during which EOI byte sequences won’t be honored. It also tends to sacrifice smaller images for bigger ones.
You need to compile the tool to use it. Download the source archive, extract it, cd into the source code directory and run:
It will generate 3 binaries: jaypack, jaypack-server, jaypack-client.
1. The simplest form of usage is:
$ sudo dd if=/dev/sdXn bs=8192 | ./jaypack max_size skip where sdXn: device node (e.g. sda, sdb2) max_size: maximum size (in bytes) of the file jaypack will consider skip: number of bytes to skip at the beginning (default 0, ~16000 recommende
The output will be a sequence of lines in the following format:
<jpgtype> <offset> <size>
You can then use dd to recover the files.
2. Client server way
jaypack-client will take the output of jaypack from stdin, extract data at those offsets and then output this in an idiotical binary format to stdout. jaypack-server will be able to take that binary format from stdin and then save .jpg files in a folder of your choosing. Example:
$ sudo dd if=<device> skip=<offset> bs=<bs> | ./jaypack - 16384 | sudo ./jaypack-client <device> <offset * bs> <extrasize> | ./jaypack-server <output-dir>/
3. Over the network
You can start the client on a computer where a live CD is booted, for instance, and pipe the recovered .jpgs over the network to another computer where you can safely stash them.
Run the following command on the server:
$ nc -l -p <server_port> | ./jaypack-server recovered-jpegs/
Run the following on the client (from which to recover images):
$ sudo dd if=/dev/sda1 skip=131072 bs=8192 | ./jaypack - 16384 | sudo ./jaypack-client /dev/sda1 1073741824 64 | nc <server_ip> <server_port>
We explored TimeShift in one of our earlier articles. We came across another backup tool that works similarly – Systemback. It too does a restore point based backup and can handle system files as well as user configuration files. Note that it is not a tool to backup videos, pictures or documents. A restore point can be created at any time and the application will list the time of the restore point creation for an easy rollback later. Features include:
- Create restore points
- Copy system from one partition to another
- Create a new user, modify root password, modify hostname
- Create a Live CD/DVD/USB from current system with or without user data
- System repair, Grub2 repair with or without fstab
- Upgrade Ubuntu to next release
- Exclude certain files
Run the following commands to install Systemback on Ubuntu (12.04.x, 14.04.x or 14.10 at the time of writing):
$ sudo add-apt-repository ppa:nemh/systemback $ sudo apt-get update $ sudo apt-get install systemback
Boot-Repair is a graphical utility that can recover the access to your operating systems and boot them. It is most useful when used in combination with the Boot-Repair-Disk, an advanced rescue disk. Features of Boot-Repair:
- Easy-to-use (repair in 1 click ! )
- Free (GPL open-source license)
- Helpful (Boot-Info summary to get help by email or on your favorite forum)
- Safe (automatic backups)
- Popular (300.000 users per year)
- Can recover access to Windows (XP, Vista, Windows7, Windows8).
- Can recover access to Debian, Ubuntu, Mint, Fedora, OpenSuse, ArchLinux…
- Can recover access to any OS (Windows, MacOS, Linux..) if your PC contains Debian, Ubuntu, Mint, Fedora, OpenSuse, ArchLinux, or derivative.
- Can repair MBR-locked OEM computer boot if the original bootsector has been saved by Clean-Ubiquity
- Can repair the boot when you have the “GRUB Recovery” error message
- Options to reinstall GRUB2/GRUB1 bootloader easily (OS by default, purge, unhide, kernel options..)
- and much more ! (UEFI, SecureBoot, RAID, LVM, Wubi, filesystem repair…)
A broken bootloader is a common problem which newbies face, most of the time while experimenting with dual boot. Super GRUB2 is a handy disk which can boot into a OS with a broken bootloader. Once you boot into the Linux OS installed it is easy to fix a broken GRUB2 with
grub-install /dev/sda. Features:
- Uses GRUB2
- Use a flash drive to boot
- GRUB2 like menu
- Detects any Linux, Windows or OSX installation
- Enable GRUB2’s LVM, RAID. PATA, USB, serial terminal support
- Super GRUB2 doesn’t fix GRUB, it enables you to boot into the OS
The same author also has written Rescatux (linked in homepage), a guided wizard-based recovery CD.
Do you forget the password to your Windows box often? Do you re-install it each time that happens? If the answer to the above questions is Yes!, then you should try out chntpw. It is a powerful tool that can help you change or reset your Windows password. The author distributes chntpw as a utility in a distro (named Pogostick) along with other utilities like registry editors.
- Works with any Windows release from NT3.5 to Windows 8.1 including servers
- Works for any local account on your Windows box
- Detects accounts and offers to unlock or reset
- No need to know the old password
- chntpw works on any Linux distro. Present in default Ubuntu repos.
- The author made his own distro (Pogostick). Install on USB. Run offline as any other portable Linux distro.
- Pogostick has registry editing tools for other needs too
- Good walkthrough documentation. Visit it first before proceeding.
Timeshift is hell of a useful utility for Ubuntu users. There are so many times when you may have broken your system and wished there was a tool like System Restore on Windows (or Time Machine on Mac) to get back to a Restore Point or snapshot. Admittedly, this is indeed an area where Linux was lacking a really useful functionality. Timeshift has just filled in the gap! Capabilities:
- Backs up only system files and settings
- Take incremental backups of your system at regular intervals
- Unmodified files are not backed up twice
- Return to a past snapshot
- Uses rsync and hard-links
- Automatic boot snapshots 30 minutes after system starts
- Runs at 30 minute intervals but takes snapshots only if required
- Uses tags to save more disk space
- System can be restored on the running system or from a live CD
- Cross-distro restoration for Ubuntu family of distros
- Minimal setup
To install on Ubuntu:
$ sudo add-apt-repository ppa:teejee2008/ppa $ sudo apt-get update $ sudo apt-get install timeshift
Timeshift is available for BTRFS volumes now. To install on Ubuntu:
sudo apt-add-repository -y ppa:teejee2008/ppa sudo apt-get update sudo apt-get install timeshift-btrfs