DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th July 2020
Bronzu's Avatar
Bronzu Bronzu is offline
An experienced newbie
 
Join Date: Jun 2020
Location: Yurop, Polend
Posts: 9
Unhappy Ran "data destroyer" on my main drive, nothing's wrong?

So here is my confusion, I accidentaly ran this command:
Code:
dd if=debian-10.4.0-amd64-netinst.iso of=/dev/rsd0c; sync
And to my amazement the computer didn't shutdown, but fsck did give me a bunch of errors. The thing is, i'm scared to reboot but something tells me the ~300mb file was written only to the swap partition. It being at beginning my fstab:
Code:
c6aed634a5665095.b none swap sw
c6aed634a5665095.a / ffs rw 1 1
c6aed634a5665095.l /home ffs rw,nodev,nosuid 1 2
c6aed634a5665095.d /tmp ffs rw,nodev,nosuid 1 2
c6aed634a5665095.f /usr ffs rw,nodev 1 2
c6aed634a5665095.g /usr/X11R6 ffs rw,nodev 1 2
c6aed634a5665095.h /usr/local ffs rw,wxallowed,nodev 1 2
c6aed634a5665095.k /usr/obj ffs rw,nodev,nosuid 1 2
c6aed634a5665095.j /usr/src ffs rw,nodev,nos. Thisuid 1 2
c6aed634a5665095.e /var ffs rw,nodev,nosuid 1 2
Still, I think my intuition is wrong and I might have destroyed something very important.

Does anyone know how I can possibly fix this dilemma?
__________________
If you tell me "who would care enough to hack me" or "nothing to hide nothing to fear", then be sure we won't get along.
Reply With Quote
  #2   (View Single Post)  
Old 28th July 2020
ibara ibara is offline
QEX author
 
Join Date: Jan 2014
Posts: 754
Default

To know where each partition physically lives on your drive, you can run disklabel.
Code:
$ disklabel sd0c
As for what I would do, plug in a USB stick big enough to contain your /home dir and copy it over. Be safe not sorry.
Reply With Quote
  #3   (View Single Post)  
Old 28th July 2020
bradley bradley is offline
Port Guard
 
Join Date: Jul 2020
Posts: 34
Default

First of all have a look at this blogpost.

I might be mistaken, but you may have messed up the partitions/partition table. If you make a backup of all the partitions and you know where they EXACTLY are/were, there is a good chance that everything can be recovered. The steps depend also on the config, whether it's a one machine/one OS config or something else. I would not reboot until I understood what exactly happened and figured out the steps to recover (I mean if there isn't an easier way to solve this).

Your situation is a bit different from the blogpost, but understing the hints there will help to figure out the next steps.
Reply With Quote
  #4   (View Single Post)  
Old 29th July 2020
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 244
Default

Code:
of=/dev/rsd0c
You wrote to the beginning of the output file. The first stage boot loader fits into the first 512 bytes. It is no longer there, along with the partition table, etc.
Reply With Quote
  #5   (View Single Post)  
Old 4th August 2020
Bronzu's Avatar
Bronzu Bronzu is offline
An experienced newbie
 
Join Date: Jun 2020
Location: Yurop, Polend
Posts: 9
Default

Well you guys were right, data got wrecked. Couldn't save much, but I was happy to have a backup (not much data was lost, not that it was that important in the first place). I'm sorry I couldn't reply in any way, I was waiting for a new laptop already to install OpenBSD on.
Anyway, to anyone reading this and that might have made a similar mistake try to backup as much data as you can without rebooting. If you can't mount a physical device for some reason. DO NOT ls into /dev!! That's how I got a kernel panic.
__________________
If you tell me "who would care enough to hack me" or "nothing to hide nothing to fear", then be sure we won't get along.
Reply With Quote
  #6   (View Single Post)  
Old 6th August 2020
bradley bradley is offline
Port Guard
 
Join Date: Jul 2020
Posts: 34
Default

Sorry to hear that a fix was not available. Several years ago I was basically in a similar situation on a desktop machine. At the beginning of the HDD there were some other OS partitions and grub. The partition table was messed up, as it was pointed out by gpatrick. As I had the same partitioning for a long time, I could just have a look at one of the backups and take the numbers from there in order to restore the partition table (managed to restore the MBR).

I had a backup of the grub partition and I could recover it where it was before. Even without a backup it would not have been an issue as I could have just installed it again on the partiton it was before. Luckily the OpenBSD partition was an easy fix too as I just took the hdd, run a tool (cannot remember exactly what it was, maybe testdisk) and it discovered the lost partition (I'm talking about one partition and not partitions because it was one softraid encrypted partition). The dd command did not affect the partition itself, being around the end of the hdd. After the tool recovered it, I booted into Grub and it chainloaded OpenBSD as usual.

I'm wondering:
- If something like that happens and the system is still up, would a dd command work to copy at least /home on a usb stick (would the system work that long)?
- Might it be possible to run a command using the files in /var/backups in order to restore the partition table and at least the partition structure first? Those files are created daily when the security script runs at 1:30.

In a situation like that it's good to make a hdd image first. In that case it won't get worse while trying recovery.
Reply With Quote
  #7   (View Single Post)  
Old 6th August 2020
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 946
Default

Quote:
Originally Posted by bradley View Post
I'm wondering:
- If something like that happens and the system is still up, would a dd command work to copy at least /home on a usb stick (would the system work that long)?
I don't think there would be a useful answer to this, it would depend on how much damage was done and where/what was overwritten. You could imagine over-writing the MBR and part of another OS only, or a small part of the running OS, or lots of it. The time it might run would probably be very different in these cases. Eventually, once the kernel starts to access garbage on-disk, it will cause some kind of problems/corruption and most likely crash.
Reply With Quote
  #8   (View Single Post)  
Old 7th August 2020
girarde girarde is offline
Fdisk Soldier
 
Join Date: Nov 2010
Location: NW FL
Posts: 62
Default

dd is one of the commands whose arguments I always double check, specifically to be sure that "of" points to something whose contents are either duplicated or unneeded.
Reply With Quote
Reply

Tags
dd corruption loss data accident

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security "Data and Goliath" , a book by Bruce Schneier J65nko News 0 11th March 2015 01:38 AM
Multihome, packets leaving by "wrong" interface irukandji FreeBSD Security 7 13th July 2013 05:12 AM
EU's AXLE to drive open source "Big Data" analytics J65nko News 0 1st May 2013 05:33 PM
Data caps a "crude and unfair tool" for easing online congestion J65nko News 0 4th December 2011 09:33 PM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM


All times are GMT. The time now is 05:25 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick