xref: /dragonfly/contrib/file/magic/Magdir/luks (revision 739f0ef867128a933e021db3d831e906fcafd825)
1
2#------------------------------------------------------------------------------
3# $File: luks,v 1.5 2022/09/07 11:23:44 christos Exp $
4# luks:  file(1) magic for Linux Unified Key Setup
5# URL:              https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
6#                   http://fileformats.archiveteam.org/wiki/LUKS
7# From:   Anthon van der Neut <anthon@mnt.org>
8# Update: Joerg Jenderek
9# Note:             verfied by command like `cryptsetup luksDump /dev/sda3`
10
110         string              LUKS\xba\xbe        LUKS encrypted file,
12# https://reposcope.com/mimetype/application/x-raw-disk-image
13!:mime    application/x-raw-disk-image
14#!:mime   application/x-luks-volume
15# img is the generic extension; no suffix for partitions; luksVolumeHeaderBackUp via zuluCrypt
16!:ext     /luks/img/luksVolumeHeaderBackUp
17# version like: 1 2
18>6        beshort             x                   ver %d
19# test for version 1 variant
20>6        beshort             1
21>>0                           use                 luks-v1
22# test for version 2 variant
23>6        beshort             >1
24>>0                           use                 luks-v2
25# Reference:        https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf
26#                   http://mark0.net/download/triddefs_xml.7z/defs/l/luks.trid.xml
27# display information about LUKS version 1
280         name                luks-v1
29# cipher-name like: aes twofish
30>8        string              x                   [%s,
31# cipher-mode like: xts-plain64 cbc-essiv
32>40       string              x                   %s,
33# hash specification like: sha256 sha1 ripemd160
34>72       string              x                   %s]
35>168      string              x                   UUID: %s
36# NEW PART!
37# payload-offset; start offset of the bulk data
38>104       ubelong  x                   \b, at %#x data
39# key-bytes; number of key bytes; key-bytes*8=MK-bits
40>108       ubelong  x                   \b, %u key bytes
41# mk-digest[20]; master key checksum from PBKDF2
42>112      ubequad             x                   \b, MK digest %#16.16llx
43>>120     ubequad             x                   \b%16.16llx
44>>128     ubelong             x                   \b%8.8x
45# mk-digest-salt[32]; salt parameter for master key PBKDF2
46>132      ubequad             x                   \b, MK salt %#16.16llx
47>>140     ubequad             x                   \b%16.16llx
48>>148     ubequad             x                   \b%16.16llx
49>>156     ubequad             x                   \b%16.16llx
50# mk-digest-iter; iterations parameter for master key PBKDF2
51>164      ubelong             x                   \b, %u MK iterations
52# key slot 1
53>208      ubelong             =0x00AC71F3         \b; slot #0
54>>208                         use                 luks-slot
55# key slot 2
56>256      ubelong             =0x00AC71F3         \b; slot #1
57>>256                         use                 luks-slot
58# key slot 3
59>304      ubelong             =0x00AC71F3         \b; slot #2
60>>304                         use                 luks-slot
61# key slot 4
62>352      ubelong             =0x00AC71F3         \b; slot #3
63>>352                         use                 luks-slot
64# key slot 5
65>400      ubelong             =0x00AC71F3         \b; slot #4
66>>400                         use                 luks-slot
67# key slot 6
68>448      ubelong             =0x00AC71F3         \b; slot #5
69>>448                         use                 luks-slot
70# key slot 7
71>496      ubelong             =0x00AC71F3         \b; slot #6
72>>496                         use                 luks-slot
73# key slot 8
74>544      ubelong             =0x00AC71F3         \b; slot #7
75>>544                         use                 luks-slot
76# Reference:        https://gitlab.com/cryptsetup/LUKS2-docs/-/raw/master/luks2_doc_wip.pdf
77#                   http://mark0.net/download/triddefs_xml.7z/defs/l/luks2.trid.xml
78# display information about LUKS version 2
790         name                luks-v2
80# hdr_size; size including JSON area called Metadata area by cryptsetup with value like: 16384
81>8        ubequad             x                   \b, header size %llu
82# possible check for MAGIC_2ND after header
83#>(8.Q)    string             SKUL\xba\xbe        \b, 2nd_HEADER_OK
84# seqid; sequence ID, increased on update; called Epoch by cryptsetup with value like: 3 4 8 10
85>16       ubequad             x                   \b, ID %llu
86# label[48]; optional ASCII label or empty; called Label by cryptsetup with value like: "LUKS2_EXT4_ROOT"
87>24       string              >\0                 \b, label %s
88# csum_alg[32]; checksum algorithm like: sha256 sha1 sha512 wirlpool ripemd160
89>72       string              x                   \b, algo %s
90# salt[64]; salt , unique for every header
91>104      ubequad             x                   \b, salt %#llx...
92# uuid[40]; UID of device as string like: 242256c6-396e-4a35-af5f-5b70cb7af9a7
93>168      string              x                   \b, UUID: %-.40s
94# subsystem[48]; optional owner subsystem label or empty
95>208      string              >\0                 \b, sub label %-.48s
96# hdr_offset; offset from device start [ bytes ] like: 0
97>256      ubequad             !0                  \b, offset %llx
98# char _padding [184]; must be zeroed
99#>264     ubequad             x                   \b, padding %#16.16llx
100#>440     ubequad             x                   \b...%16.16llx
101# csum[64]; header checksum
102>448      ubequad             x                   \b, crc %#llx...
103# char _padding4096 [7*512];  Padding , must be zeroed
104#>512     ubequad             x                   \b, more padding %#16.16llx
105#>4088    ubequad             x                   \b...%16.16llx
106# JSON text data terminated by the zero character; unused remainder empty and filled with zeroes like:
107# {"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse"
108>0x1000   string              x                   \b, at 0x1000 %s
109#>0x1000  indirect  x
110# display information (like active) about LUKS1 slot
1110         name                luks-slot
112# state of keyslot; 0x00AC71F3~active 0x0000DEAD~inactive
113#>0       ubelong             x                   \b, status %#8.8x
114>0        ubelong             =0x00AC71F3         active
115>0        ubelong             =0x0000DEAD         inactive
116# iteration parameter for PBKDF2
117#>4       ubelong             x                   \b, %u iterations
118# salt parameter for PBKDF2
119#>8       ubequad             x                   \b, salt %#16.16llx
120#>>16     ubequad             x                   \b%16.16llx
121#>>24     ubequad             x                   \b%16.16llx
122#>>32     ubequad             x                   \b%16.16llx
123# start sector of key material like: 8 0x200 0x3f8 0x5f0 0xdd0
124>40       ubelong             x                   \b, %#x material offset
125# number of anti-forensic stripes like: 4000
126>44       ubelong             !4000               \b, %u stripes
127