Created
June 5, 2013 18:09
-
-
Save williballenthin/5715912 to your computer and use it in GitHub Desktop.
Brute force the address of an alternate superblock of an ext3 file system that has a dirty journal.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
max_block_number=200781 # CHANGEME | |
device=/dev/loop0 # CHANGEME | |
offset=0; | |
cont=1; | |
while [[ cont -eq 1 ]]; do | |
sudo mount -t ext3 -o ro,sb=$offset "$device" /mnt > /dev/null 2>&1; | |
suc=$?; | |
if [[ suc -ne 32 ]]; then | |
cont=0; | |
echo "found something at $offset"; | |
else | |
echo "failed at $offset ($suc)"; | |
offset=$((offset + 1)); | |
if [[ $offset -gt $max_block_number ]]; then | |
cont=0; | |
echo "didn't find anything at all"; | |
fi; | |
fi; | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment